Jump to content

Site attack


pouncer

Recommended Posts

A copue off weeks ago, my site was attacked by some sort off ddos/flood. The attacker had threatened me beforehand (it was a convo we were having on MSN) and when I retaliated he really did attack the site with his botnet, the site went down for 5 days.

 

My host couldnt do anything about this attack, which was coming from 1000+ zombie botnet pc's. They told me i'd have to wait until the attacker stopped and deleted my account for 5 days so the ddos wouldnt affect their server

 

Since then, i've been wondering if there are actions i can take to stop this kind of thing? I've come across this - http://ddosprotection.com - they told me they use some sort of filtering system and that i'd have to change my domain nameserver to the ddosprotection one.

 

Has anyone ever come across a problem like this? Is there anything you've done? I've read many stories and news on how botnets have taken down sites/systems but never for once think it could happen to my own site

Link to comment
Share on other sites

yep he does have an MSN email and i reported the attack to his ISP which happens to be the same ISP as mine. i was able to get his IP from my site as he was a registered member, thus getting his isp details.

 

I've had no reply since though. He attacked me again yesterday, site was offline for about 30 mins, my host couldnt do nothing again.

 

Isn't there any precautions i can take? anyone use any ddos protection stuff?

Link to comment
Share on other sites

If i told him what Id done, i have a feeling he would just do it again! he's one off them 'script kids' who just happens to have access to someone elses botnet and is trigger happy with the power

 

i'm surprised that no-one knows about any protection methods, surely there must be some sort of server side protection i can get for my domain?

Link to comment
Share on other sites

Chances are the DDoS attack zombies are spewing random packets at his server, and telling your server not to send a webpage back won't do anything.

 

If they ARE attacking the http service itself, they will probably say they are IE or firefox or something.

 

 

That thing is for blocking robots that are unwanted (E.G. spambots) but are nice enough to send real headers. Won't do much against a DDoS.

Link to comment
Share on other sites

Right, I think they mostly take place at the TCP or UDP level, meaning the HTTP layer (thus Apache) can prevent very little (probably nothing).

 

There's no way I can think of that a server can distinguish between a valid request and a zombie request...

 

So basically you're screwed. Sorry.  :P

Link to comment
Share on other sites

simple

 

setup all yoru scripts to ignore acess from an ip at more than a rate of 1 request per 5 seconds.  even the fastest poster wouldnt notice this.  Also limit the number of max requests to the site, and auto ban ips that acess the site really fast and often.

Link to comment
Share on other sites

simple

 

setup all yoru scripts to ignore acess from an ip at more than a rate of 1 request per 5 seconds.  even the fastest poster wouldnt notice this.  Also limit the number of max requests to the site, and auto ban ips that acess the site really fast and often.

 

Read the post before yours:

Right, I think they mostly take place at the TCP or UDP level, meaning the HTTP layer (thus Apache) can prevent very little (probably nothing).

 

There's no way I can think of that a server can distinguish between a valid request and a zombie request...

 

So basically you're screwed. Sorry.  :P

Link to comment
Share on other sites

Guys, an effective DDoS means that it sends such a huge amount of packets that it knocks your network off long.

It DOES NOT MATTER whether or not your server ignores them, or whether or not your router passes them on to your server.

If there are enough packets, it will swamp your network, valid packets will be dropped, and your network will be effectively OFFLINE.

The solution is to contact law enforcement agencies and let them deal with it. DDoS is highly illegal.

Link to comment
Share on other sites

then uh... your domain needs to setup their routers to block out the bot ips.

 

The point of a DDoS (distributed denial-of-service) attack is that a lot of computers (also called zombie computers) try to access the site simultaneously a lot of times to use all the bandwidth and/or system resources so other users cannot use the site (thus the name "denial-of-service"). Some sites that are submitted to sites like Digg crash if they make it to the front page. Essentially it's the same thing happening except that the intentions are not evil, and that it is not one person who controls the other computers, but a lot of visitors visiting the page within a short amount of time.

Link to comment
Share on other sites

lol

 

now whats relaly funny is when you make one computer connect to a lot of proxies all at once and see what that does  :D

 

then have all the proxies connect ton ONE thing all at once.  Even if on google its hilarious. 

 

I got htis:

 

"You're clicking too fast!  Please wati 1 second between requests to the server!"

Link to comment
Share on other sites

lol

 

now whats relaly funny is when you make one computer connect to a lot of proxies all at once and see what that does  :D

 

then have all the proxies connect ton ONE thing all at once.  Even if on google its hilarious. 

 

I got htis:

 

"You're clicking too fast!  Please wati 1 second between requests to the server!"

Um..?

You would be effectively DDoSing yourself..

And why would using proxies make it say that you are clicking to fast?

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.