1

My server is under DDoS attacks. I see my access log and get something:

 968966 93-97-53-41.zone5.bethere.co.uk - - [27/Jul/2011:12:13:58 +0700] "GET /forum/forum.php HTTP/1.1" 200 91231 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.        1)"
 968967 61.120.148.12 - - [27/Jul/2011:12:13:39 +0700] "GET /forum/forum.php HTTP/1.0" 200 91539 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
 968968 222.122.206.203 - - [27/Jul/2011:12:13:38 +0700] "GET /forum/forum.php HTTP/1.1" 200 91228 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
 968969 cable-27-4.botevgrad.com - - [27/Jul/2011:12:13:39 +0700] "GET /forum/forum.php HTTP/1.1" 200 91228 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
 968970 213.197.182.78 - - [27/Jul/2011:12:13:39 +0700] "GET /forum/forum.php HTTP/1.0" 200 91539 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
 968971 200.27.142.30 - - [27/Jul/2011:12:13:39 +0700] "GET /forum/forum.php HTTP/1.0" 200 91539 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
 968972 189.77.140.57 - - [27/Jul/2011:12:13:35 +0700] "GET /forum/forum.php HTTP/1.0" 200 91539 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
 968973 221.226.9.22 - - [27/Jul/2011:12:13:58 +0700] "GET /forum/forum.php HTTP/1.1" 200 91542 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
 968974 ::1 - - [27/Jul/2011:12:14:03 +0700] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)"
 968975 221.226.9.22 - - [27/Jul/2011:12:13:58 +0700] "GET /forum/forum.php HTTP/1.1" 200 91231 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
 968976 ::1 - - [27/Jul/2011:12:14:03 +0700] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)"

I don't have any experiences about DDoS, please help me find and resolve issue? :( My server is CentOs 5.4 Apache 2.2 and PHP 5.2.6.

Thanks,

Tom O'Connor
  • 27,578
Tuan Ngo
  • 11

4 Answers4

4

A DDOS is a tough thing. By the time it's reached your server, or your network, it's already too late. Call your ISP. They're the proper ones to deal with a DDOS attack. Give them as much information as possible so they can find a pattern and block it.

Jason Berg
  • 19,334
1

As Jason already pointed out, your best current option is to call your ISP/Hoster for help.

After that, sign up for a CDN, if possible - they thwart most DDoS'es by design, or at least, make them only a localized nuisance. There are many CDN's which provide some free plan, which might be sufficient for you. I heard good stuff about CloudFlare, and used it a bit at some point. YMMV.

Community
  • 1
roeme
  • 3,955
  • 3
  • 23
  • 34
0

Theoretically, u can use Client Puzzle to solve DDos attack. Depend on the situation, you may use different kind of puzzle to solve your problems.

[May I know, how do you know if you are under DDos attack from above log?]

alexandriaco
  • 19
-1

For a quick fix if you are aware of active DDOS
The page/site/portal where you are being DDOSed in the index.php pnly (or however you are handling the code flow in case of mvc) you can restrict the hacker's IP and return him true or false. and prevent him from hampering your Database.
As avoiding abusive traffic and returning a sorry page would always be a better way than letting them impact the database.

ILLUSION
  • 1