Attack DDOS server [closed]

Question

Attack DDOS server [closed]

Navigation

#1 by (4 votes)

4

Hello,

I have a server that is suffering DOS attack, I used the command:

watch -n1 'attackers'

on SSH to see the attacks. It basically has an ip that makes about 380 connections, and makes the server fall in a few minutes.

I block the IP through FireWall, but it spends 30 minutes and the funny lad changes IP and does the process again.

This has been happening for 5 days, and Host's support team can not seem to give a WOW.

I put my server's sites in CloudFlare, but it still did not stop. They told me it's a DDOS Layer 7 ..

Every time I get into the media, I get a different way or need time to do something there.

Has anyone ever gone through this and wants to suggest some possible solution? I'm thinking it's changing HOST .. But if I can do something better and avoid less inconvenience.

Server is LINUX. And the company I work for is HostGator. Dedicated Pro.

servidor ddos

asked by anonymous 02.03.2018 / 23:28

1 answer

Find values in an object Passing by reference printing garbage in the vector

score 4 · Accepted Answer

The solution also depends on your version of Apache and Linux, I will put the solution with the mod_evasive of Apache2 .

First install mod_evasive

sudo apt-get -y install libapache2-mod-evasive

Create the log file:

sudo mkdir -p /var/log/apache2/evasive

Of the pro file permissions:

sudo chown -R www-data:root /var/log/apache2/evasive

Change the /etc/apache2/mods-available/mod-evasive.load

DOSHashTableSize 2048
DOSPageCount 20  # maximum number of requests for the same page
DOSSiteCount 300  # total number of requests for any object by the same client IP on the same listener
DOSPageInterval 1.0 # interval for the page count threshold
DOSSiteInterval 1.0  # interval for the site count threshold
DOSBlockingPeriod 10.0 # time that a client IP will be blocked for
DOSLogDir

DOSPageCount Will define how many requests the user can make to the same page

DOSSiteCount Will define how many requests the same ip can make to the site

DOSPageInterval and DOSSiteInterval is the time interval in seconds for this count above

DOSBlockingPeriod is the time it will be blocked in seconds

Restart Apache:

sudo service apache2 restart

Be aware that depending on the metric you put it it can bar human users.