Visit the LQ Articles and Editorials section
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 05-27-2009, 03:09 PM   #1
LQ Newbie
Registered: Oct 2007
Posts: 8

Rep: Reputation: 0
DDos attack - prevention


My site is being attacked by hackers of DDos attack...I tried mod_evasive, mod_security, APF , DDos deflate...and none showed any results...Because the hacker is using multiple ip's


etc....For now i blocked those ip's in iptables....But i think this not the correct solution....As what if the hacker has changed the IP's ?? Again i have to block them....If he did the attack when iam not there...then no one wil look at it...and my site goes down..

So please tell me any working solution for this....

Waiting for replies.....
Old 05-27-2009, 05:30 PM   #2
Registered: Nov 2001
Location: NRW, Germany
Distribution: SLES11 / FC20/ OES / CentOS
Posts: 609

Rep: Reputation: 32
What service ( port ) are they accessing ? 80 (http) ?
Old 05-27-2009, 08:41 PM   #3
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.7, Centos 5.10
Posts: 16,916

Rep: Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214
By the looks of it, there are at least 2 things you can do:

1. block ip ranges, using just the 1st 3 parts of the ip (using fail2ban tool ?)
2. since these are in range blocks, find the ISP responsible and notify them, with any info they want.
Old 05-28-2009, 08:41 AM   #4
Registered: May 2006
Posts: 34

Rep: Reputation: 15
You should report the attack to the organization that the IP is registered to. In the case of your first set of IPs the offending ISP is in Hong Kong. Your second set is in the USA.

You can use `whois' or to find the registered owner of the IP and (usually) and abuse@ email address.

Send the offending source IP, the target IP (yours), the port, your time zone and comprehensive log reports. This is the information the ISP needs to deal with the offender.

If more people would report abuse rather than ignoring it the ISPs might do something about their abusing clients.

I generally report all SPAM, attempted relaying, port scanning, and other attacks to ISPs I think will do something about the infraction; an ISP in Bulgaria, China, etc I generally ignore and simply ban their entire IP range or I ban the entire country.

As my servers are personal and not professional I can afford to ban all of Asia, Croatia,, etc


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
What is the best way to stop this DDoS attack? abefroman Linux - Security 9 04-22-2009 12:25 PM
DDOS Attack studiofos Linux - Security 3 09-12-2006 04:42 AM
DDOS attack in BIND9 inaki Linux - Security 1 08-07-2006 02:46 AM
DDOS attack WebProblem GNU Linux - Security 15 02-09-2005 10:28 PM
ddos attack ashis Linux - Security 1 06-14-2001 03:31 AM

All times are GMT -5. The time now is 04:05 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration