Help with [D]DoS attacks

S

SkyPoweR

Verified User
Joined
Jul 21, 2011
Messages
19
Hey,
Recently I'm having issues with some dumbo kiddoes who are attacking my website ,
the httpd pid's just go crazy and the server is overloaded, no available memory until I shut down the httpd process, which leads to many tickets from my clients.
My friend adviced me to install nginx cause he thought they are using slowlaris,
I Installed danginx [ 15 Days Trial ], The website was quite faster, but now the attacks are back and the danginx isn't helping, and I'm not able to do anything, barely could shut the process through DA, Can't even connect to the SSH, lucky the VePortal is working.

here's a picture :
http://prntscr.com/8mspt

Any ideas that could help? thanks.

P.S
I got the csf+lfd,
everytime the attacks come the process just shuts down on its own.
This message has been automatically generated notifying you that the service lfd is currently down.
Click to expand...

help =/
 
Last edited:
I'm Sure, Apache logs show massive access to phpmyadmin versions from several IP's that aren't from Israel. [ China, Brazil, USA ]
Picture :
http://prntscr.com/8nqj1
Except that, we are considered as a little website, like 100/300 views a day, 100 hosting users.
P.S
Im working to suspend the VPS's attacking, tho can't all of them. :)

BTW , You can add me on MSN :
[email protected]
 
Hello,

I guess you need to ask your DC to block IPs of attackers. Or forward your WEB traffic through a AntiDDOS service (some free services can be found). Or hire somebody to help you.
 
Hey Alex, Could you please give me a link to a free antiddos web traffic site?
 
Take a closer look at the phpmyadmin logs, see the date and time. That can't be causing high load. Most hits are hours apart. These are just bots crawling for old phpmyadmin versions, almost everyone gets them.

To be sure whats really going on check other logs or enable apache's server-status, or topvhost.

Cloudflare can be a solution if you've pinpointed the website which is the target, but if its really a target just changing the nameservers to cloudflare won't fool attackers. They could easily just evade cloudflare by attacking your IP directly. You would need to get the site to another machine and ip and remove mail dns records and don't have your site sending mails, or they will find the IP again..

Anyway from what you've said so far I can't tell that theres a real attack going on. Maybe there is. Try to figure it out or get someone else to do so.
 
I enabled server-status, I'll update ya guys if they will attack again, and how. :) [ currently they stopped cause we suspended one of our users, interesting. ]
 
You must log in or register to reply here.
Back
Top