Jump to content

Massive DDoS attack,please help!

EliteAces

Recommended Posts

EliteAces Newbie

EliteAces

Posted
Posted

My website was aattacked for the 14th time since 3days.. It is now locked until the attack stop,which I believe once unlocked,the attack wll be continue.. Please help me. I have CloudFlare pro but doesnt seem to help.

EliteAces Newbie

EliteAces

Posted
  • Author
Posted

whats your site url? is it alive now? do you know what kind of DoS is ?

Well was alive just now,now it's locked by my web hosting provider due to DDoS attack..I'm moving to another web provider with free 7 layers DDoS attack..

I had a similar problem once. Turns out it was a server side issue only caught in the logs by a second. It looked like a DDOS atack butt it was just the processes reaching to an halt.

The error led to this:
http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1030265&sliceId=2&docTypeID=DT_KB_1_1&dialogID=274206354&stateId=0 0 268832559


Don't think so!
EliteAces Newbie

EliteAces

Posted
  • Author
Posted

Cloudflare will route any large attacks directly to your backend ip rather than spending time or resources trying to mitigate it.

Try this guy out for affordable ddos protection against layer 3-4 and layer 7 attacks.
http://www.r00t-services.net/

CloudFlare Pro does nothing.And I've checked with r00t services and they say it was later 7 attack
EliteAces Newbie

EliteAces

Posted
  • Author
Posted

Did you get it mitigated then?

nope not yet,I'm transferring my site to another webhost



In the end, if somebody wants to mess with you they'll find a way.

Precisely.We are only around 4 weeks old,don't have much post nor we did anythign to other website,etc.

Dll Experienced

Dll

Posted
Posted

Are you sure this is actually a ddos and not an error somewhere on the server or the software running on it. It seems unlikely that a brand new, low traffic forum with few posts is going to be subject to ongoing attacks for no reason? It also seems surprising that cloudflare pro hasn't helped because they appear to be able to deal with most things, which also makes me think that it may not be a ddos.

EliteAces Newbie

EliteAces

Posted
  • Author
Posted

Are you sure this is actually a ddos and not an error somewhere on the server or the software running on it. It seems unlikely that a brand new, low traffic forum with few posts is going to be subject to ongoing attacks for no reason? It also seems surprising that cloudflare pro hasn't helped because they appear to be able to deal with most things, which also makes me think that it may not be a ddos.

Yep,contacted my server hosting support and they said it was.Gave me the log and I checked with r00tservices and they state it was layer 7 attack.Hired a professional and let her access my cpanel and she said It was,too...Even checked my
CloudFlare threat control,saw 4 IPs that were threatening
Dll Experienced

Dll

Posted
Posted

You really need to confirm first that it is an attack causing the problem - 4 ip's wouldn't constitute a 'massive' ddos and would be very easily mitigated if they were actually attacking you and causing the problem. Most likely though that they're just spiders or spambots, which although annoying at times aren't going to knock a site over.

I know your experts have looked at your logs and confirmed it was a ddos, but to really identify it, particularly assuming the server went down during this 'attack' then they would need to investigate far deeper down to network level and would therefore need to work with your host to do that. If you are using cloudflare, that's their part of it any way - anything coming to your site goes through their network first so if their log shows nothing then it's very likely to mean there was nothing to show.

If someone really is attacking you for whatever reason and is deliberately targeting you then moving host won't stop them any way, as soon as the new ip has propagated then the attack will come through to you again. You need try and find out first if it is really an attack directed deliberately at your domain or ip address, or just at the host server, it's overkill to just move hosts before understanding any of this as you've a very good chance that you're either going to waste a lot of time when you didn't need to, or that it just happens again with the new host.

