Jump to content
The Uniform Server Community
Znote

I am being under an DDoS attack. Any way to prevent it?

Recommended Posts

Hello.

 

Well, some dude is having fun DDoSing me with a trojan he have pretty much spread around the world.

Trojan review: http://www.offensivecomputing.net/?q=node/1617

 

My CPU continuously having 100% CPU load and approx 500KB/sec upload speed and then it doesn't work. I shut down apache and suddenly bandwidth goes from 500KB/sec upload to the regular good old 10KB/sec.

 

 

I keep my apache open a few seconds:

<< removed. Was not allowed to post 28k line long code>>

 

Well here are a few lines:

 

89.189.170.47 - - [19/Oct/2010:19:22:30 +0200] "POST / HTTP/1.1" 200 365 "http://0mn3d6yunkn0wn.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)"
62.221.67.37 - - [19/Oct/2010:19:22:30 +0200] "POST / HTTP/1.1" 200 365 "http://0mn3d6yunkn0wn.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)"
83.255.214.246 - - [19/Oct/2010:19:22:30 +0200] "POST / HTTP/1.1" 200 365 "http://0mn3d6yunkn0wn.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)"

 

This might solve the problem:

 

1: Restrict connections per IP.

Connections per IP. Maximum allow 3 connections per IP each sec. This DDoS attack have IPs that got like 50+ connections each sec.

 

2: Auto ip bann users who get 40+ connections each sec

 

 

Also, is there a way to make sure error.log / access.log never gets bigger than 5mb? Being under a DDoS attack makes me have to delete/clean the file every 15 min because the file gets to big and the VPS crashes when HD reaches 0.


I am representing the open tibia community otland.net
otland.net is contributing open source server software to an 2d mmorpg game called Tibia.

Here are some Uniform server tutorials/guide contributions from me:
VIDEO TUTORIAL: I teach newbreeds to install and operate uniform server: (Updated for Coral 8.x)
http://youtu.be/AsyxPhDTOcI

Uniform Server newbie guide:
Securely installing Uniform Server for total newbeginners:
http://otland.net/f479/nothing-fully-worki...-0-3-6-a-77593/
(also contains how to get our open source tibia game, and connect it successfully to the uniform mysql server).

How to add a website for our open source tibia game which includes highscore, create account and so on: (On uniform server)
http://otland.net/f479/website-installing-...m-server-91951/

Share this post


Link to post
Share on other sites

No reply regarding my suggestions? :)


I am representing the open tibia community otland.net
otland.net is contributing open source server software to an 2d mmorpg game called Tibia.

Here are some Uniform server tutorials/guide contributions from me:
VIDEO TUTORIAL: I teach newbreeds to install and operate uniform server: (Updated for Coral 8.x)
http://youtu.be/AsyxPhDTOcI

Uniform Server newbie guide:
Securely installing Uniform Server for total newbeginners:
http://otland.net/f479/nothing-fully-worki...-0-3-6-a-77593/
(also contains how to get our open source tibia game, and connect it successfully to the uniform mysql server).

How to add a website for our open source tibia game which includes highscore, create account and so on: (On uniform server)
http://otland.net/f479/website-installing-...m-server-91951/

Share this post


Link to post
Share on other sites

Are you providing service to the outside world ?

 

Not mention your OS and Combo Server(s) as well as their versions, only rough idea comes along ...

 

Besides play with Apache, it is possible to tweak the network layer of your box; also with the log files, it might be trivial to define a Task Schedule for extracting and cleaning ...

 

 

 

Hello.

 

Well, some dude is having fun DDoSing me with a trojan he have pretty much spread around the world.

 

Share this post


Link to post
Share on other sites

Remember, the key purpose of the Uniform Server is to get you running with Apache, MySQL, and PHP without a lot of fuss. What you're dealing with is generic to Apache and communications in production environments, and not specifically UniServer.

 

That said, it's my view that you need to look at Apache and other tools for more info on restricting DDoS attacks. But I could be persuaded otherwise. :)

 

It's also possible that there already exist some configuration params or modules that address this problem. These could be set up as a plugin for production-oriented users.

 

BobS

Share this post


Link to post
Share on other sites

@ZNote,

Are you using Uniserver?

IMO, there is no way to limit log file size. You still can auto delete all logs using cron job.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...