LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 05-27-2009, 03:09 PM   #1
dheeraj4uuu
LQ Newbie
 
Registered: Oct 2007
Posts: 8

Rep: Reputation: 0
DDos attack - prevention


Hello,

My site is being attacked by hackers of DDos attack...I tried mod_evasive, mod_security, APF , DDos deflate...and none showed any results...Because the hacker is using multiple ip's

like

Code:
222.166.160.4
222.166.160.24
222.166.160.21
222.166.160.66
222.166.160.69
222.166.160.35


66.235.124.56
66.235.124.57
66.235.124.58
66.235.124.59
66.235.124.55
66.235.124.132
etc....For now i blocked those ip's in iptables....But i think this not the correct solution....As what if the hacker has changed the IP's ?? Again i have to block them....If he did the attack when iam not there...then no one wil look at it...and my site goes down..

So please tell me any working solution for this....

Waiting for replies.....
 
Old 05-27-2009, 05:30 PM   #2
saavik
Member
 
Registered: Nov 2001
Location: NRW, Germany
Distribution: SLES11 / FC20/ OES / CentOS
Posts: 606

Rep: Reputation: 32
What service ( port ) are they accessing ? 80 (http) ?
 
Old 05-27-2009, 08:41 PM   #3
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
By the looks of it, there are at least 2 things you can do:

1. block ip ranges, using just the 1st 3 parts of the ip (using fail2ban tool ?)
2. since these are in range blocks, find the ISP responsible and notify them, with any info they want.
 
Old 05-28-2009, 08:41 AM   #4
mlnutt
Member
 
Registered: May 2006
Posts: 34

Rep: Reputation: 15
You should report the attack to the organization that the IP is registered to. In the case of your first set of IPs the offending ISP is in Hong Kong. Your second set is in the USA.

You can use `whois' or http://ws.arin.net/whois/ to find the registered owner of the IP and (usually) and abuse@ email address.

Send the offending source IP, the target IP (yours), the port, your time zone and comprehensive log reports. This is the information the ISP needs to deal with the offender.

If more people would report abuse rather than ignoring it the ISPs might do something about their abusing clients.

I generally report all SPAM, attempted relaying, port scanning, and other attacks to ISPs I think will do something about the infraction; an ISP in Bulgaria, China, etc I generally ignore and simply ban their entire IP range or I ban the entire country.

As my servers are personal and not professional I can afford to ban all of Asia, Croatia, Roadrunner.com, etc
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What is the best way to stop this DDoS attack? abefroman Linux - Security 9 04-22-2009 12:25 PM
DDOS Attack studiofos Linux - Security 3 09-12-2006 04:42 AM
DDOS attack in BIND9 inaki Linux - Security 1 08-07-2006 02:46 AM
DDOS attack WebProblem GNU Linux - Security 15 02-09-2005 10:28 PM
ddos attack ashis Linux - Security 1 06-14-2001 03:31 AM


All times are GMT -5. The time now is 02:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration