How can you stop things like DDOS and brute force attacks?
- Thread starter Aayushi
- Start date
Depends on how bad the attack is.
If you're in WordPress, there are plugins like Wordfence Security which will block IPs and Countries and does a decent job on a small scale. Sometimes a Software Firewall on the server level will take care of it, other times you need the protection at the datacenter level (null routing IPs, hardware devices, etc). If you're using a cloud service CDN (MaxMind, Cloudflare, Google), they have setups in place to mitigate attacks without you having to be involved.
So it all depends on the level of attack, what the attack type is, and then that determines the route for defense and blocking.
If you are currently under attack, you need to alert your upstream host/datacenter ASAP to prevent action on their end which may take down your servers, and accounts of your clients.
YouStable
Member
For Bruitforce, you may enable Web Based Firewall and do check if IP Table rules are set correctly if you talk about DDoS, then there is no such way to avoid it completely.
You can mitigate the attack with Soft and the actual firewall system, but yes for small-scale attacks you can use CDN and another distribution network
You can mitigate the attack with Soft and the actual firewall system, but yes for small-scale attacks you can use CDN and another distribution network
ITivan80
Member
As a starting point, it’s important to ensure that your web servers are protected from brute-force attacks. Attackers will aim to get access to a server or temporarily cause it to be unresponsive. Brute force attack involves trying thousands or potentially millions of passwords until the correct password is found. You can also use DDoS protections with Web Application Firewalls (WAF). This can either be achieved with a WAF technology offered by the cloud provider, or through a third-party vendor.
euro-space.net
New member
You can null route any IP address(es) having more then predefined number of connections to your server. For that, create a bash script with the following content :
#!/bin/bash
# Null Route IP after more then "Number" connections:
netstat -an | awk -vmax=14 '/tcp/{split($5,a,":"); if(a[1] > 0 && a[1]!="0.0.0.0"){c[a[1]]++}} END{for(ip in c){if(c[ip]>max){print ip}}}' | while read ip; do route add $ip gw 127.0.0.1 lo; done;
Where -vmax=14 is the number of simultaneous connections each IP have established to the server, 14 in this example. Name this file as NullRoute.sh and Place it under /root folder. Make file executable with following SSH command :
# chmod +x NullRoute.sh
Then create cron job to run that file every 5 minute by adding following directive in the file /var/spool/cron/root
*/5 * * * * /bin/bash /root/NullRoute.sh
Hope this helps.
#!/bin/bash
# Null Route IP after more then "Number" connections:
netstat -an | awk -vmax=14 '/tcp/{split($5,a,":"); if(a[1] > 0 && a[1]!="0.0.0.0"){c[a[1]]++}} END{for(ip in c){if(c[ip]>max){print ip}}}' | while read ip; do route add $ip gw 127.0.0.1 lo; done;
Where -vmax=14 is the number of simultaneous connections each IP have established to the server, 14 in this example. Name this file as NullRoute.sh and Place it under /root folder. Make file executable with following SSH command :
# chmod +x NullRoute.sh
Then create cron job to run that file every 5 minute by adding following directive in the file /var/spool/cron/root
*/5 * * * * /bin/bash /root/NullRoute.sh
Hope this helps.
UzmanHosting
New member
Increase your bandwidth capacity: The more bandwidth you have available, the more traffic your server can handle. This will help prevent your server from being overwhelmed by the volume of traffic generated by the DDoS attack.
Use a content delivery network (CDN): A CDN can help distribute traffic across multiple servers and data centers, reducing the impact of a DDoS attack.
Implement anti-DDoS software: There are several anti-DDoS software solutions available that can detect and block malicious traffic before it reaches your server.
Configure firewalls: A properly configured firewall can help block traffic from known malicious IP addresses and prevent certain types of attacks.
Utilize a DDoS protection service: Many hosting providers offer DDoS protection as a service, which can help mitigate and stop DDoS attacks before they reach your server.
By taking these steps, you can help protect your website and network from the damaging effects of DDoS attacks.
Use a content delivery network (CDN): A CDN can help distribute traffic across multiple servers and data centers, reducing the impact of a DDoS attack.
Implement anti-DDoS software: There are several anti-DDoS software solutions available that can detect and block malicious traffic before it reaches your server.
Configure firewalls: A properly configured firewall can help block traffic from known malicious IP addresses and prevent certain types of attacks.
Utilize a DDoS protection service: Many hosting providers offer DDoS protection as a service, which can help mitigate and stop DDoS attacks before they reach your server.
By taking these steps, you can help protect your website and network from the damaging effects of DDoS attacks.
Increase your bandwidth capacity - is not an option. To avoid attacks you can opt for DDOS protection, hardware firewall or sometime software tweaks also helps.
