how to prevent ddos attack

Status
Not open for further replies.
Identify a DDoS Attack Early

If you run your own servers, then you need to be able to identify when you are under attack. That's because the sooner you can establish that problems with your website are due to a DDoS attack, the sooner you can start to do something about it.

To be in a position to do this, it's a good idea to familiarize yourself with your typical inbound traffic profile; the more you know about what your normal traffic looks like, the easier it is to spot when its profile changes. Most DDoS attacks start as sharp spikes in traffic, and it's helpful to be able to tell the difference between a sudden surge of legitimate visitors and the start of a DDoS attack.
 
As others have mentioned, you cannot 'prevent' a DDOS attack. You can help mitigate it, but that is really about all you can do.

Cloudflare is an excellent option and can help you drastically reduce this

Another great option is Litespeed. I've found this to handle requests, etc, so much better.

Thirdly, a good IPtables interface. CSF comes to mind. Setup the rules properly and you'll be golden.

Using all of the above , you should be pretty well set when fighting off attackers.
 
The only true way to prevent DDOS attacks is to not have a website, but that is not an option so as many have said you can take steps ti mitigate it.

The most cost effective way is to find a host that offers true mitigation against Layer 3/4 attacks and the much harder to detect Layer 7 attacks, combine this with Cloudflare and you should be safe from all but the most aggressive attackers.
 
DBH Web said:
The only true way to prevent DDOS attacks is to not have a website, but that is not an option so as many have said you can take steps ti mitigate it.

The most cost effective way is to find a host that offers true mitigation against Layer 3/4 attacks and the much harder to detect Layer 7 attacks, combine this with Cloudflare and you should be safe from all but the most aggressive attackers.
Click to expand...

Fortunately majority of attacks are not in the category of "most aggressive attackers "
 
I have seen DDOS attack, Go after ports at were blocked by CSF Firewall. The DC still flagged the ip address for 24 hours.

There are different types of DDOS attack. Like if they go after the ip address with a random port. It does not seem like cloud flare is going to protect you.

If I was looking for true ddos protection, would need it to check all traffic to the server itself. Then block all traffic to the port being DDOS attack. This option does cost alot but it would be the best option to stop DDOS attacks.
 
You can go with hosting company who can provide DDOS protected Hosting services Or you can get Cloudflare services. now there are many hosting providers who can offer these services as an addon.
 
Some people get DDOS and Brute force attacks confused. Perhaps you should provide some more details, as for me there have been a few questions raised.
 
the only way to not be at risk sadly of DDOS attacks is to not be on the Internet =(.

Reality, you can host sites that should not attract attention, host with a low risk host , host on your own server etc etc.

Regardless, sad to say DDOS is very active out their and can effect anyone now days =(.
 
Here are some general guidelines for you to prevent the DDOS Attack -

1. Always check Raw access logs from cPanel and block the suspicious IP if any from IP deny manager in cPanel.
2. Maintain strong security on the computer that you use to manage your website.
3. Choose third party scripts carefully.
4. Keep third party scripts up to date.
5. Do not run vulnerable softwares/Applications on a machine or network.
 
Not quite what this topic is about, but if you want to see the top 10 IPs with the most connections something like this will show you quickly what they are.

netstat -natp |grep "tcp\|udp" | grep -v 0.0.0.0 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head -12 | tail -10

to see an updated display every 3 seconds

while true
do

clear
netstat -natp |grep "tcp\|udp" | grep -v 0.0.0.0 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head -12 | tail -10
sleep 3

done
 
rakesh_88 said:
Hi friends how can I prevent DDOS attack ,I can not pay highly paid softwares
Click to expand...

If you're talking about web server you have only few options:

1. Using CloudFlare.
Pro: it's good for the money
Con: it's not free

2. Using Apache mod_evasive.
It working like fail2ban if you have used it but for Apache.
Pro: it can help you with simple attacks.
Con: won't help if you attacked by big botnet if your uplink is just overwhelmed by their requests.

3. Manual mode.
You can manually block IP subnets from where you attacked.
Pro: simple and free.
Con: efficiency is low and you will do that while your server is already attacked and overloaded.

I can suggest you to spent some money to the CloudFlare if your website can be attacked or configure mod_evasive if you need to just to be prepared.

Good luck.
 
rakesh_88 said:
Hi friends how can I prevent DDOS attack ,I can not pay highly paid softwares
Click to expand...

Any sort of decent DDOS protection will be at some higher cost ... You can start free with a couple of solutions that have a plan to upgrade to in case your under attack:

CloudFlare and Incapsula

We use both / CloudFlare offers you the ability to host your zone records and use their GEO DNS ...

Incapsula you will use your own DNS but point (A) Record / CName to their services.

Dave
 
Hello Rakesh,

You could choose a server from the hosting companies which provides DDOS protection. If you are the server administrator you could also use the CSF firewall, external firewalls, Ip filtering techniques etc.

You could Prevent DDOS attack by using the cloudflare service to reroute the Good and Bad requests to your Website.

MOD NOTE: Post edited for self-promotional content.
 
Status
Not open for further replies.

Supporters

Back
Top