Under attacked!

[spr]

I believe my site is under DDOS aatack, how can I set the firewall to allow only my IP to access the site (so I can turn the forum down)?

BTW, I appreciate JaguardPC's support, but it is not very helpful now *___*

.........
2006-07-15 / 02:06:46
I think Im getting DDos

2006-07-15 / 02:09:10

Hi,
The Apache activity on your VPS is causing very high load on your vps and in fact on the complete node. Please provide us with your VPS root password so we can find which domain/account or activity is causing such high httpd acticity.

Feel free to contact us if you need further assistance.

Regards,
***** - Technical Support

2006-07-15 / 02:10:35
Pass *******

2006-07-15 / 03:02:05

Hi,
I have checked the logs for the high httpd activity , its all caused by the site '********.net' which appear to be your main domains and specifically its the 'community' section causing all the httpd activity. If this is your regular httpd activity then you may need to upgrade your VPS plan or may upgrade to a Dedicated server as its currently very high for a vps and also causing load on the main VZ node.


Feel free to contact us if you need further assistance.

Regards,
****** - Technical Support

2006-07-15 / 03:03:27
I believe we are suffering a DDOS attack ( over 300 guests at the same time), cant you do anything about it? Please.

Crying. I had to keep retrying 2 hours to access the admin page and turn off the forum.....The loading still at over 90% tho, ......
When will this attack end....

PS: COOL thing: never had 700 users on the site b4 ^^.

update: According to the ticket status someone is working hard on it. Please keep it up, Im sorry to bother at such late hour *_________*

[mattsiegman]

What kind of board is it? You might try renaming your board's main file (index.php, forum.php, forum.pl, whatever) to something else and see if it cuts off the load.

[spr]

What kind of board is it? You might try renaming your board's main file (index.php, forum.php, forum.pl, whatever) to something else and see if it cuts off the load.

SMF Forum. It took me several hours to find a way to edit the index.php (I couldnt access the site myself, and I forgot that I can use the VPS Panel, silly)

But even so + turn off mysql, the server load still stands at 100%, the site gone down for more than 12 hours. According to the logs there have been more than 1000 different IPs attacked the site..... *_*.

I wish they have some tools to automate the IP block in SSH, like just block any IP has more than X connections, wouldnt be too difficult. I had to go ban 1 by 1, which took me a whole nite....


Im gonna implement catpcha to prevent bots from visiting the site when the server is on high , and the fuse mod which will take the whole site down if the server load is too high. But still this experience proves that such attack can be reduced only.

[mattsiegman]

Hmmm.... Maybe you could turn off PHP and disable your site, see if they go away?

[spr]

Interesting, actually I did (back then) put die() in all the script.
I wonder if there is someway to limit connection per IP (on apache?), we wouldnt want 30 connections from the same IPs. Well, it can turn down some visitors who are on the same LAN, but we only turn that limit on when we are under attactk. Plus it's better that only some ppl cant access the site rather than no-one can access it.

[mattsiegman]

:shrugs:

I dunno man.