|
DDos attack - prevention
Hello,
My site is being attacked by hackers of DDos attack...I tried mod_evasive, mod_security, APF , DDos deflate...and none showed any results...Because the hacker is using multiple ip's like Code:
222.166.160.4So please tell me any working solution for this.... Waiting for replies..... |
What service ( port ) are they accessing ? 80 (http) ?
|
By the looks of it, there are at least 2 things you can do:
1. block ip ranges, using just the 1st 3 parts of the ip (using fail2ban tool ?) 2. since these are in range blocks, find the ISP responsible and notify them, with any info they want. |
You should report the attack to the organization that the IP is registered to. In the case of your first set of IPs the offending ISP is in Hong Kong. Your second set is in the USA.
You can use `whois' or http://ws.arin.net/whois/ to find the registered owner of the IP and (usually) and abuse@ email address. Send the offending source IP, the target IP (yours), the port, your time zone and comprehensive log reports. This is the information the ISP needs to deal with the offender. If more people would report abuse rather than ignoring it the ISPs might do something about their abusing clients. I generally report all SPAM, attempted relaying, port scanning, and other attacks to ISPs I think will do something about the infraction; an ISP in Bulgaria, China, etc I generally ignore and simply ban their entire IP range or I ban the entire country. As my servers are personal and not professional I can afford to ban all of Asia, Croatia, Roadrunner.com, etc |
| All times are GMT -5. The time now is 02:33 AM. |