Solved

Problem with ddos attacks

Posted on 2006-10-27
5
233 Views
Last Modified: 2010-04-11
Hello, recently out of the blue, a team of "hackers" has been ddos attacking my site. My site is www.stealthservers.net. We run gameservers, and any downtime usually means loss in orders.

Also they are trying to hack my actual game servers as well.

I have no clue what to do, but this can cause me a lot of future problems. Any advice is appreciated

Thanks, Brad
0
Comment
Question by:mindlessacts
5 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17824542
Do you have a firewall, you need to mention about the system you have, right now;

There is no clue if it runs on windows, if you have a router/firewall etc.

What you should be ideally doing is to enable 'Syn Protector' to avoid most of these problems. Unless we know the hardware you have, we can't

Cheers,
Rajesh
0
 
LVL 8

Accepted Solution

by:
jako earned 250 total points
ID: 17824888
he appears to be running : GNU/Linux with Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a on an IP of: 70.84.123.92 and his Netblock owner is ThePlanet.com Internet Services.

First and foremost, see if the DDoS attack is against your www.stealthservers.net or against the raw IP. in both cases, set up a honeypot server and move the original. Cooperate with your IP (Internet Provider). They might have the honeypot already there - just a matter of assigning the right domain name or IP to it.
If the migration to a DDoS free IP is done, start notifying your clients of the change and keep a watchful eye on the logs. You might have to do that multiple times and each time shuffling the order of the clients notified about the new IP. Once there is correlation on the notified client time and correspondingly shifting DDoS attack, you can nail his ass.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 17828221
Log the ip's of the attack, report to Dshield as well as the ISP that own's that ip range or ranges. Enter IP's here to get the proper Abuse address
http://www.arin.net/whois/
Your IP for instance: OrgAbuseEmail: admins@theplanet.com
NetRange:   70.84.0.0 - 70.87.255.255
CIDR:       70.84.0.0/14
NetName:    NETBLK-THEPLANET-BLK-13
NetHandle:  NET-70-84-0-0-1
Parent:     NET-70-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.THEPLANET.COM
OrgAbuseEmail:  abuse@theplanet.com
OrgNOCEmail:  admins@theplanet.com

you should report to your own ISP that you are under attack also, perhaps your not alone and others are being hit also.
-rich
0
 
LVL 8

Expert Comment

by:jako
ID: 17832696
DDoS is usually carried out by the help of the zombies (or bots). in the case of a really large botnet the each individual bot might not qualify as an attacker as the http query might look legit and queries are done sufficiently randomly and seldom enough to impersonate an impatient person so it might be hard to separate woeful from the rest.

The most important lesson about this DDoS attack that is most probably resolved by now, is that even to that kind of event one can prepare to take precautionary steps and set up an action plan with your ISP.
0
 

Author Comment

by:mindlessacts
ID: 17833738
Thanks a lot for the responses. Apparently my host says they have it "under control" and since then there have been no attacks. So I guess sometimes its a good thing I dont host my own websites. I will split the points, as you all helped me learn to prevent future attacks when I do start hosting my own site

Thanks!

Regards, Brad
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now