Being attacked by DDos

#1
Hi there,
One of my website has been getting ddos attack for a couple of months. The site is hosted on my dedicated server which managed under WHM.
The site is getting around 36k-47k hits everyday and the bandwidth is around 3-4G per day.
I found that litespeed has build-in feature for anti-ddos-attach so I installed a trial version on WHM.
But there is no getting better. The hits still come along and the bandwidth still goes high. Here is my configuration on Per Client Throttling.

Static Requests/second: 0
Dynamic Requests/second: 2
Outbound Bandwidth (bytes/sec): 0
Inbound Bandwidth (bytes/sec): 0
Connection Soft Limit: 5
Connection Hard Limit: 20
Block Bad Request: Yes
Grace Period (sec): 15
Banned Period (sec): 300

Intel i5 2.99
16GB RAM
2TB HDD Raid10
cPanel/WHM

Any suggestions?
Many thanks!
 

mistwang

LiteSpeed Staff
#2
Is the attack a GET flood? Can you tell which URL the botnet abuse?
For large scale attack, the built-in anti-DDoS may not able to stop, it is depends on the size of the botnet and how aggressive the robot behave.

Our antiDDoS proxy service will be live soon, maybe you can give it a try.
 
#4
Is the attack a GET flood? Can you tell which URL the botnet abuse?
For large scale attack, the built-in anti-DDoS may not able to stop, it is depends on the size of the botnet and how aggressive the robot behave.

Our antiDDoS proxy service will be live soon, maybe you can give it a try.
Thnx mistwang,
I wonder how I know it is a GET flood?
There are huge amount of traffic going to the home page of the site "/"
The user agencies below had the most hits
check_http/v1.4.14 (nagios-plugins 1.4.14)
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2
 

mistwang

LiteSpeed Staff
#7
Thnx mistwang,
I wonder how I know it is a GET flood?
There are huge amount of traffic going to the home page of the site "/"
The user agencies below had the most hits
check_http/v1.4.14 (nagios-plugins 1.4.14)
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2
We have a solution to detect if the request is sent by botnet or a real user, if detected botnet, our service will block those IPs at firewall level.
I recommend you sign up with our anti-ddos proxy service when it become available (probably this coming Monday).
It is free during our trial period.
 
#9
Thanks mistwang for your reply.
My website is hosted in the UK and if I use your proxy does my website loading speed become slow?
Thanks
 

mistwang

LiteSpeed Staff
#10
The global WAN speed should be very fast those days, you can give it a try from your location by update "/etc/hosts" by pointing your domain to our proxy server, see if the speed is good.
I think it should be better than being taken down by botnet even if it was indeed slightly slower.
 
#11
I have got the proxy set up.
In the knowledge base, it says that "update your DNS record of that domain to point to “assigned IP”, which is proxy server IP".
Does it mean the nameservers or "A" record for www ?
Thanks
 
Top