Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Being hit by DDoS attacks daily - please help

  1. #11
    Join Date
    Nov 2008
    Location
    S.H.I.E.L.D. 6-1-6
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Being hit by DDoS attacks daily - please help

    Quote Originally Posted by bunglehaze View Post
    Well it would appear that I am going to be asked to remove the server from the datacentre, I partially understand it from the standpoint of protecting their other clients but i really do not understand how a small server with no noxious or contentious content on any of the small local businesses I host would attract an attack big enough to cause an issue to affect the whole subnet.

    So the options available to me currently seem to be diminishing fast. What is the normal procedure in this situation? I do not have another datacentre nearby in which to transfer the server and I guess the only option is to move my clients all of to another provider.

    Really, really unhappy today.
    Right now, start with adding the free version of cloudflare to your site. Cloudflare will at least block the DDOS attacks.
    Don't waste your energy trying to change opinions ... Do your thing, and don't care if they like it.

  2. #12
    Join Date
    Oct 2008
    Beans
    25
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Being hit by DDoS attacks daily - please help

    Hi guys, a quick update:

    The datacentre sent the information upstream and had the server IP blocked and have said they are going to move me to another subnet away from other clients which will make it easier for them to traffic manage if it restarts so in the meantime although I have had a weekend of downtime I am not totally dead in the water as yet. The server is my own box housed in their facility and not a rented unit or VPS, I don't rent racks worth, just a single 1u rack so in terms of financial gain for them vs risk I can see this has caused a lot of work - perhaps though it has highlighted to them where their own network could be susceptible though as an attack could be directed at any of their clients.

    I had been looking at the likes of Cloudflare free but was under the impression that the free service sisnt do anything to mitigate DDoS, however if it is the case that it does I will set each client site up with the free service once I am back online and obviously my main priority is to see if I can find the target on the server or if it was directed at the server IP in general. If there is a specific target or application it will need to be dealt with to stop the same happening again.

    Over the weekend I did a lot more reading and saw that older versions of Joomla have been targeted by people, I know of at least one client still using an outdated version so will need to keep that one offline in the first instance while I see if it could be the cause - would mod security help in this type of instance though? I do not want to be adding tons of modules if they are just going to be eating resources although the server is vastly overpowered for the resources I need anyway (ironically to try and keep a good service level and uptime)

    regards

  3. #13
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Being hit by DDoS attacks daily - please help

    Why not suggest they update Joomla to the latest version? Running outdated software on a server exposed to the internet is a very bad idea.

    I don't know if the free version of cloudflare handles DDoS, but you can always contact them and ask.
    https://www.cloudflare.com/plans

    EDIT: Here you go:
    https://support.cloudflare.com/entri...and-Pro-plans-
    Last edited by CharlesA; May 20th, 2013 at 11:35 AM.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  4. #14
    Join Date
    Oct 2008
    Beans
    25
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Being hit by DDoS attacks daily - please help

    Charles, one of the sites running and old joomla is actually mid process of being migrated anyway, I was working on it as the DDoS occured, although the site is not 100% finished it is in a position where I can switch off the old site and work on it live so that is fine, the other that is possibly out of date is just going to be left offline unless they want me to upgrade it as I have warned them twice that they are using out of date software.

    The datacentre got back to me just now and confirmed that they tested a new approach yesterday in a lab environment and are happy with how it works in theory so they will push me on to it this afternoon or tomorrow so we can see how it goes full time. They have actually been quite reassuring that the idea may help them mitigate DDoS attacks in future and it would seem it may help them for other customers if something similar happens, it is an approach they wanted to put in place in the past but never had a need so I guess my attack has helped in some way to realise their action needed looking at.

    So now it is a case of waiting for them to call and let me know I have to ride over and change the IP address on the physical machine and with any luck it will work and stay up.

    regards

    Leigh

  5. #15
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Being hit by DDoS attacks daily - please help

    Well, that's good news then. Hopefully whatever they are working on will help mitigate the attack.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •