Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: DDOS attack please help!
Homework and Emergencies Emergency UNIX and Linux Support DDOS attack please help! Post 302907826 by Lord Spectre on Wednesday 2nd of July 2014 03:57:08 AM
Old 07-02-2014
Power DDOS attack please help!
Dear community,
my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql.
I identified the IPs who attack me and block it through iptable firewall from debian.
Something like:
Code:
iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP

This works perfect, but the attacker just completely change the IP addresses.

What I'm thining to do is create a rules with iptables who accept a total ammount of requests from the same IP and the DROP if the ammount is exceeded. Something like:

Code:
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP

The problem here is maybe I miss something because if I refresh the webpage 6/7 times it just drop me the other requests. Maybe I don't understand how "--seconds 60 --hitcount 10" works.

Could you please help me to create a rules to try to block new requests if they come togheter at the same time like an attack?

Many Thanks
Lucas
 

5 More Discussions You Might Find Interesting

1. Cybersecurity

what is the better way to protect my server from DDos Attack

heloo today i have DDos Attack in my server what is the better way to secure my server from DDos Attack i use CentOS 4&5 i try every firewall and talk to softlayer - iweb i've Tried every possible solutions but I can not find a solution to the problems Give Me The best way plzz (4 Replies)
Discussion started by: a7medo
4 Replies

2. Cybersecurity

Network attack - so what?

In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else? (10 Replies)
Discussion started by: Action
10 Replies

3. Cybersecurity

DDoS Simulation Tools

are there any popular DDoS simulation tools to test my own infrastructure? Anyone tried to setup all these in AWS EC2? (1 Reply)
Discussion started by: boriskong
1 Replies

4. Cybersecurity

DDoS and brute force attack

How to protect DDoS and brute force attack. I want to secure my server and block attacker. (1 Reply)
Discussion started by: romanepo
1 Replies

5. UNIX for Advanced & Expert Users

Anti ddos shell script, is it useful?

Hi guys, just need a opinion from you. I found anti ddos script from github Script What is your opinion about it? Is it usefull? Do you have some similar? I want to protect my servers on all levels, why not in the servers via script. I assume I must fix this script to be useful for me, but... (1 Reply)
Discussion started by: tomislav91
1 Replies

LEARN ABOUT LINUX

ip6tables-apply

IPTABLES-APPLY(8)                                                 iptables 1.6.1                                                 IPTABLES-APPLY(8)

NAME

       iptables-apply - a safer way to update iptables remotely

SYNOPSIS

       iptables-apply [-hV] [-t timeout] [-w savefile] {[rulesfile]|-c [runcmd]}

DESCRIPTION

       iptables-apply  will  try  to  apply  a  new rulesfile (as output by iptables-save, read by iptables-restore) or run a command to configure
       iptables and then prompt the user whether the changes are okay. If the new iptables rules cut the existing connection, the user will not be
       able to answer affirmatively. In this case, the script rolls back to the previous working iptables rules after the timeout expires.

       Successfully applied rules can also be written to savefile and later used to roll back to this state. This can be used to implement a store
       last good configuration mechanism when experimenting with an iptables setup script:  iptables-apply  -w  /etc/network/iptables.up.rules  -c
       /etc/network/iptables.up.run

       When called as ip6tables-apply, the script will use ip6tables-save/-restore and IPv6 default values instead. Default value for rulesfile is
       '/etc/network/iptables.up.rules'.

OPTIONS

       -t seconds, --timeout seconds
              Sets the timeout in seconds after which the script will roll back to the previous ruleset (default: 10).

       -w savefile, --write savefile
              Specify  the  savefile  where  successfully  applied  rules  will   be   written   to   (default   if   empty   string   is   given:
              /etc/network/iptables.up.rules).

       -c runcmd, --command runcmd
              Run command runcmd to configure iptables instead of applying a rulesfile (default: /etc/network/iptables.up.run).

       -h, --help
              Display usage information.

       -V, --version
              Display version information.

SEE ALSO

       iptables-restore(8), iptables-save(8), iptables(8).

LEGALESE

       Original  iptables-apply  -  Copyright  2006 Martin F. Krafft <madduck@madduck.net>.  Version 1.1 - Copyright 2010 GW <gw.2010@tnode.com or
       http://gw.tnode.com/>.

       This manual page was written by Martin F. Krafft <madduck@madduck.net> and extended by GW <gw.2010@tnode.com or http://gw.tnode.com/>.

       Permission is granted to copy, distribute and/or modify this document under the terms of the Artistic License 2.0.

iptables 1.6.1                                                                                                                   IPTABLES-APPLY(8)
All times are GMT -4. The time now is 08:08 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy