Questions tagged [ddos]
A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.
629 questions
2
votes
0
answers
79
views
Is this a DDOS attack, or something else?
I am responsible for a reasonably big UK site and since last Thursday we've been getting hit with heavy usage that's killing the server for a few minutes, it's happening roughly once per hour (but ...
- 121
0
votes
1
answer
158
views
Apache HTTP server under DDoS attack [closed]
One of the servers has been under attack for four weeks. First the attack was weak, but now it is aggressive after I started fighting him.
It consumes CPU resources to keep starting the Apache server ...
0
votes
0
answers
87
views
Apache crashes causing 504s
I have a Centos 7 server on which I installed apache 2.4.58, it has been crashing for 2 days after a short time that it is online, I keep stopping the apache service (systemctl stop httpd.service) and ...
0
votes
0
answers
124
views
Testing anti-ddos iptables rules on loopback address
I am setting up anti-ddos iptables rules on a kali linux vm for a class. I have tried two methods, one being just the iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j RETURN rule ...
0
votes
1
answer
147
views
What are the options for Layer 7 DDoS protection of AWS resources
The following are my assumptions based on AWS docs. It's only because the docs do not precisely address my questions that I'm here asking.
AWS WAF (whether used directly or via Shield Advanced) is ...
- 129
0
votes
0
answers
41
views
Navigating Hetzner Server Security: Looking for Answers [duplicate]
We are managing a dedicated server with Hetzner. Our setup includes a public server (Nginx reverse proxy) connected to around 10 upstream servers.
Recently, our server was compromised through an ...
0
votes
1
answer
468
views
Can't stop attack on nginx server
I'm currently struggling with my Digitalocean droplet (Ubuntu 22.10) which is under some sort of attack (maybe DDOS). The server hosts a containerized application that runs on nginx.
Every time I ...
0
votes
1
answer
57
views
I keep receiving login attempt to my server until it gets down
I have a Centos7 server and after years of correctly working, yesterday it started to being unreachable (The server apps I have there were not rechable, the SSH connection gave timeout, etc but the ...
- 103
0
votes
1
answer
385
views
What do these logs mean? Is someone attempting to hack into my server via ssh?
Today I woke up to a a very large number of logs for ssh, and I can only assume someone is trying to gain access to my linux server.
Here are the logs
-- Logs begin at Wed 2023-08-02 08:59:10 EEST, ...
- 111
1
vote
5
answers
369
views
Tips for coping with a surprisingly high rate of "botnet" sshd login failures?
I just set up 2 new Debian 12 VPS's at once.
One of them worked fine; the other, I appeared to have intermittent connectivity to. I even got as far as writing half of a support ticket, thinking it ...
- 125
0
votes
2
answers
759
views
Mitigation of a Slow Loris Attack (slow HTTP request DDoS)
I am being targeted by a slow loris attack for several weeks now (during the worst period of the year [black friday / cyber monday]).
This is an advanced DDoS attack where I get a lot of slow HTTP ...
0
votes
0
answers
67
views
necesito configurar una regla de firewall en pfsense
chicos estoy haciendo una simulación de ataque DDoS utilizando máquinas virtuales (virtual box) ya logré hacer el ataque, sin embargo, necesito configurar pfsense para poder proteger mi servidor web ...
1
vote
1
answer
671
views
Is Apache mod_evasive really worthful
I read an article saying that apache mod_evasive is an old outdated module and does not real protection against Dos attack. After testing a scenario of load requests to a apache webpage it seems like ...
- 11
2
votes
0
answers
1k
views
Can any help me to understand HAProxy DDoS attack protection configuration?
I'm using HAP on and off for a bit now and now I'm trying confgure DDoS protection per frontend, to block a connection for 5 mints, if it receives more than 200 requests per second from the same ...
- 479
1
vote
2
answers
105
views
.io auth. NS refuses UDP response to dnsviz.net – why shouldn’t I, too?
Seriously, say, I block (return, not drop of course) UDP :53 in to my authoritative nameserver. Resolvers will fall back to TCP and I won’t need any rate limiting against spoofed source IPs. Because ...
- 100
0
votes
1
answer
304
views
Block IPs without receiving traffic
I'm hosting on OVH Game dedicated server, the bandwitdth of this server is 1gbp/s, I'm receinving attack from other OVH Servers and they are saturating the bandwidth with 1gbp/s.
OVH doesn't filter ...
-1
votes
1
answer
223
views
My server is attacking other servers
I've been reached by OVH multiple times regarding a dedicated server which I bought from them, and they're saying that the server is attacking other hosts on their network.
The first time, the server ...
- 1
1
vote
2
answers
194
views
Can the bulk execution of "dig domain mx" on 5000 domains be considered an attack to the network?
I have a database containing a lot of invalid emails.
I want to remove all the emails whose domain does not have mx record.
So after I extracted the domain part I wrote a script to bulk check this for ...
- 155
0
votes
2
answers
948
views
How to detect an intranet SYN flood?
I got this problem: whenever I plug a Linux-server into the intranet, the whole network slows down and then die. Every ping/ssh connection between the intranet yields time out.
I unplugged it, then ...
- 131
0
votes
1
answer
28
views
All nights a network segment brings all network down
I have a medium-sized network: 45 devices with printers, a couple of DC and W10 desktops. Last week all network went down at 21:30 and, since that day, all network goes down unless I disconnect one ...
- 487
0
votes
1
answer
170
views
How to correctly set limits ports?
So im currently working on setting a simpel server up with a game server using port 30110 and 30120, but i clearly getting dossed like crazy, how is the best way to protect against this, like i have ...
0
votes
1
answer
377
views
Understanding dropping of packets to fight against an DDoS Attack
I always wondered how big tech companies could fight against DDoS Attacks reaching nearly 1tbps+. From my understanding traffic can't just disappear so even if I drop all e.g udp packets via iptables (...
0
votes
0
answers
26
views
How to repel an apache ddos attack [duplicate]
My nginx+apache+php server on ubuntu is under attack from a single IP address which causes apache to run as many processes as possible, which causes the server to crash. The ipi is single, and the ...
0
votes
1
answer
1k
views
Apache on Debian : server flooded by a lot of 400 , how to protect from it?
My HTTPS server has been experiencing slowness for a few days, so I consulted the log file (the access.log, I use apache2). And I found out that my server is flooded by a lots of 400 :
If I change ...
- 107
1
vote
1
answer
1k
views
DDOS AWS API Gateway protection
I have publicly exposed API Gateway (HTTP). To authenticate you have to provide a valid JWT.
I want to secure this APIGW with Cloudfront + WAF. After reading docs I think that API Gateway endpoint is ...
- 13
0
votes
1
answer
179
views
How to get DDOS+WAF protection on IP/server (not domain)
I've used CloudFlare and it's great.
But in this specific case we control the server IP address but we don't own the domain so can't use CloudFlare unfortunately because the domain owner isn't ready ...
- 161
0
votes
1
answer
179
views
(Theoretical view) In a DDoS attack via docker, no correlation found between the amount of sent packets and the number of virtualized containers
I have been testing a DDoS attack in my local network via docker. Each image has loaded with an "evil" DDoS file.
I tested simultaneously several containers attacking at the same time. On ...
2
votes
1
answer
4k
views
Best way to enable DDoS protection on many individual GCP compute instances without load balancing?
I've been scouring through the Google Cloud Armor docs for information about DDoS protection of a GCP compute VM instance. From what I've found, Google Cloud Armor Managed Protection provides ...
google-cloud-platform
0
votes
2
answers
44
views
Need to investigate why our server was DDOSing our host service provider
Hello everyone and hopefully somebody can give me a first step where I can begin investigating the reason to know why our Linux server appears to have attacked our service provider where the server is ...
- 31
0
votes
3
answers
441
views
PHP Maximum execution time exceeded - sign of attack?
We were facing a very high CPU load on our web server today. Our application was freezing and not reaction. We could reduce the load by setting the maximum execution time from 180 to 90 seconds.
...
- 103
0
votes
0
answers
358
views
How many pre-configured WAF rules do a small website needs? (GCP Cloud Armor)
I am looking at GCP Cloud Armor product. They charge $1 per-rule a month. There is this document with pre-configured rules: https://cloud.google.com/armor/docs/rule-tuning
Can you tell how much of it ...
1
vote
1
answer
1k
views
How to hide Origin Server IP address from Reconnaissance tools
When it comes to web server security, I am a paranoid person.
On DigitalOcean, I'm running a server. They refer to it as a Droplet. Cloudflare is my DNS provider, and Cloudflare proxies and protects ...
1
vote
0
answers
349
views
named rate limiting - DDOS prevention
I'm wanting to implement some rate-limiting onto our named servers and am looking for some help on making sure the values are "sane". This is what I'm thinking...
rate-limit { errors-per-...
- 195
-1
votes
2
answers
1k
views
DDOS Attack to http server and iptables doesn't help (i have access_log) [duplicate]
Im under a DDOS attack that target http server, i try iptables and other measures but nothing seems to work. Here is part of access_log:
https://pastebin.com/6JFKmUi8
Lot of connections but iptables ...
