xserverx
asked on
dos attack please help
hello
I have have a dos attack on one of my site I think it is not difficult to stop this ddos attack kind
but really I don't know how to do that
I have attached the domlogs for that dos attack trace
I hope you help me to resolve this problem ?
please don't tell me to just block that Ip because he can attack me from an other IP
thank you
I have have a dos attack on one of my site I think it is not difficult to stop this ddos attack kind
but really I don't know how to do that
I have attached the domlogs for that dos attack trace
I hope you help me to resolve this problem ?
please don't tell me to just block that Ip because he can attack me from an other IP
thank you
105.157.21.4 - - [29/Oct/2013:17:42:49 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:49 +0000] "GET / HTTP/1.0" 200 102448 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:49 +0000] "GET / HTTP/1.0" 200 102460 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:50 +0000] "GET / HTTP/1.0" 200 102448 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:49 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:49 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:50 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:51 +0000] "GET / HTTP/1.0" 200 102452 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:49 +0000] "GET / HTTP/1.0" 200 102452 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:50 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:51 +0000] "GET / HTTP/1.0" 200 102452 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:50 +0000] "GET / HTTP/1.0" 200 102448 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:51 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:51 +0000] "GET / HTTP/1.0" 200 102448 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:50 +0000] "GET / HTTP/1.0" 200 102452 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:51 +0000] "GET / HTTP/1.0" 200 102448 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:51 +0000] "GET / HTTP/1.0" 200 102452 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:52 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:51 +0000] "GET / HTTP/1.0" 200 102452 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:52 +0000] "GET / HTTP/1.0" 200 102460 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:52 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:52 +0000] "GET / HTTP/1.0" 200 102452 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:51 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:51 +0000] "GET / HTTP/1.0" 200 102460 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:52 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:51 +0000] "GET / HTTP/1.0" 200 102460 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:51 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:51 +0000] "GET / HTTP/1.0" 200 102452 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:51 +0000] "GET / HTTP/1.0" 200 102460 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:51 +0000] "GET / HTTP/1.0" 200 102460 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:51 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:52 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:52 +0000] "GET / HTTP/1.0" 200 102460 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:52 +0000] "GET / HTTP/1.0" 200 102460 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:52 +0000] "GET / HTTP/1.0" 200 102452 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:53 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:52 +0000] "GET / HTTP/1.0" 200 102452 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:52 +0000] "GET / HTTP/1.0" 200 102452 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:53 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:55 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:53 +0000] "GET / HTTP/1.0" 200 102452 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:52 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:52 +0000] "GET / HTTP/1.0" 200 102448 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:55 +0000] "GET / HTTP/1.0" 200 102460 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:53 +0000] "GET / HTTP/1.0" 200 102452 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:53 +0000] "GET / HTTP/1.0" 200 102448 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:53 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:52 +0000] "GET / HTTP/1.0" 200 102460 "-" "Mozilla Firefox 2"
105.157.21.4 - - [29/Oct/2013:17:42:56 +0000] "GET / HTTP/1.0" 200 102456 "-" "Mozilla Firefox 2"
This looks more like a port scan.
ASKER
yes I have blocked that Ip and everything ok
how to stop this kind of dos attack ?
how to stop this kind of dos attack ?
You stop it by blocking the IP address.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for your reply
I hope you just understand my problem
this attacker trying to open the index page 2 time per second this make the server high load and reach MaxClient
I don't know if there is a solution that can limit accessing to the same page per second per ip ?
I just need solution look like that
thank you
I hope you just understand my problem
this attacker trying to open the index page 2 time per second this make the server high load and reach MaxClient
I don't know if there is a solution that can limit accessing to the same page per second per ip ?
I just need solution look like that
thank you
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also, the logs do not show a ddos attack since the first d stands for distributed.
Block the IP and see what happens....
iptables -I INPUT -p tcp -s 105.157.21.4 -j DROP
Good luck.