Portal Home > Knowledgebase > Articles Database > Question: How to monitor a DDoS attack
Question: How to monitor a DDoS attack
| Posted by tsincaat, 01-12-2010, 02:31 PM |
| I very recently signed up for a VPS upgrading from a shared host. One of my sites while at my previous host had been hit by a DDoS attack. It's pretty big, so I don't think a VPS would be able to handle it. I'm not making enough cash off the site that it's worthwhile to sign up for any kind of ddos protection anywhere.
So in the meantime while it's offline I want to know if there's any way I can monitor whether it is still being attacked without using up all of my bandwidth or ticking off my vps provider in the process. By the way, if it makes any difference I believe the attack is a GET attack targeting a specific image.
Thanks,
Robert
|
| Posted by jrianto, 01-12-2010, 02:33 PM |
| Hi Robert,
Have you tried installing some type of firewall in your VPS to help with the DDoS? I would recommend using CSF.
|
| Posted by tsincaat, 01-12-2010, 02:50 PM |
| Yes, I have it setup and left it on the high preset, though I haven't moved over any of my sites yet.
|
| Posted by DigitalLinx, 01-12-2010, 07:10 PM |
| If it's a HTTP application based DDoS mod_security would do a good job at mitigating it, provided that you have appropriate rule set in place.
|
| Posted by LeaTrueman, 01-13-2010, 12:15 AM |
| Hello,
Try installing CSF on your vps which will alert you about the DDoS attack and also it will block the IPs if it crosses the connection limit set in CSF.
|
| Posted by madaboutlinux, 01-13-2010, 05:01 AM |
| If DDOS is pretty big as stated by "tsincaat", CSF won't do any good. And BTW, you have to bring the website online to see if the attack is still going on.
|
| Posted by alanzkorner, 01-13-2010, 06:52 AM |
| Hi,
Once the website is online check using following command to see the IPs connected to Server .
and block the IP having too many connections if any , You may also use the following script to be run on the server to terminate the DDOS IPs along with CSF .
you can keep it in CRON at a desired interval.
|
| Posted by keserhosting, 01-13-2010, 07:16 AM |
| Be sure to secure the /tmp partition as most of attack are generally targeted from this /tmp partition.
|
| Posted by tsincaat, 01-13-2010, 03:06 PM |
| Thanks a lot for the help guys. Once I put the site up what's the easiest way to take it down if I can't handle the attack? Will suspending the cpanel account it's on do that?
|
| Posted by Killer Tofu, 01-13-2010, 03:12 PM |
| I'm no pro when it comes to servers & ddosing, but I would just:
a) password protect the directory
or
b) change all pages to a static "gtfo" page with no content.
or
c) find out the offending IP and redirect them to lemonparty on every attempt to connect.
|
| Posted by robotronik, 01-20-2010, 06:33 AM |
| Why would the attack be aimed from tmp?
What can DDoS do to temp. Nothing, this is completely unrelated.
|
Add to Favourites 
Print this Article
Also Read
