how to avoid DDos on my website?

John Henderson

13 years ago

[DELETED]

{{ DiscussionBoard.errors[2898439].message }}

Defunct 13 years ago

Don't bother getting the law involved, it's almost impossible to track this kind of attack.

You need to work out exactly what kind of attack this is, are they just pushing you over your hosting data limit?

Speak to your host provider and see if they can suggest anything.

Your firewall should be blocking IPs that are spamming your site with data or any other kind of attack.

This is a security problem, you need to speak to someone who specializes in IT security, otherwise this could go on forever.
- Thanks
{{ DiscussionBoard.errors[2898491].message }}

qalott

13 years ago

actually the spammer is attacking my website from different ips located in different countries...may be using proxies

i am just screwed what to do now???? i really need to sort out this issue asap...

Thanks
1 reply

Signature

Nokia Spy Phone Softwares
*to catch cheating spouses/girl friends..
*know what your boss is saying behind you...
*use it as a cell phone tracker..
special 15% discount for WF members.

{{ DiscussionBoard.errors[2898562].message }}

CrhisD

13 years ago

Originally Posted by qalott

actually the spammer is attacking my website from different ips located in different countries...may be using proxies

i am just screwed what to do now???? i really need to sort out this issue asap...

Probably not proxies... it's a botnet. Have you spoken to your hosting provider? they might be able to do something about it.

Thanks

{{ DiscussionBoard.errors[2898586].message }}

qalott

13 years ago

@CrhisD yes.. you are right he is i think using some botnet...is there any way of counteracting the botnet???? i have talked to hosting provider, one of them blocked my website...and the other says they are trying to fix the issue...

it seems they haven't found this kind of issue before...

Thanks

Signature

Nokia Spy Phone Softwares
*to catch cheating spouses/girl friends..
*know what your boss is saying behind you...
*use it as a cell phone tracker..
special 15% discount for WF members.

{{ DiscussionBoard.errors[2899482].message }}

seasoned

13 years ago

The term DDoS is *********WAY********* overused! You said "some guy is badly hurting my website " THAT implies a DoS! A DDos is when MANY systems AT ONCE hit your site! A DDoS will have a NUMBER of IPs hit your site at the same time.

As to how to limit it? There are only THREE ways really....

1. PING is the SIMPLEST and lowest way to create a DDoS apparently, so disable ICMP. Not great but, like finger, it may be better to disable it. THIS is why some sites can't be pinged, but are up.

2. Have some key that must be present to return a page. It might be good to just wait before returning. NOTE! On a DoS, that will help a LOT! On a DDoS, it could tax your system and get it to crash! You COULD limit accesses to maybe 5 copies of a page per IP, and disable IPs that try to access 50 pages without the right key. The key concept WILL disable google searches, but you could allow them from google.

3. Disable access from the IPs. If ONE IP hits you, it is likely from an ISP, and disabling it can cost BUSINESS! If it is a REAL DDoS, then most are probably servers, and have fixed IPs. Even THERE though, viruses sometimes assist in a DDoS, and most of THEM will be varying IPs!

Steve

[ 1 ] Thanks
1 reply

{{ DiscussionBoard.errors[2899728].message }}

CrhisD

13 years ago

Originally Posted by seasoned

The term DDoS is *********WAY********* overused! You said "some guy is badly hurting my website " THAT implies a DoS! A DDos is when MANY systems AT ONCE hit your site! A DDoS will have a NUMBER of IPs hit your site at the same time.

As to how to limit it? There are only THREE ways really....

1. PING is the SIMPLEST and lowest way to create a DDoS apparently, so disable ICMP. Not great but, like finger, it may be better to disable it. THIS is why some sites can't be pinged, but are up.

2. Have some key that must be present to return a page. It might be good to just wait before returning. NOTE! On a DoS, that will help a LOT! On a DDoS, it could tax your system and get it to crash! You COULD limit accesses to maybe 5 copies of a page per IP, and disable IPs that try to access 50 pages without the right key. The key concept WILL disable google searches, but you could allow them from google.

3. Disable access from the IPs. If ONE IP hits you, it is likely from an ISP, and disabling it can cost BUSINESS! If it is a REAL DDoS, then most are probably servers, and have fixed IPs. Even THERE though, viruses sometimes assist in a DDoS, and most of THEM will be varying IPs!

Steve

Yea on managed servers you'd just limit the number and frequency of connections. What can you do with shared-access hosting?

Thanks
1 reply

{{ DiscussionBoard.errors[2901809].message }}

seasoned

13 years ago

Originally Posted by CrhisD

Yea on managed servers you'd just limit the number and frequency of connections. What can you do with shared-access hosting?

