Znote Posted October 19, 2010 Report Share Posted October 19, 2010 Hello. Well, some dude is having fun DDoSing me with a trojan he have pretty much spread around the world. Trojan review: http://www.offensivecomputing.net/?q=node/1617 My CPU continuously having 100% CPU load and approx 500KB/sec upload speed and then it doesn't work. I shut down apache and suddenly bandwidth goes from 500KB/sec upload to the regular good old 10KB/sec. I keep my apache open a few seconds:<< removed. Was not allowed to post 28k line long code>> Well here are a few lines: 89.189.170.47 - - [19/Oct/2010:19:22:30 +0200] "POST / HTTP/1.1" 200 365 "http://0mn3d6yunkn0wn.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)" 62.221.67.37 - - [19/Oct/2010:19:22:30 +0200] "POST / HTTP/1.1" 200 365 "http://0mn3d6yunkn0wn.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)" 83.255.214.246 - - [19/Oct/2010:19:22:30 +0200] "POST / HTTP/1.1" 200 365 "http://0mn3d6yunkn0wn.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)" This might solve the problem: 1: Restrict connections per IP.Connections per IP. Maximum allow 3 connections per IP each sec. This DDoS attack have IPs that got like 50+ connections each sec. 2: Auto ip bann users who get 40+ connections each sec Also, is there a way to make sure error.log / access.log never gets bigger than 5mb? Being under a DDoS attack makes me have to delete/clean the file every 15 min because the file gets to big and the VPS crashes when HD reaches 0. Quote I am representing the open tibia community otland.netotland.net is contributing open source server software to an 2d mmorpg game called Tibia.Here are some Uniform server tutorials/guide contributions from me:VIDEO TUTORIAL: I teach newbreeds to install and operate uniform server: (Updated for Coral 8.x)http://youtu.be/AsyxPhDTOcIUniform Server newbie guide:Securely installing Uniform Server for total newbeginners:http://otland.net/f479/nothing-fully-worki...-0-3-6-a-77593/(also contains how to get our open source tibia game, and connect it successfully to the uniform mysql server).How to add a website for our open source tibia game which includes highscore, create account and so on: (On uniform server)http://otland.net/f479/website-installing-...m-server-91951/ Link to comment Share on other sites More sharing options...
Znote Posted December 27, 2010 Author Report Share Posted December 27, 2010 No reply regarding my suggestions? Quote I am representing the open tibia community otland.netotland.net is contributing open source server software to an 2d mmorpg game called Tibia.Here are some Uniform server tutorials/guide contributions from me:VIDEO TUTORIAL: I teach newbreeds to install and operate uniform server: (Updated for Coral 8.x)http://youtu.be/AsyxPhDTOcIUniform Server newbie guide:Securely installing Uniform Server for total newbeginners:http://otland.net/f479/nothing-fully-worki...-0-3-6-a-77593/(also contains how to get our open source tibia game, and connect it successfully to the uniform mysql server).How to add a website for our open source tibia game which includes highscore, create account and so on: (On uniform server)http://otland.net/f479/website-installing-...m-server-91951/ Link to comment Share on other sites More sharing options...
Shyokou Ouyou Posted December 28, 2010 Report Share Posted December 28, 2010 Are you providing service to the outside world ? Not mention your OS and Combo Server(s) as well as their versions, only rough idea comes along ... Besides play with Apache, it is possible to tweak the network layer of your box; also with the log files, it might be trivial to define a Task Schedule for extracting and cleaning ... Hello. Well, some dude is having fun DDoSing me with a trojan he have pretty much spread around the world. Quote Link to comment Share on other sites More sharing options...
BobS Posted December 29, 2010 Report Share Posted December 29, 2010 Remember, the key purpose of the Uniform Server is to get you running with Apache, MySQL, and PHP without a lot of fuss. What you're dealing with is generic to Apache and communications in production environments, and not specifically UniServer. That said, it's my view that you need to look at Apache and other tools for more info on restricting DDoS attacks. But I could be persuaded otherwise. It's also possible that there already exist some configuration params or modules that address this problem. These could be set up as a plugin for production-oriented users. BobS Quote Link to comment Share on other sites More sharing options...
BugFixed Posted December 31, 2010 Report Share Posted December 31, 2010 @ZNote,Are you using Uniserver?IMO, there is no way to limit log file size. You still can auto delete all logs using cron job. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.