Support

freeballt · #1 04-17-2012, 12:10 PM

I'm using cloudflare with my litespeed installation and have been getting hit with a DDOS lately. I have the server setup so that it only allows 7 dynamic requests from a user per second. My logs show a number of ips requesting the same file several times a second (over 10). I suspect since I'm using cloudflare and have those IP's whitelisted, that the DDOS ips aren't being blocked.

In addition, is there a way to block IPs without going through the interface, such as using a ssh command?

webizen · #2 04-18-2012, 12:04 PM

http://www.litespeedtech.com/support...ead.php?t=5865

damoncloudflare · #3 04-18-2012, 03:29 PM

Quote:

Originally Posted by freeballt

I'm using cloudflare with my litespeed installation and have been getting hit with a DDOS lately. I have the server setup so that it only allows 7 dynamic requests from a user per second. My logs show a number of ips requesting the same file several times a second (over 10). I suspect since I'm using cloudflare and have those IP's whitelisted, that the DDOS ips aren't being blocked.

In addition, is there a way to block IPs without going through the interface, such as using a ssh command?

Just a quick note that you might want to consider using CloudFlare's DDoS mitigation feature as an option as well (don't know how the large the attack is you're trying to manage).

freeballt · #4 04-19-2012, 01:42 PM

Quote:

Originally Posted by damoncloudflare

Just a quick note that you might want to consider using CloudFlare's DDoS mitigation feature as an option as well (don't know how the large the attack is you're trying to manage).

The 5s wait thing is annoying to my users. Ive had complaints about it.

I limited dynamic requests to 1 a second, and there are NO ips in the temporary ban list. There is obviously a problem with using cloudflare or some other proxy service and ip banning with litespeed.

damoncloudflare · #5 04-19-2012, 01:59 PM

"The 5s wait thing is annoying to my users. Ive had complaints about it."

Do you think there is something we can do to improve the messaging?

freeballt · #6 04-19-2012, 02:05 PM

It's an issue with the message and having to wait 5 seconds. Obviously I don't know what you guys are doing behind the scenes during those 5 seconds, but it makes no sense why you guys would display that message or any prompt (seems unnecessary, or rather advertising).

Having said that, I think if you guys offered a service where we could skin our own captcha page that is well worth a premium subscription.

damoncloudflare · #7 04-19-2012, 02:26 PM

"Having said that, I think if you guys offered a service where we could skin our own captcha page that is well worth a premium subscription."

Being worked on (don't know the account level type that will be offered with yet).

"It's an issue with the message and having to wait 5 seconds. Obviously I don't know what you guys are doing behind the scenes during those 5 seconds, but it makes no sense why you guys would display that message or any prompt (seems unnecessary, or rather advertising)."

Don't think there is an easy solution for the 5 seconds (will mention it). Basically, we're running some checks on the visitor to see if they exhibit behaviors of a botnet or other type of attack (generally have some specific signatures during a DDoS). I'm sure we'll figure out a way to speed it up.