What it looks like getting DDoS attacked

Discussion in 'Systems Administration' started by Martijnie, Oct 13, 2014.

  1. Why not just put up a captcha? It seems to have worked based on this.
    #21 john01dav, Oct 13, 2014
    Last edited: Oct 13, 2014
    • Optimistic Optimistic x 1
  2. danjb2000

    danjb2000 Retired Moderator
    Retired Supporter

    It's fine for me.
    • Like Like x 1
    • Optimistic Optimistic x 1
  3. The web server is up, but the forums somehow isn't working.

    Good thing you have a filter though :)
    • Optimistic Optimistic x 1
  4. Yep still working on a filter for the forum because it requires a different approach. Have put it offline for now.
  5. And the forum is back online too! http://forum.woa.pw

    Will keep a close look on the logs to see how my filter is behaving.
    • Like Like x 1
    • Optimistic Optimistic x 1
  6. That would be a layer 7 attack, as it's attacking vulnerabilities in the actual application. Cloudflare fixes this by checking browsers before computing their request. OVH does not protect this, instead you must set up things within the application in order to handle high volumes of traffic.

    Facebook for example needs to load balance their system in a way in order to withstand the millions of requests they get per second.

    Layer 4 on the other hand are volumetric in size, and try to saturate the end host's port with packets.
    #27 redfrosting, Oct 14, 2014
    Last edited: Oct 14, 2014
    • Informative Informative x 2
  7. Just tweaked the filters again so I did a restart of iptables which cleared everything previously stored. In the next hour or so it should pretty much catch all ddos attempts and then stabilize automatically :)

    EDIT: Previous filter banned around 830 IP's. Is that a lot for a DDoS attack?
    • Funny Funny x 1
    • Optimistic Optimistic x 1
  8. Throwing error 500, internal server error.
  9. I know. It's still stabilizing.
    • Optimistic Optimistic x 1
  10. This is a very difficult ddos attack to defend. You should get more layers of protection and improve your filter.
  11. Just get budget host IP's and you'll pretty much filter everyone who does shady stuff out.
    • Agree Agree x 1