Being attacked by DDos

Discussion in 'Install/Configuration' started by bigjl, Nov 4, 2011.

  1. bigjl

    bigjl New Member

    Hi there,
    One of my website has been getting ddos attack for a couple of months. The site is hosted on my dedicated server which managed under WHM.
    The site is getting around 36k-47k hits everyday and the bandwidth is around 3-4G per day.
    I found that litespeed has build-in feature for anti-ddos-attach so I installed a trial version on WHM.
    But there is no getting better. The hits still come along and the bandwidth still goes high. Here is my configuration on Per Client Throttling.

    Static Requests/second: 0
    Dynamic Requests/second: 2
    Outbound Bandwidth (bytes/sec): 0
    Inbound Bandwidth (bytes/sec): 0
    Connection Soft Limit: 5
    Connection Hard Limit: 20
    Block Bad Request: Yes
    Grace Period (sec): 15
    Banned Period (sec): 300

    Intel i5 2.99
    16GB RAM
    2TB HDD Raid10
    cPanel/WHM

    Any suggestions?
    Many thanks!
  2. mistwang

    mistwang LiteSpeed Staff

    Is the attack a GET flood? Can you tell which URL the botnet abuse?
    For large scale attack, the built-in anti-DDoS may not able to stop, it is depends on the size of the botnet and how aggressive the robot behave.

    Our antiDDoS proxy service will be live soon, maybe you can give it a try.
  3. anewday

    anewday Moderator

    Set Static Requests/second to something around 5. 0 is unlimited.
  4. bigjl

    bigjl New Member

    Thnx mistwang,
    I wonder how I know it is a GET flood?
    There are huge amount of traffic going to the home page of the site "/"
    The user agencies below had the most hits
    check_http/v1.4.14 (nagios-plugins 1.4.14)
    Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2
  5. bigjl

    bigjl New Member

    Thnx anewday,
    I have changed the setting and see if there is any improvement. Thank you.
  6. NeustarRick

    NeustarRick New Member

    DDoS Protection

    Unfortunately there is no way to protect your bandwidth usage at the permiter. The only way to fully protect your systems and your bandwidth usage is with a cloud based DDoS service like the one from Neustar (http://www.ultradns.com/ddos-protection/siteprotect/what-is-siteprotect).

    Another tool set which you may want to look at is UltraTools.com which is 100% free.

    Full disclosure I work at Neustar.

    Rick
  7. mistwang

    mistwang LiteSpeed Staff

    We have a solution to detect if the request is sent by botnet or a real user, if detected botnet, our service will block those IPs at firewall level.
    I recommend you sign up with our anti-ddos proxy service when it become available (probably this coming Monday).
    It is free during our trial period.
  8. mistwang

    mistwang LiteSpeed Staff

  9. bigjl

    bigjl New Member

    Thanks mistwang for your reply.
    My website is hosted in the UK and if I use your proxy does my website loading speed become slow?
    Thanks
  10. mistwang

    mistwang LiteSpeed Staff

    The global WAN speed should be very fast those days, you can give it a try from your location by update "/etc/hosts" by pointing your domain to our proxy server, see if the speed is good.
    I think it should be better than being taken down by botnet even if it was indeed slightly slower.
  11. bigjl

    bigjl New Member

    I have got the proxy set up.
    In the knowledge base, it says that "update your DNS record of that domain to point to “assigned IP”, which is proxy server IP".
    Does it mean the nameservers or "A" record for www ?
    Thanks
  12. mistwang

    mistwang LiteSpeed Staff

    A record for www.

Share This Page