Site attack

[pouncer]

A copue off weeks ago, my site was attacked by some sort off ddos/flood. The attacker had threatened me beforehand (it was a convo we were having on MSN) and when I retaliated he really did attack the site with his botnet, the site went down for 5 days.

 

My host couldnt do anything about this attack, which was coming from 1000+ zombie botnet pc's. They told me i'd have to wait until the attacker stopped and deleted my account for 5 days so the ddos wouldnt affect their server

 

Since then, i've been wondering if there are actions i can take to stop this kind of thing? I've come across this - http://ddosprotection.com - they told me they use some sort of filtering system and that i'd have to change my domain nameserver to the ddosprotection one.

 

Has anyone ever come across a problem like this? Is there anything you've done? I've read many stories and news on how botnets have taken down sites/systems but never for once think it could happen to my own site

[Crew-Portal]

Does this unnamed guy have an MSN

[Johnson]

Yeah, see if you can find any info on the guy. DDoS is a real legal offense.

[pouncer]

yep he does have an MSN email and i reported the attack to his ISP which happens to be the same ISP as mine. i was able to get his IP from my site as he was a registered member, thus getting his isp details.

 

I've had no reply since though. He attacked me again yesterday, site was offline for about 30 mins, my host couldnt do nothing again.

 

Isn't there any precautions i can take? anyone use any ddos protection stuff?

[Crew-Portal]

You can reply by finding out where he lives and taking a Baseball bat to his car!!! lol (NO DONTT DO THAT IT WAS A JOKE) But get his IP, send a letter to his ISP. And since you got his MSN send him a letter saying that you have done that!

[pouncer]

If i told him what Id done, i have a feeling he would just do it again! he's one off them 'script kids' who just happens to have access to someone elses botnet and is trigger happy with the power

 

i'm surprised that no-one knows about any protection methods, surely there must be some sort of server side protection i can get for my domain?

[Azu]

Edit: Nevermind I thought you meant he was attacking your own computer

[cmgmyr]

Check this out:

 

http://www.webmasterworld.com/forum13/687.htm

[Azu]

Chances are the DDoS attack zombies are spewing random packets at his server, and telling your server not to send a webpage back won't do anything.

 

If they ARE attacking the http service itself, they will probably say they are IE or firefox or something.

 

 

That thing is for blocking robots that are unwanted (E.G. spambots) but are nice enough to send real headers. Won't do much against a DDoS.

[448191]

Right, I think they mostly take place at the TCP or UDP level, meaning the HTTP layer (thus Apache) can prevent very little (probably nothing).

 

There's no way I can think of that a server can distinguish between a valid request and a zombie request...

 

So basically you're screwed. Sorry. 

[d22552000]

simple

 

setup all yoru scripts to ignore acess from an ip at more than a rate of 1 request per 5 seconds.  even the fastest poster wouldnt notice this.  Also limit the number of max requests to the site, and auto ban ips that acess the site really fast and often.

[Daniel0]

simple

 

setup all yoru scripts to ignore acess from an ip at more than a rate of 1 request per 5 seconds.  even the fastest poster wouldnt notice this.  Also limit the number of max requests to the site, and auto ban ips that acess the site really fast and often.

 

Read the post before yours:

Right, I think they mostly take place at the TCP or UDP level, meaning the HTTP layer (thus Apache) can prevent very little (probably nothing).

 

There's no way I can think of that a server can distinguish between a valid request and a zombie request...

 

So basically you're screwed. Sorry. 

[d22552000]

then uh... your domain needs to setup their routers to block out the bot ips.

[Azu]

Guys, an effective DDoS means that it sends such a huge amount of packets that it knocks your network off long.

It DOES NOT MATTER whether or not your server ignores them, or whether or not your router passes them on to your server.

If there are enough packets, it will swamp your network, valid packets will be dropped, and your network will be effectively OFFLINE.

The solution is to contact law enforcement agencies and let them deal with it. DDoS is highly illegal.

[Daniel0]

then uh... your domain needs to setup their routers to block out the bot ips.

 

The point of a DDoS (distributed denial-of-service) attack is that a lot of computers (also called zombie computers) try to access the site simultaneously a lot of times to use all the bandwidth and/or system resources so other users cannot use the site (thus the name "denial-of-service"). Some sites that are submitted to sites like Digg crash if they make it to the front page. Essentially it's the same thing happening except that the intentions are not evil, and that it is not one person who controls the other computers, but a lot of visitors visiting the page within a short amount of time.

[d22552000]

lol that explains why you cant ddso through a proxy

 

you would shut the proxy down --,,--

[Azu]

Ya.. making a few thousand computers all spam a proxy is going to shut down the proxy.. what did you expect it to do?

[d22552000]

lol

 

now whats relaly funny is when you make one computer connect to a lot of proxies all at once and see what that does 

 

then have all the proxies connect ton ONE thing all at once.  Even if on google its hilarious. 

 

I got htis:

 

"You're clicking too fast!  Please wati 1 second between requests to the server!"

[pocobueno1388]

Why don't you just switch servers?

[Azu]

lol

 

now whats relaly funny is when you make one computer connect to a lot of proxies all at once and see what that does 

 

then have all the proxies connect ton ONE thing all at once.  Even if on google its hilarious. 

 

I got htis:

 

"You're clicking too fast!  Please wati 1 second between requests to the server!"

Um..?

You would be effectively DDoSing yourself..

And why would using proxies make it say that you are clicking to fast?

[pouncer]

my host is unable to do anything about the attack.. so at the moment, nothing i can do.

 

 

i went to hostgator and they said they have cisco guards which can detect malicious packets and block them, sounds appealing.. anyone on hostgator?

[d22552000]

its a very expesive service.  but it is well worht it and any half decent host gets this service.

 

I host myself and offer hosting.  If only we had some more money, me might get the service.