DDOS is going on for a day now

[nieuwhier]

I have one the server that is on a DDOS attach for more than a day now. I managed to keep the server running by manually blocking the corresponding ip's.

I use mod_evasive(does not realy help I think) and APF. I enabled antidos from APF but it does not catch all I think. I want the corresponding ip's automaticly blocked on server level (like apf -d <ip>).

Does anyone has any hints how to solve this ?

Why-o-Why do they launch DDOS attacks...

 

[asekeris]

Use BFD together with APF

http://www.rfxnetworks.com/bfd.php

 

[nieuwhier]

I do use BFD but this only signals wrong logins (for example for SSH / ftp). It does nothing with the Ddos ip's or am I wrong ?

 

[jackc]

try this script
http://deflate.medialayer.com/

 

[nieuwhier]

Thx Jackc, i am trying http://deflate.medialayer.com at this moment.

1) I think it is a (d)DOS attach because many different ip's are trying to load the same page over-and-over again. Blocking the ip's only result in new ip's that are loading the page again.

2) As far as I can tell mod_avasive does not block, it only shows a 403 page instead of the real page. That is not good enough for blocking the ip.

3) many hardware based firewalls runs on...... linux.... ;-) I don't think it would change much in case of a dDos attack ?

 

[jackc]

you can write a simple shell script to check the log file and block the ips keep requesting the same page.

 

[pucky]

If you know which page and which sites they are attacking dont you think you should take the site offline?

 

[nieuwhier]

If you know which page and which sites they are attacking dont you think you should take the site offline?

I did that already, but the requests still keep coming in. Of course the original page was not loaded but the connections were still there.

Right now the attack(s) has stopped. I am not sure if it is because of all the things I did ;-)