How can you stop things like DDOS and brute force attacks?

Hi there,
How can you stop things like DDOS and brute force attacks?
Thanks in advance
Depends on how bad the attack is.

If you're in WordPress, there are plugins like Wordfence Security which will block IPs and Countries and does a decent job on a small scale. Sometimes a Software Firewall on the server level will take care of it, other times you need the protection at the datacenter level (null routing IPs, hardware devices, etc). If you're using a cloud service CDN (MaxMind, Cloudflare, Google), they have setups in place to mitigate attacks without you having to be involved.

So it all depends on the level of attack, what the attack type is, and then that determines the route for defense and blocking.

If you are currently under attack, you need to alert your upstream host/datacenter ASAP to prevent action on their end which may take down your servers, and accounts of your clients.
 
For Bruitforce, you may enable Web Based Firewall and do check if IP Table rules are set correctly if you talk about DDoS, then there is no such way to avoid it completely.

You can mitigate the attack with Soft and the actual firewall system, but yes for small-scale attacks you can use CDN and another distribution network
 
As a starting point, it’s important to ensure that your web servers are protected from brute-force attacks. Attackers will aim to get access to a server or temporarily cause it to be unresponsive. Brute force attack involves trying thousands or potentially millions of passwords until the correct password is found. You can also use DDoS protections with Web Application Firewalls (WAF). This can either be achieved with a WAF technology offered by the cloud provider, or through a third-party vendor.
 
You can null route any IP address(es) having more then predefined number of connections to your server. For that, create a bash script with the following content :

#!/bin/bash

# Null Route IP after more then "Number" connections:
netstat -an | awk -vmax=14 '/tcp/{split($5,a,":"); if(a[1] > 0 && a[1]!="0.0.0.0"){c[a[1]]++}} END{for(ip in c){if(c[ip]>max){print ip}}}' | while read ip; do route add $ip gw 127.0.0.1 lo; done;


Where -vmax=14 is the number of simultaneous connections each IP have established to the server, 14 in this example. Name this file as NullRoute.sh and Place it under /root folder. Make file executable with following SSH command :

# chmod +x NullRoute.sh

Then create cron job to run that file every 5 minute by adding following directive in the file /var/spool/cron/root

*/5 * * * * /bin/bash /root/NullRoute.sh

Hope this helps.
 
Increase your bandwidth capacity: The more bandwidth you have available, the more traffic your server can handle. This will help prevent your server from being overwhelmed by the volume of traffic generated by the DDoS attack.

Use a content delivery network (CDN): A CDN can help distribute traffic across multiple servers and data centers, reducing the impact of a DDoS attack.

Implement anti-DDoS software: There are several anti-DDoS software solutions available that can detect and block malicious traffic before it reaches your server.

Configure firewalls: A properly configured firewall can help block traffic from known malicious IP addresses and prevent certain types of attacks.

Utilize a DDoS protection service: Many hosting providers offer DDoS protection as a service, which can help mitigate and stop DDoS attacks before they reach your server.

By taking these steps, you can help protect your website and network from the damaging effects of DDoS attacks.
 
From small attacks on the web server, setting the Rate Limit can be useful.
This will especially help at the first stage of the fight against the attack, in order to reduce its scale and the server began to respond in order to carry out other, more serious measures.
 
Increase your bandwidth capacity: The more bandwidth you have available, the more traffic your server can handle. This will help prevent your server from being overwhelmed by the volume of traffic generated by the DDoS attack.

Use a content delivery network (CDN): A CDN can help distribute traffic across multiple servers and data centers, reducing the impact of a DDoS attack.

Implement anti-DDoS software: There are several anti-DDoS software solutions available that can detect and block malicious traffic before it reaches your server.

Configure firewalls: A properly configured firewall can help block traffic from known malicious IP addresses and prevent certain types of attacks.

Utilize a DDoS protection service: Many hosting providers offer DDoS protection as a service, which can help mitigate and stop DDoS attacks before they reach your server.

By taking these steps, you can help protect your website and network from the damaging effects of DDoS attacks.
Increase your bandwidth capacity - is not an option. To avoid attacks you can opt for DDOS protection, hardware firewall or sometime software tweaks also helps.
 
Host your site with a provider that has DDOS protection + use cloudflare or other proxy DNS services.

Thanks,
Ryan
 
Hi there,
How can you stop things like DDOS and brute force attacks?
Thanks in advance
Using a Content Delivery Network (CDN) and implementing authentication methods can be extremely advantageous in this particular scenario. Additionally, having security measures like AntiDDos equipment can serve as a solution to protect against and mitigate these undesired attacks.
 
We have been using Cloudflare proxy and never had any issues, as well as some internal hardware for the mitigation + external DDoS Protection from Path.net
 
Hello there.

there are several types of attacks. First of all, to begin with, you must start by knowing the principle of the Internet, including the OSI model. There are the low layers (3/4), and the high layers (notably 7). A volumetric DoS/DDoS attack more commonly affects the lower layers (3/4), if you run Wireshark there is a chance that you will see packets like DNS/NTP responses. Basically, the process is that the attacker spoofs packets to recursive servers, and sends less data than you receive on your target server. Hence the name "DNS amplification" or "NTP amplification".

There are other types of amplifications, a little more violent (we can cite memcached which, it seems to me, generated an attack exceeding Tbps)

Attacks on layer 7 (application layer) are a little simpler to manage. For example, HTTP uses this layer. Generally if your site receives an HTTP flood (in concrete terms you receive a large number of HTTP requests), you must impose a rate limit, and possibly ban the IPs which are too heavy on the server. To do this, simply associate iptables with your application. If it's on a web application, you can add www-data as sudoers and put code like shell_exec("sudo iptables -A INPUT -s xx.xx.xx.xx -j DROP"). For my part, I have been practicing this way for a long time, in fact by the time the attack is automatically completely filtered the site is slow or inaccessible, but after a few minutes it is over.

Wordpress were once quite stupid to implement XMLRPC pingbacks natively and enabled by default, because it allowed attackers to launch some pretty violent attacks.
 
Go with a provider that has REAL ddos mitigation. They will stop the bad traffic before it even gets to your website if they have in-line protection. They would typically use some inline device like Corero or use a 3rd party scrubbing service with GRE tunnels to their edge routers to filter the bad traffic and then send the clean traffic back to them. It gets pretty involved but as an end user, you'd never have to deal with that stuff :)
 
what gets me is the amount of attacks you get through the Amazon AWS system and all you get from them , they will inform their client of this and then you will get ' our client is a research company and they are only indexing websites' , so when was attempting to access servers called indexing websites.
 
Problematic situations are occurring more frequently. It is unfortunate that there are not as many solutions available.
 
DDoS attacks are carried out to target a host and interfere or pause (sometimes stop) its services. Generally, two or more persons, or bots send the DDoS attacks. I prefer to choose a host who provides a venture-class DDoS protection services against of all known DDoS attacks and makes solid firewall between your site (or server) and whatever remains of the web.
 
While completely stopping attacks is tough, there are ways to mitigate them:
  • DDoS: Use DDoS protection services that filter out malicious traffic.
  • Brute force: Apply strong passwords & limit login attempts to prevent unauthorized access.
 
The use of firewalls is good for mitigating DDoS attacks, however, completely stopping them can be tough - on my personal server, I only have port 42069 (Custom SSH port) and 443 open as I use a private docker network for everything else such as databases, HTTP, etc....

As for brute force, simply use a strong password or no password at all - I personally use a different SSH port, disable the root account and use SSH key authentication.
 
Back
Top