There isn't a way on the OS side to limit number and frequency of connections. NOPE, NO way! Now you can limit the TOTAL number of POTENTIAL HTTP connections, but that EXACERBATES a problem such as this! BESIDES, WHAT WOULD BE THE POINT!?!? The DoS site would take over EVERYTHING!

So what DO you do? You have the sites SCRIPT do the work SELECTIVELY! And YEP, it can be done on a SHARED system!

Steve

Thanks
1 reply

{{ DiscussionBoard.errors[2901883].message }}

CrhisD

13 years ago

Originally Posted by seasoned

There isn't a way on the OS side to limit number and frequency of connections. NOPE, NO way! Now you can limit the TOTAL number of POTENTIAL HTTP connections, but that EXACERBATES a problem such as this!

How so?

Originally Posted by seasoned

So what DO you do? You have the sites SCRIPT do the work SELECTIVELY! And YEP, it can be done on a SHARED system!

But the script isn't running because the pages aren't being loaded?

Thanks
1 reply

{{ DiscussionBoard.errors[2902320].message }}

seasoned

13 years ago

Originally Posted by CrhisD

How so?

EASY, the DDoS would keep going as people leave and eventualy take all resources.

But the script isn't running because the pages aren't being loaded?

Actually, the SCRIPT usually loads the page. The URL runs the script which then loads a page if needed. You have a LOT of choices. Amazon, for example, could have it at some point stop loading pages, and then temporarily block the IP. They apparently have ALREADY disabled ICMP. If they did those things, and they had a DDoS attack, their resource usage would PLUMMET! Think of all those graphics and subroutines they load.

Steve

Thanks
1 reply

{{ DiscussionBoard.errors[2903290].message }}

CrhisD

13 years ago

Originally Posted by seasoned

EASY, the DDoS would keep going as people leave and eventualy take all resources.

But what if it was just constantly making tens of thousands of connections?

Originally Posted by seasoned

Actually, the SCRIPT usually loads the page. The URL runs the script which then loads a page if needed. You have a LOT of choices. Amazon, for example, could have it at some point stop loading pages, and then temporarily block the IP. They apparently have ALREADY disabled ICMP. If they did those things, and they had a DDoS attack, their resource usage would PLUMMET! Think of all those graphics and subroutines they load.

Steve

Interesting, but how does a script detect a DDoS? and how would it block 10,000 IPs?

Thanks
1 reply

{{ DiscussionBoard.errors[2903475].message }}

seasoned 13 years ago

Originally Posted by CrhisD

But what if it was just constantly making tens of thousands of connections?

Well, if you ban the IP, I don't think that is an issue, but the REAL problem is NOT connections being made, it is connections being SERVICED!

Interesting, but how does a script detect a DDoS? and how would it block 10,000 IPs?

Multiple hits of the same page over a short period of time. It would block the ONE IP being used. If a DDoS used 10,000 IPs, then 1*10,000 =10,000!

Steve
- Thanks
- 1 reply
{{ DiscussionBoard.errors[2903532].message }}
- CrhisD 13 years ago
  
  Originally Posted by seasoned
  
  Multiple hits of the same page over a short period of time. It would block the ONE IP being used. If a DDoS used 10,000 IPs, then 1*10,000 =10,000!
  
  Steve
  
  Ok, how would a script be able to count hits effectively without costing a lot in terms of overall efficiency? and yes, how would a script block 10,000 IPs?
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[2903846].message }}
  
  seasoned 13 years ago
  
  Originally Posted by CrhisD
  
  Ok, how would a script be able to count hits effectively without costing a lot in terms of overall efficiency? and yes, how would a script block 10,000 IPs?
  
  You're KIDDING, right? For the counting part, a lot of things already do it, it isn't that hard. For the IPs, I already said.
  
  Steve
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[2904028].message }}
  
  CrhisD 13 years ago
  
  Originally Posted by seasoned
  
  You're KIDDING, right? For the counting part, a lot of things already do it, it isn't that hard. For the IPs, I already said.
  
  Steve
  
  Alright, let's get back on track here, do you know of a script that can be used on a shared server that will prevent a DDos?
  
  Thanks
  
  {{ DiscussionBoard.errors[2908022].message }}

biebuliwo

13 years ago

go to 360.cn and download a software called safe360, install and run it, once you done it, you can open ddos protect model, that will make you in safe model

Thanks
1 reply

{{ DiscussionBoard.errors[2901820].message }}

hyipblogger

13 years ago

Not intending to advertise here, but some hosts specifically specialize in DDoS protection. BlackLotus.net is the one I use to protect my blog about an industry where the attacks happen regularly.

Thanks
1 reply

Signature

HYIPBlogger.com - Walkthrough the world of HYIP Investing
Walkthroughs, Daily News, Reviews and more!

