New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
That's called a DeeDoos
Just shut down your server.
A DoS is not always big that it causes VAC to interfere, sometimes it is small and consumes a lot of bandwidth legitimately in an attempt to get you suspended for exceeding your bandwidth limit.
If it's a udp flood it's normal that you see nothing with netstat. Use tcpdump or tshark to analyze the traffic.
# hiresysadmin
apt-get install vnstat?
or
apt-get install bwm-ng?
Thank to Francesco form BuyVM I know now that am under "NTP amplification attack".
I dont have access to DDoS firewall (am on SYS) so I have to wait for it to end .
Someone got an idea how can be stopped?
Since it's not large enough to activate the DDoS filtering, you could simply block incoming NTP traffic
iptables -I INPUT -p udp --source-port 123 -j DROP
I don't think you have a strict bandwidth limit?
True just drop it.
Thank you! No, there is no bandwidth limit but am afraid if this goes for days and one day they will suspend me.
What about just open the tcp/udp that you need and close all that you dont
The command I provided only blocks it from hitting your applications, so that it doesn't affect your services as long as iptables can keep up with it (which it should if it's less than 1gbps and not activating firewall). I don't think they'd suspend you for getting an attack though.
Should I just exicute that command only one time without to add or change something?
Also try to get a couple of vps and work with a load balancer that works only with private ips for backend
Hm, what does that have to do with anything?
You need that to run every time the interface is reloaded. If you're on Ubuntu/Debian, see https://help.ubuntu.com/community/IptablesHowTo#Configuration_on_startup
Can't be DeeDoss she was a cute blonde. Dee Doss--n
Simple if the loadbalancer got screwed you just have to redirect your domain to one of the backend ips.
So at the time your balancer is okay just redirect the IP one more time.
That is an option in my opinion :P
@perennate should I change the INPUT to eth0 or should I type the command as it is?
p.s Am on centos
Thank you.
The INPUT is a built-in chain in the iptables firewall. It will be used for packets destined for the server. So keep it as is.
On CentOS I think you just need service iptables save
How can I do it?
Install csf on centos it will be more easy to manage the firewall
csf is installed but there is no effect from it
TESTING = "1"
just check it one more time, just in case you forgot to change it.
Sure its 0. Also Syn flooding enabled.
Is yout tcp/udp in/out config configured with all that you need?
Can't you just drop UDP via OVH?
Am at SoYouStart. NO access to firewall
What about changing IP and hiding new IP behind Cloudflare?
No chance to do it. Am hosting over 200 sites with private nameservers.