Our server is getting attacked by DDOS

Recently our gamez.mn server is getting attacked by ddos. In the first I didn't know what to do. So googled and found this page
http://www.topwebhosts.org/tools/apf-bfd-ddos-rootkit.php
in short it will install
APF - Firewall
BFD - Brute Force Detection
DDOS Deflate - DDoS Deflate for more detailed info 
http://www.mydigitallife.info/2007/12/13/prevent-and-stop-dos-or-ddos-attacks-on-web-server-ddos-deflate/
Rootkit - Rootkit Hunter

BFD and DDOS Deflate works great with APF so better install it over Iptables and then install others.

And after that I started banning IPs like 67 with 67 connection like that. As you can see 67 is not a IP. So it seems attacker hid ip or is it using ipv6? 

Then I've disabled ipv6 using this link.
http://www.g-loaded.eu/2008/05/12/how-to-disable-ipv6-in-fedora-and-centos/
 
It seems quite right now. Dunno what will happen next.

And Addition here is Apache Optimization tutorial
http://kb.liquidweb.com/apache-optimization/ useful for everyone.

One more important thing
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n | tail
this command will chek connections right now

Edit 1 Server still quite right now. It seems it was ipv6 ddos attack.
Another usefull link run ddos deflate with ipv6
http://www.webhostingtalk.com/showthread.php?t=899608
I've disabled ipv6 so this link won't need me right now.

EDIT 2 I Better not use BFD anymore. It just keeps banning random IPs, and can't detect original attacker. So am losing random visitors as it works and banns IPs

Comments

Post a Comment

Popular posts from this blog

Set up RAID on Dell Poweredge 2850

Today I had a hard day. Our server HDD crashed (I think it had a bad sector or something? Friend of mine checked our server and said it's hard disk broken) and we had to change HDD. We got 4 SCSI HDD (72gb) for a cheap price. And decided to make a RAID. But it is way harder than regular PC RAID. I've followed THIS tutorial and settled up very good raid configuration. But real problem was just started. After setting up raid and installing nice clean centos 5.5 I decided to put a old HDD into server and copy files from there to new HDD. But server won't recognize my old HDD cause of RAID configuration. So I had to add old HDD as a RAID. And BOOM all Data is gone. It was very stupid step :( . I didn't find a way to add (mount or something) a HDD to RAID configured server. If you have solution for this pls share with me. Also I wanna restore my old HDD data. Is there a way? And again never ever try to add HDD to a RAID as a RAID
Read more

How to implement Blueimp with Laravel 5

Spent few hours trying to figure out how to implement blueimp image upload with laravel 5. After lot of trial and error finally i'm able to implement. So here it goes. 1. Download blueimp from source. https://github.com/blueimp/jQuery-File-Upload 2. Create controller in laravel php artisan make:controller UploadController you can name your controller anything for me it's UploadController. 3. Copy class content of https://github.com/blueimp/jQuery-File-Upload/blob/master/server/php/UploadHandler.php into UploadController. 4. On laravel's routes.php create your ajax call for me it's [code] Route::post('user/upload', function(){ //Points to custom folder $options['upload_url'] = url('/images/uploads/'); //Uploads custom folder $options['upload_dir'] = public_path().'/images/uploads/'; //Create handler with options $upload_handler = new App\Http\Controllers\UploadController($options); }); [/code] 5. one importa...
Read more

HackUB (Hackathon Ulaanbaatar) - Organizing event

Everything starts with something, and there is always first time. So this August with bunch of friends we decided to organize an event. And possibly biggest event for Mongolian IT crowd. We never actually organized any event though. All had none to small experience about organizing anything. But anyhow we started planning it. So as usual this is reminder for me. Even event is fully planned, all the speakers even the most responsible one could cancel out last minute. So always follow up speakers and prepare plan B C for them, as replacements. And if that happens just casually change speaker and be truthful to audience. They won't panic as much as you do. Be prepared for stuff. For this event everything came to in place on last minute. Printing, venue, even funding got accepted on last minute. So try to reduce those LAST MINUTE things. Those things will break your schedule and leave a huge impact. At least try to print materials that won't change as soon as possible.  Get ...
Read more