0
votes
1
answer
112
views
How to restrict AWS access to queries from specific domain names?
Hello, this is my first post on Server Fault, so please feel free to edit/correct etiquette.
I am managing a server at work that we have hosted on AWS. Recently, it has fallen victim to a DDoS attack....
- 1
0
votes
0
answers
427
views
Fail2ban exited and didn't start back up
Today I faced a what seemed like a DDOS attack. My server provider warned me about excessive CPU usage (400% for over 6 hours) and I couldn't access any website, could not login via SSH either. Lish ...
- 260
18
votes
7
answers
6k
views
How can I protect SSH?
I check /var/log/secure and I have these logs:
Jul 9 13:02:56 localhost sshd[30624]: Invalid user admin from 223.196.172.1 port 37566
Jul 9 13:02:57 localhost sshd[30624]: Connection closed by ...
- 191
0
votes
1
answer
388
views
What does AWS EC2 DDOS protection shield throw when activated? HTTP(S) 503?
What does Amazon AWS EC2 DDOS protection shield throw when activated? HTTP(S) 503?
At which amount can this happen? 5000 - 10000 requests at "the same time"?
Is this public info and ...
- 624
-2
votes
1
answer
457
views
How can my users discover my upstream server IP though they only connect through load balancers?
I am managing a game server prone to DDoS. I have kept the upstream IP secret and only published the addresses of 100 load balancers forwarding traffic via iptables:
echo 'net.ipv4.ip_forward=1' >&...
1
vote
0
answers
29
views
Application role in preventing DDOS
I have an application that is being planned to be exposed to internet clients via a reverse proxy deployed in the DMZ, . I have recommended that the deployments use WAF/Cloudflare along with this to ...
- 111
1
vote
1
answer
2k
views
What happens when a post exceeds the limit of post_max_size?
If I send a payload of, for example, 10MB to an apache server, the limit being 2MB. How does the server know that the payload is 10MB? Doesn't he need to receive the file anyway, and check its size?
...
3
votes
1
answer
2k
views
How to prevent DDOS attack impact on Netlify? (downtime + bandwith usage/cost)
Situation:
React app that was initially running on a VPS
A few days ago, we were the target of a DDOS attack that took the site down.
During the attack, we decided to migrate to Netlify.
Once ...
- 83
0
votes
1
answer
550
views
I'm Under attacks even with mod_evasive mod_security and fail2ban [closed]
I have my centos fresh server with no problem, I have httpd, named but I get 150 failed logins per 10 minute. I also use Fail2Ban with maxretry 1 findtime 6h. and mod_evasive mod_security default ...
0
votes
2
answers
567
views
Can CDN caching prevent DoS attacks?
Let's say I use Cloudflare to cache my images, CSS, and JS files. Requests for the HTML content itself still hit my server and an attacker could use that to his advantage.
However, if I tell ...
- 161
0
votes
1
answer
95
views
How to prevent a lot of strange requests
I have and https site, which for one week receives a lot of strange requests just to main web site page (+ 2 js and 1 css files, but no images).
From nginx logs it looks like:
193.151.188.114 - - [02/...
- 147
0
votes
1
answer
730
views
UFW Weird ICMP log record - Pinging is blocked
In the log records below I have replace my eth MAC address with ETH_MAC_ADDRESS the IP of my server with MY_SERVER_IP and other IPs with STRANGE_IP plus a number to distingue.
Jan 29 15:11:48 cld ...
- 123
0
votes
0
answers
412
views
Extremely high incoming traffic on web server but no abnormalities in log files
Today we recorded extremely high incoming traffic (1 Gbps) on our Debian Webserver (green chart). On an average day it's at a maximum of about 20-30 Mbps. Firewall as well as fail2ban are configured ...
- 103
2
votes
0
answers
651
views
iptables performance during high-pps UDP attack
One of my servers is under constant UDP DDOS attack. ~500Mb/s and 700k PPS. I have a 10Gbit downlink so that is not the bottleneck.
In my IPTABLES I have created a 'whitelist' via ipset and dropping ...
- 21
0
votes
0
answers
114
views
How much DDOS mitigation one should expect from VPS provider?
We had a stateful WebRTC application which received some DDOS attacks. The server had 2gbits port, so any attack over 2gbits was able to make it unavailable. Afterwards we refactored the application ...
- 101
-5
votes
2
answers
172
views
Can I report malicious ip addresses for money?
My servers get attacks from thousands of ip addresses everyday. I have an idea. Can I report those malicious ip addresses, or use the resource to earn some money? How?
You may think these attacks are ...
- 131