Greenhost.cloud
Member
Using a Content Delivery Network (CDN) and implementing authentication methods can be extremely advantageous in this particular scenario. Additionally, having security measures like AntiDDos equipment can serve as a solution to protect against and mitigate these undesired attacks.
AlienVPS.com
Member
Setup CloudFlare for your domain (the pro version) and BitNinja for server security.
freakhosting
New member
We have been using Cloudflare proxy and never had any issues, as well as some internal hardware for the mitigation + external DDoS Protection from Path.net
Hello there.
there are several types of attacks. First of all, to begin with, you must start by knowing the principle of the Internet, including the OSI model. There are the low layers (3/4), and the high layers (notably 7). A volumetric DoS/DDoS attack more commonly affects the lower layers (3/4), if you run Wireshark there is a chance that you will see packets like DNS/NTP responses. Basically, the process is that the attacker spoofs packets to recursive servers, and sends less data than you receive on your target server. Hence the name "DNS amplification" or "NTP amplification".
There are other types of amplifications, a little more violent (we can cite memcached which, it seems to me, generated an attack exceeding Tbps)
Attacks on layer 7 (application layer) are a little simpler to manage. For example, HTTP uses this layer. Generally if your site receives an HTTP flood (in concrete terms you receive a large number of HTTP requests), you must impose a rate limit, and possibly ban the IPs which are too heavy on the server. To do this, simply associate iptables with your application. If it's on a web application, you can add www-data as sudoers and put code like shell_exec("sudo iptables -A INPUT -s xx.xx.xx.xx -j DROP"). For my part, I have been practicing this way for a long time, in fact by the time the attack is automatically completely filtered the site is slow or inaccessible, but after a few minutes it is over.
Wordpress were once quite stupid to implement XMLRPC pingbacks natively and enabled by default, because it allowed attackers to launch some pretty violent attacks.
there are several types of attacks. First of all, to begin with, you must start by knowing the principle of the Internet, including the OSI model. There are the low layers (3/4), and the high layers (notably 7). A volumetric DoS/DDoS attack more commonly affects the lower layers (3/4), if you run Wireshark there is a chance that you will see packets like DNS/NTP responses. Basically, the process is that the attacker spoofs packets to recursive servers, and sends less data than you receive on your target server. Hence the name "DNS amplification" or "NTP amplification".
There are other types of amplifications, a little more violent (we can cite memcached which, it seems to me, generated an attack exceeding Tbps)
Attacks on layer 7 (application layer) are a little simpler to manage. For example, HTTP uses this layer. Generally if your site receives an HTTP flood (in concrete terms you receive a large number of HTTP requests), you must impose a rate limit, and possibly ban the IPs which are too heavy on the server. To do this, simply associate iptables with your application. If it's on a web application, you can add www-data as sudoers and put code like shell_exec("sudo iptables -A INPUT -s xx.xx.xx.xx -j DROP"). For my part, I have been practicing this way for a long time, in fact by the time the attack is automatically completely filtered the site is slow or inaccessible, but after a few minutes it is over.
Wordpress were once quite stupid to implement XMLRPC pingbacks natively and enabled by default, because it allowed attackers to launch some pretty violent attacks.
Go with a provider that has REAL ddos mitigation. They will stop the bad traffic before it even gets to your website if they have in-line protection. They would typically use some inline device like Corero or use a 3rd party scrubbing service with GRE tunnels to their edge routers to filter the bad traffic and then send the clean traffic back to them. It gets pretty involved but as an end user, you'd never have to deal with that stuff 
easyhostmedia
Well-known member
what gets me is the amount of attacks you get through the Amazon AWS system and all you get from them , they will inform their client of this and then you will get ' our client is a research company and they are only indexing websites' , so when was attempting to access servers called indexing websites.
Develosmuth
New member
DDoS attacks are carried out to target a host and interfere or pause (sometimes stop) its services. Generally, two or more persons, or bots send the DDoS attacks. I prefer to choose a host who provides a venture-class DDoS protection services against of all known DDoS attacks and makes solid firewall between your site (or server) and whatever remains of the web.
Cantech Networks
New member
While completely stopping attacks is tough, there are ways to mitigate them:
- DDoS: Use DDoS protection services that filter out malicious traffic.
- Brute force: Apply strong passwords & limit login attempts to prevent unauthorized access.
Forum supporters
Save 37% Off Plesk License
Official Plesk Partner, Instant License Delivery, No Contract Commitment. Grab Your Savings NOW!
cplicense.net
Official Plesk Partner, Instant License Delivery, No Contract Commitment. Grab Your Savings NOW!
cplicense.net
Up to 30% Off on KVM VPS
Significant discounts on KVM VPS SSD. Worldwide Locations. Full Root Access. Instant Deployment.
greenwebpage.com
Significant discounts on KVM VPS SSD. Worldwide Locations. Full Root Access. Instant Deployment.
greenwebpage.com