Solved

Problem with ddos attacks

Posted on 2006-10-27
5
235 Views
Last Modified: 2010-04-11
Hello, recently out of the blue, a team of "hackers" has been ddos attacking my site. My site is www.stealthservers.net. We run gameservers, and any downtime usually means loss in orders.

Also they are trying to hack my actual game servers as well.

I have no clue what to do, but this can cause me a lot of future problems. Any advice is appreciated

Thanks, Brad
0
Comment
Question by:mindlessacts
5 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17824542
Do you have a firewall, you need to mention about the system you have, right now;

There is no clue if it runs on windows, if you have a router/firewall etc.

What you should be ideally doing is to enable 'Syn Protector' to avoid most of these problems. Unless we know the hardware you have, we can't

Cheers,
Rajesh
0
 
LVL 8

Accepted Solution

by:
jako earned 250 total points
ID: 17824888
he appears to be running : GNU/Linux with Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a on an IP of: 70.84.123.92 and his Netblock owner is ThePlanet.com Internet Services.

First and foremost, see if the DDoS attack is against your www.stealthservers.net or against the raw IP. in both cases, set up a honeypot server and move the original. Cooperate with your IP (Internet Provider). They might have the honeypot already there - just a matter of assigning the right domain name or IP to it.
If the migration to a DDoS free IP is done, start notifying your clients of the change and keep a watchful eye on the logs. You might have to do that multiple times and each time shuffling the order of the clients notified about the new IP. Once there is correlation on the notified client time and correspondingly shifting DDoS attack, you can nail his ass.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 17828221
Log the ip's of the attack, report to Dshield as well as the ISP that own's that ip range or ranges. Enter IP's here to get the proper Abuse address
http://www.arin.net/whois/
Your IP for instance: OrgAbuseEmail: admins@theplanet.com
NetRange:   70.84.0.0 - 70.87.255.255
CIDR:       70.84.0.0/14
NetName:    NETBLK-THEPLANET-BLK-13
NetHandle:  NET-70-84-0-0-1
Parent:     NET-70-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.THEPLANET.COM
OrgAbuseEmail:  abuse@theplanet.com
OrgNOCEmail:  admins@theplanet.com

you should report to your own ISP that you are under attack also, perhaps your not alone and others are being hit also.
-rich
0
 
LVL 8

Expert Comment

by:jako
ID: 17832696
DDoS is usually carried out by the help of the zombies (or bots). in the case of a really large botnet the each individual bot might not qualify as an attacker as the http query might look legit and queries are done sufficiently randomly and seldom enough to impersonate an impatient person so it might be hard to separate woeful from the rest.

The most important lesson about this DDoS attack that is most probably resolved by now, is that even to that kind of event one can prepare to take precautionary steps and set up an action plan with your ISP.
0
 

Author Comment

by:mindlessacts
ID: 17833738
Thanks a lot for the responses. Apparently my host says they have it "under control" and since then there have been no attacks. So I guess sometimes its a good thing I dont host my own websites. I will split the points, as you all helped me learn to prevent future attacks when I do start hosting my own site

Thanks!

Regards, Brad
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise Password Manager Suites as well as Local Password managers are covered in this article.
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question