Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Problem with ddos attacks

Posted on 2006-10-27
5
Medium Priority
?
246 Views
Last Modified: 2010-04-11
Hello, recently out of the blue, a team of "hackers" has been ddos attacking my site. My site is www.stealthservers.net. We run gameservers, and any downtime usually means loss in orders.

Also they are trying to hack my actual game servers as well.

I have no clue what to do, but this can cause me a lot of future problems. Any advice is appreciated

Thanks, Brad
0
Comment
Question by:mindlessacts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17824542
Do you have a firewall, you need to mention about the system you have, right now;

There is no clue if it runs on windows, if you have a router/firewall etc.

What you should be ideally doing is to enable 'Syn Protector' to avoid most of these problems. Unless we know the hardware you have, we can't

Cheers,
Rajesh
0
 
LVL 8

Accepted Solution

by:
jako earned 1000 total points
ID: 17824888
he appears to be running : GNU/Linux with Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a on an IP of: 70.84.123.92 and his Netblock owner is ThePlanet.com Internet Services.

First and foremost, see if the DDoS attack is against your www.stealthservers.net or against the raw IP. in both cases, set up a honeypot server and move the original. Cooperate with your IP (Internet Provider). They might have the honeypot already there - just a matter of assigning the right domain name or IP to it.
If the migration to a DDoS free IP is done, start notifying your clients of the change and keep a watchful eye on the logs. You might have to do that multiple times and each time shuffling the order of the clients notified about the new IP. Once there is correlation on the notified client time and correspondingly shifting DDoS attack, you can nail his ass.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 1000 total points
ID: 17828221
Log the ip's of the attack, report to Dshield as well as the ISP that own's that ip range or ranges. Enter IP's here to get the proper Abuse address
http://www.arin.net/whois/
Your IP for instance: OrgAbuseEmail: admins@theplanet.com
NetRange:   70.84.0.0 - 70.87.255.255
CIDR:       70.84.0.0/14
NetName:    NETBLK-THEPLANET-BLK-13
NetHandle:  NET-70-84-0-0-1
Parent:     NET-70-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.THEPLANET.COM
OrgAbuseEmail:  abuse@theplanet.com
OrgNOCEmail:  admins@theplanet.com

you should report to your own ISP that you are under attack also, perhaps your not alone and others are being hit also.
-rich
0
 
LVL 8

Expert Comment

by:jako
ID: 17832696
DDoS is usually carried out by the help of the zombies (or bots). in the case of a really large botnet the each individual bot might not qualify as an attacker as the http query might look legit and queries are done sufficiently randomly and seldom enough to impersonate an impatient person so it might be hard to separate woeful from the rest.

The most important lesson about this DDoS attack that is most probably resolved by now, is that even to that kind of event one can prepare to take precautionary steps and set up an action plan with your ISP.
0
 

Author Comment

by:mindlessacts
ID: 17833738
Thanks a lot for the responses. Apparently my host says they have it "under control" and since then there have been no attacks. So I guess sometimes its a good thing I dont host my own websites. I will split the points, as you all helped me learn to prevent future attacks when I do start hosting my own site

Thanks!

Regards, Brad
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out what's been happening in the Experts Exchange community.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question