{{ DiscussionBoard.errors[2901858].message }}

hyipblogger

12 years ago

Originally Posted by hyipblogger

Not intending to advertise here, but some hosts specifically specialize in DDoS protection. BlackLotus.net is the one I use to protect my blog about an industry where the attacks happen regularly.

I take that back actually, too many troubles on BlackLotus servers have been reported. I took a lot of time now to check and test the features of another DDoS protected hosting DDoSWiz.com and this is I am landed eventually and can only recommend them. On top of good service they are also very forthcoming in terms of pricing, tweaking the server for your needs and customizing the service in general. Remote DDoS protection is also possible which means you don't need to move from your current host if you don't want to. In this case DDoS filtering proxy is applied.

Thanks

Signature

HYIPBlogger.com - Walkthrough the world of HYIP Investing
Walkthroughs, Daily News, Reviews and more!

{{ DiscussionBoard.errors[5695626].message }}

Ken Durham

13 years ago

I've dealt with this before. Most often it is about 5 to 10 IPs that are involved in the attack. Most often from varying countries, but Germany, Denmark, France, and Russia are the most common in what I have experienced.

Check your logs for IPs that are hitting often. They should be easy to spot.
Block them through your .htaccess.
This may take several days and depending upon how bad this person has it in for you and how resourceful they are, depends upon how difficult a task you have.

But first, find out the extent of the IP coverage. It may not be that large. Blocking 10 to 20 IPs is not that hard and they may give up on harassing you if you make it difficult.

PS: Be sure to check the IPs and not block Google or some such thing

[ 1 ] Thanks
1 reply

Signature

yes, I am....

{{ DiscussionBoard.errors[2901893].message }}

CrhisD

13 years ago

Originally Posted by Ken Durham

I've dealt with this before. Most often it is about 5 to 10 IPs that are involved in the attack. Most often from varying countries, but Germany, Denmark, France, and Russia are the most common in what I have experienced.

Check your logs for IPs that are hitting often. They should be easy to spot.
Block them through your .htaccess.
This may take several days and depending upon how bad this person has it in for you and how resourceful they are, depends upon how difficult a task you have.

But first, find out the extent of the IP coverage. It may not be that large. Blocking 10 to 20 IPs is not that hard and they may give up on harassing you if you make it difficult.

PS: Be sure to check the IPs and not block Google or some such thing

I once came across a 10,000 member botnet.

Thanks

{{ DiscussionBoard.errors[2902307].message }}

Ken Durham

13 years ago

Originally Posted by qalott

i have just come across a situation some guy is badly hurting my website by sending huge amount of traffic to it...i had hosted the website on awrdspace.com but my site received 20GB of traffic in a single day and they blocked my website

now i have transferred my website to ipage.com and still i am seeing the same thing! Can anyone suggest me how to avoid these kind of website traffic attacks?

I just looked at your domain......LOL
Get used to it guy.........you're gonna piss some people off....

http://www.spyphonetap.com/

Thanks
2 replies

Signature

yes, I am....

{{ DiscussionBoard.errors[2901960].message }}

Mike Wright

13 years ago

Originally Posted by Ken Durham

I just looked at your domain......LOL
Get used to it guy.........you're gonna piss some people off....

Nokia Spy Phone Software|GSM Phone Spy|SMS Spy|Mobile Spy

Must admit I was wondering about the domain .... as that
would be the main way to track the site across different hosting.

I can see how security services and other nutters could
well decide to target that domain and take it down. Oooeerrr

Some hosting is very resilient to DDOS attacks using hardware
firewalls and load distribution and clustered servers. May be time
to look for better spec hosting ???

Also, the attackers may have identified the domain as running
a site script with known or unpatched security vulnerablities
and are trying to penetrate the hosting/server setup ????

Thanks

{{ DiscussionBoard.errors[2903078].message }}

seasoned

13 years ago

Originally Posted by Ken Durham

I just looked at your domain......LOL
Get used to it guy.........you're gonna piss some people off....

Nokia Spy Phone Software|GSM Phone Spy|SMS Spy|Mobile Spy

WOW, you're RIGHT! I never thought to check. My PC actually has a light on the camera, so I would know if someone were spying, but my phone DOESN'T!

Steve

Thanks

{{ DiscussionBoard.errors[2903260].message }}

qalott

13 years ago

thanks all of you for giving me your valuable suggestions...

Thanks

Signature

Nokia Spy Phone Softwares
*to catch cheating spouses/girl friends..
*know what your boss is saying behind you...
*use it as a cell phone tracker..
special 15% discount for WF members.

{{ DiscussionBoard.errors[2921928].message }}

how to avoid DDos on my website?

Trending Topics

Any thoughts on golf's latest phenom...Scottie Scheffler??

The Twilight Zone

What's the Best IM-Related Skill to Learn Today That Can Help in the Future?

Should i Index Author pages?

best high quality crypto traffic.