DDOS attack please help! Post: 302907826

Sponsored Content

Homework and Emergencies Emergency UNIX and Linux Support DDOS attack please help! Post 302907826 by Lord Spectre on Wednesday 2nd of July 2014 03:57:08 AM

07-02-2014

Registered User

DDOS attack please help!

Dear community,
my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql.
I identified the IPs who attack me and block it through iptable firewall from debian.
Something like:

Code:

iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP

This works perfect, but the attacker just completely change the IP addresses.

What I'm thining to do is create a rules with iptables who accept a total ammount of requests from the same IP and the DROP if the ammount is exceeded. Something like:

Code:

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP

The problem here is maybe I miss something because if I refresh the webpage 6/7 times it just drop me the other requests. Maybe I don't understand how "--seconds 60 --hitcount 10" works.

Could you please help me to create a rules to try to block new requests if they come togheter at the same time like an attack?

Many Thanks
Lucas

Lord Spectre

View Public Profile for Lord Spectre

Find all posts by Lord Spectre

5 More Discussions You Might Find Interesting

1. Cybersecurity

what is the better way to protect my server from DDos Attack

heloo today i have DDos Attack in my server what is the better way to secure my server from DDos Attack i use CentOS 4&5 i try every firewall and talk to softlayer - iweb i've Tried every possible solutions but I can not find a solution to the problems Give Me The best way plzz

2. Cybersecurity

Network attack - so what?

In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else?

3. Cybersecurity

DDoS Simulation Tools

are there any popular DDoS simulation tools to test my own infrastructure? Anyone tried to setup all these in AWS EC2?

4. Cybersecurity

DDoS and brute force attack

How to protect DDoS and brute force attack. I want to secure my server and block attacker.

5. UNIX for Advanced & Expert Users

Anti ddos shell script, is it useful?

Hi guys, just need a opinion from you. I found anti ddos script from github Script What is your opinion about it? Is it usefull? Do you have some similar? I want to protect my servers on all levels, why not in the servers via script. I assume I must fix this script to be useful for me, but...

LEARN ABOUT MOJAVE

apache2::command

install::TempContent::Objects::mod_perl-2.0.9::docs::apiUseraContribuinstall::TempContent::Objects::mod_perl-2.0.9::docs::api::Apache2::Command(3)

NAME

       Apache2::Command - Perl API for accessing Apache module command information

Synopsis
	 use Apache2::Module ();
	 use Apache2::Command ();
	 my $module = Apache2::Module::find_linked_module('mod_perl.c');

	 for (my $cmd = $module->cmds; $cmd; $cmd = $cmd->next) {
	     $cmd->args_how();
	     $cmd->errmsg();
	     $cmd->name();
	     $cmd->req_override();
	 }

Description
       "Apache2::Command" provides the Perl API for accessing Apache module command information

API

       "Apache2::Command" provides the following functions and/or methods:

   "args_how"
       What the command expects as arguments:

	 $how = $cmd->args_how();

       obj: $cmd ( "Apache2::Command object" )
       ret: $how ( "Apache2::Const :cmd_how constant" )
	   The flag value representing the type of this command (i.e. "Apache2::Const::ITERATE", "Apache2::Const::TAKE2").

       since: 2.0.00

   "errmsg"
       Get usage message for that command, in case of syntax errors:

	 $error = $cmd->errmsg();

       obj: $cmd ( "Apache2::Command object" )
       ret: $error ( string )
	   The error message

       since: 2.0.00

   "name"
       Get the name of this command:

	 $name = $cmd->name();

       obj: $cmd ( "Apache2::Command object" )
       ret: $name ( string )
	   The command name

       since: 2.0.00

   "next"
       Get the next command in the chain of commands for this module:

	 $next = $cmd->next();

       obj: $cmd ( "Apache2::Command object" )
       ret: $next ( "Apache2::Command object" )
	   Returns the next command in the chain for this module, "undef" for the last command.

       since: 2.0.00

   "req_override"
       What overrides need to be allowed to enable this command:

	 $override = $cmd->req_override

       obj: $cmd ( "Apache2::Command object" )
       ret: $override ( "Apache2::Const :override constant" )
	   The bit mask representing the overrides this command is allowed in (i.e "Apache2::Const::OR_ALL"/"Apache2::Const::ACCESS_CONF").

       since: 2.0.00

       For example:

	 use Apache2::Const -compile => qw(:override);
	 $cmd->req_override() & Apache2::Const::OR_AUTHCFG;
	 $cmd->req_override() & Apache2::Const::OR_LIMIT;

See Also
       mod_perl 2.0 documentation.

Copyright
       mod_perl 2.0 and its core modules are copyrighted under The Apache Software License, Version 2.0.

Authors
       The mod_perl development team and numerous contributors.

perl v5.18.2							    2install::TempContent::Objects::mod_perl-2.0.9::docs::api::Apache2::Command(3)