EliteAces Newbie

EliteAces

Posted
  • Author
Posted

After that no more IPs.But I saw my resource usage and traffic graph,it raised to 4,083 when it's from around 1,000 on a day,also,after my domain is unlocked,few minutes later it will go over my reosurce usage limit again.Impossible,right?Unless they are zombies

Dll Experienced

Dll

Posted
Posted

If there aren't any more than 4 ip's hitting your server then it's not a ddos. If you're getting high load and going over resource limits with barely anything going through the network to your server then the place to look is the server itself and the configuration of it and the software on it as it's likely to be something going wrong with one of those. If the forum is the only thing you're hosting on that service try disabling all of the hooks or putting it in to performance mode to see if that helps.

Dll Experienced

Dll

Posted
Posted

If it is a layer 7 attack, you could try upgrading to the cloudflare business service as that offers protection against that sort of thing, although the price is a fair bit higher than the pro service.

Grumpy Apprentice

Grumpy

Posted
Posted

Cloudflare assist with attacks unless you have at least a business account. And even then, it's not designed for anything large. Though, you haven't specified size.

Some well known ddos protected hosting services include staminus and blacklotus. Though, these don't come cheap at all.

Ichirō Explorer

Ichirō

Posted
Posted

Cloudflare assist with attacks unless you have at least a business account. And even then, it's not designed for anything large. Though, you haven't specified size.

Some well known ddos protected hosting services include staminus and blacklotus. Though, these don't come cheap at all.

I have posted this exact same thing many times on these forums, theres a misconception that Cloudflare is a DDOS protection which even with the business package @ $200 pm its not!

Cloudflare will NOT mitigate large attacks , they simply route them to your servers backend ip.

Most companies that offer ddos protection do charge quite a bit of monies.... but if you want quality affordable ddos layer 3-4 and 7 protection then contact this company http://www.r00t-services.net/

These guys offer affordable ddos protection and have a wealth of knowledge on the matter.

Dmacleo Mentor

Dmacleo

Posted
Posted

enterprise (per the advertising business too) supposed to offer layer 3/4/7 but its not cheap. 3k a month or so. cannot see them really dealing with it for business acct for too long before passing it off.

although I wonder how much they charged spamhaus last month...

this site used it to stop ddos a bit ago too.

motowebmaster Rookie

motowebmaster

Posted
Posted

A few years ago, before I setup with Cloudflare, I did experience a few DDOS attacks. Back in those days it required a support ticket to have a technician migrate my WAN connection to a DDOS filter for a few hours to mitigate it. The experience wasn't consistent, but the most common example is slow website performance but the server itself wasn't being utilized. Cloudflare has mitigated a few minor "bot" attempts, but honestly I don't bother keeping track anymore.

A good way to test this is to login through your serial port, not the same network connection that your users are coming in from. If you can login and run a few commands without much difficulty, then the attack is on either your primary network card or something in your hosting provider's LAN.

Server over-utilization also used to signify a DDOS attack, but as previously pointed out that may not be always the case. For example, if your CPU utilization is extremely high - but your webserver is nearly dormant - that would mean that something else is contributing to your server utilization. Are you running primary DNS and/or primary email services on your server as well? Do you allow websites to be hosted on your server's primary IP address?

Finally, a good hosting provider should have the facilities to truly mitigate DDOS attacks. DDOS Mitigation isn't something that hosting providers like to express as a benefit, because the strategy/technology itself isn't foolproof. If you are considering a new host, research what the major websites use and try finding low-cost options in their data centers. I subscribe to an unmanaged hosting service that is a subsidiary of a larger Tier 1 service provider, my server is located in a facility that is also partially utilized by one of the world's largest content websites. To the world however, I am running entirely something else in a different place - thanks to Cloudflare.

Hope this helps,

wimg Collaborator

wimg

Posted
Posted

I would agree with molowebmaster: do check if your cpu utilization was very high, and possibly your memory utilization as well.

If so, do contact me backchannel. There are a few (free) solutions for this if it is what I think it is. Sorry to be so cryptic, but I do not want to discuss this in public yet, if you don't mind.

Kindest regards, Wim

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...