Problem with ddos attacks

Hello, recently out of the blue, a team of "hackers" has been ddos attacking my site. My site is We run gameservers, and any downtime usually means loss in orders.

Also they are trying to hack my actual game servers as well.

I have no clue what to do, but this can cause me a lot of future problems. Any advice is appreciated

Thanks, Brad
Who is Participating?
jakoConnect With a Mentor sysadminCommented:
he appears to be running : GNU/Linux with Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.4 FrontPage/ mod_ssl/2.8.28 OpenSSL/0.9.7a on an IP of: and his Netblock owner is Internet Services.

First and foremost, see if the DDoS attack is against your or against the raw IP. in both cases, set up a honeypot server and move the original. Cooperate with your IP (Internet Provider). They might have the honeypot already there - just a matter of assigning the right domain name or IP to it.
If the migration to a DDoS free IP is done, start notifying your clients of the change and keep a watchful eye on the logs. You might have to do that multiple times and each time shuffling the order of the clients notified about the new IP. Once there is correlation on the notified client time and correspondingly shifting DDoS attack, you can nail his ass.
Do you have a firewall, you need to mention about the system you have, right now;

There is no clue if it runs on windows, if you have a router/firewall etc.

What you should be ideally doing is to enable 'Syn Protector' to avoid most of these problems. Unless we know the hardware you have, we can't

Rich RumbleConnect With a Mentor Security SamuraiCommented:
Log the ip's of the attack, report to Dshield as well as the ISP that own's that ip range or ranges. Enter IP's here to get the proper Abuse address
Your IP for instance: OrgAbuseEmail:
NetRange: -
NetHandle:  NET-70-84-0-0-1
Parent:     NET-70-0-0-0-0
NetType:    Direct Allocation

you should report to your own ISP that you are under attack also, perhaps your not alone and others are being hit also.
DDoS is usually carried out by the help of the zombies (or bots). in the case of a really large botnet the each individual bot might not qualify as an attacker as the http query might look legit and queries are done sufficiently randomly and seldom enough to impersonate an impatient person so it might be hard to separate woeful from the rest.

The most important lesson about this DDoS attack that is most probably resolved by now, is that even to that kind of event one can prepare to take precautionary steps and set up an action plan with your ISP.
mindlessactsAuthor Commented:
Thanks a lot for the responses. Apparently my host says they have it "under control" and since then there have been no attacks. So I guess sometimes its a good thing I dont host my own websites. I will split the points, as you all helped me learn to prevent future attacks when I do start hosting my own site


Regards, Brad
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.