Ddos attack

Heaven

Member
Feb 6, 2014
38
5
Hi dear,

I have the latest time problems that my website goes down. I use cloudflare around8 months ago, but now, i don't know how to fix this. I use a windows VPS OVH.
I really tried everything but I can't get it fixed anymore and I am at my wits' end. Does anyone know what I can do? Or someone who can help me for a moment?

Thanks!
 

Johno

:: xHosts :: www.xhosts.uk
Sep 12, 2011
586
255
Are you seeing traffic spikes on cloudflare ? You do not close port 80 exactly but limit the traffic to port 80 to only allow traffic from Cloudflare based IP addresess using domain and IP restrictions addon for IIS
 

Heaven

Member
Feb 6, 2014
38
5
Are you seeing traffic spikes on cloudflare ? You do not close port 80 exactly but limit the traffic to port 80 to only allow traffic from Cloudflare based IP addresess using domain and IP restrictions addon for IIS
Ye i saw traffic spikes on cloudflare, and i set it up ip domain restrictions and slow loris prevention
 

Johno

:: xHosts :: www.xhosts.uk
Sep 12, 2011
586
255
next time you are attacked take a look, it can sometimes take a while to load depending on the size of the attack, this will show you the attack pattern and IP addresses, most of the time the IP addresses will belong to the same ASN and you can firewall using CloudFlare
 

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
next time you are attacked take a look, it can sometimes take a while to load depending on the size of the attack, this will show you the attack pattern and IP addresses, most of the time the IP addresses will belong to the same ASN and you can firewall using CloudFlare
Using IIS how do you block all but cloudflare IP addresses?
 

Morohara

Member
May 18, 2020
92
55
You could try increasing your connection limit on your apache?
(But only if its a layer 7 ddos) as this directly effects your apache not your vps as a whole, your main give away is "service is unavailable" when trying to load your /index.

Edit; Can you show your apache logs? it should be where your cms is located under a folder called "logs".
 
Last edited:

Shxrty

Shorty#1960
Mar 31, 2018
629
163
Send me a PM with your Discord. Attack patterns can change every single minute, thats why you need to investigate it closely.
Just solve it here to help other people who get this issue.

on another note, Have you tried @NOC 's Method? another way to prevent a Layer 7 DDOS attack is to buy a HTTP Reverse Proxy (Using cloudflare) and have them ramp it up all the way, they range from 5-20$. But they do sure work, i was getting ddosed daily by a man named Justin owner of Zabbo because we advertised on his hotel and i contacted my hosting company and had them make a special Reverse proxy to limit the connections and it depleted Justins attacks, site loaded and worked fine. Hopefully you get this fixed.
 

yoyok

Member
Apr 24, 2013
197
24
Just solve it here to help other people who get this issue.

on another note, Have you tried @NOC 's Method? another way to prevent a Layer 7 DDOS attack is to buy a HTTP Reverse Proxy (Using cloudflare) and have them ramp it up all the way, they range from 5-20$. But they do sure work, i was getting ddosed daily by a man named Justin owner of Zabbo because we advertised on his hotel and i contacted my hosting company and had them make a special Reverse proxy to limit the connections and it depleted Justins attacks, site loaded and worked fine. Hopefully you get this fixed.

How can i monitor DDoS attacks for him through a thread? Don't tell him just to use Cloudflare and do 100 other Firewall related settings, but if he have as example port 8080 open it bypass all Cloudflare (WAF) protection.

Like i said earlier, attacks have many difference methods, sometimes it's Layer 7, often Layer 4, rarely Slowloris, etc.
Don't underestimate botnet networks these days. Need to be viewed correctly and mitigated.
 

Shxrty

Shorty#1960
Mar 31, 2018
629
163
How can i monitor DDoS attacks for him through a thread? Don't tell him just to use Cloudflare and do 100 other Firewall related settings, but if he have as example port 8080 open it bypass all Cloudflare (WAF) protection.

Like i said earlier, attacks have many difference methods, sometimes it's Layer 7, often Layer 4, rarely Slowloris, etc.
Don't underestimate botnet networks these days. Need to be viewed correctly and mitigated.
Most "DDoS" attacks are all HTTP Post Flooders thats all it is, like i said i contacted my host, and before making a thread about it why not try doing a quick google search? theres multiple methods on how to prevent these attacks from happening. I see your reasoning tho.
 

Morohara

Member
May 18, 2020
92
55
Layer 7 ddos work by overloading your apache connection limit that's why when a user or someone tries to connect you receive the error "service unavailable".

The easiest way to fix a "Layer 7" DDOS attack is just make iptables on your apache server and setup a reject method to reject any ip that is repeatedly asking for the same information. Monitoring the people doing the attack they were using the server hosting company psychz to perform their attacks only using one vps to overload your connection limit. Although the method posted from NOC regarding blocking an ip would work something of a larger scale sadly would not as who would want to sit there and block multiple ips.

Your apache server regarding this method of blocking that i've posted should work as it worked aslong as its a layer 7 attack.
 

Hypothesis

Programmer
Jan 6, 2019
524
361
If you are using IIS, just download IP Address and Domain Restriction as an addon, then set the max concurrent requests to 5 and the maximum number of requests to 5. Add the security tag to your web.config along with the dynamic IP headers. This will automatically block any IP address that attempts to continuously flood a certain path, which is what most of these attacks appear to do. No one can actually down the server, only use a GET or header method to flood your website, however the above should fix it.

You could try increasing your connection limit on your apache?
(But only if its a layer 7 ddos) as this directly effects your apache not your vps as a whole, your main give away is "service is unavailable" when trying to load your /index.

Edit; Can you show your apache logs? it should be where your cms is located under a folder called "logs".

This would do nothing as the request load could just be increased with a stronger amount of bots. The efficient way would be to block the request if it exceeds a certain amount as seen above.
Layer 7 ddos work by overloading your apache connection limit that's why when a user or someone tries to connect you receive the error "service unavailable".

The easiest way to fix a "Layer 7" DDOS attack is just make iptables on your apache server and setup a reject method to reject any ip that is repeatedly asking for the same information. Monitoring the people doing the attack they were using the server hosting company psychz to perform their attacks only using one vps to overload your connection limit. Although the method posted from NOC regarding blocking an ip would work something of a larger scale sadly would not as who would want to sit there and block multiple ips.

Your apache server regarding this method of blocking that i've posted should work as it worked aslong as its a layer 7 attack.
Pretty sure IPtables is used for Linux based servers, not Windows, which is what most retros use, either IIS or NGINX as the webserver. Also, Psychez Networks is a hosting company that allows spoofed methods, which is what I assume the HTTP flood they are using requires. Also, there would be no reason to sit there and block multiple IPs when IIS has a built-in addon that does it for you. Either use that or switch to NGINX and use a load balancer and also redirect all traffic exceeding the limit to a nulled route.
 
Last edited:

Users who are viewing this thread

Top