how to do when your website suffer DDOS attack

edisonvpb

New member
Joined
Dec 1, 2015
Messages
35
Points
0
Firstly How to determine whether the server has been DDOS attack
Either renting or server hosting, no one has been to ensure smooth sailing. generally exhibit after the server suffers DDOS, CC attack : website stuff seriously , or not open when you visit the Web site , or open the prompt "server unavailable", after the refresh it is still the case , the server remotely difficult , very tough to use remote connection to the desktop card , or the remote into the desktop is black. Some users could just go in a remote desktop connection , but operational difficulties , CPU at 100 percent , memory usage is high , the server has been paralyzed.

Let us talk about How to do When the server is under DDOS attack
1. Ensure that all servers use the latest systems , and security patches . Computer Emergency Response Coordination Center found that nearly every system by DDoS attacks are not patched in time .

2. Ensure that administrators check on all hosts , not just for key host. This is to ensure that each host system administrator to know what is running ? Who is using the host ? Who can access the host ? Otherwise , even if the hacker violated the system , it is difficult to identify .

3.Make sure to remove unused services from the appropriate directory server or file database , such as FTP or NFS. Wu-Ftpd like that, there are some known vulnerabilities , hackers can gain access to the system through the root privilege attack , and can access other systems and even protected by a firewall system.
4. To ensure that all services running on Unix has TCP wrappers to limit access to the host.

5. Disable internal network through Modem connecting to the PSTN system. Otherwise, the hacker line found unprotected hostthrough the telephone, will be able to instantly access extremely confidential data?

6. Prohibit the use of network access procedures, such as Telnet, Ftp, Rsh, Rlogin and Rcp, PKI-based access to programs such as SSH substituted. SSH is not transmitted over the Internet in clear text passwords, and Telnet and Rlogin the opposite, a hacker can find these passwords, which immediately access critical servers on the network. In addition, the Unix should .rhost and hosts.equiv file deletion, because you do not guess the password, these documents will provide login access!

7. Limit file sharing and network outside the firewall. This will have the opportunity to hackers intercept system files, and replace it with Trojan horses, file transfer function is no different to a standstill.

8.Ensure that there is a new network topology On your hand. This map should indicate in detail TCP / IP addresses, hosts, routers and other network equipment, should also include internal confidential part of the network border, the demilitarized zone (DMZ) and the network.

9. Run the port scanner port mapping program or on the firewall . Most events are due to improper firewall configuration , so that DoS / DDoS attack success rate is high , so he must carefully check privileged ports and non-privileged port .

10 . Check all logs network equipment and host / server system. As long as a loophole or a time log to change appears almost certain : the associated host security threat has been .

your ideas?
 

elcidofaguy

Well-known member
Joined
Jan 13, 2015
Messages
1,281
Points
113
Nice summary - Although I suspect most of the above relates to prevention of hacking vs. DDOS attacks noting most folks do not have admin rights on a server... With DDOS attacks I would recommend the use of a CDN like Cloudflare whom offer a free plan otherwise go for a web host whom have mitigation measures in place... I'm sure some of the web hosting experts will chime in here...
 

ElixantTechnology

New member
Joined
Nov 26, 2014
Messages
622
Points
0
DDoS Attacks are becoming more and more common every day, the post above seems to be a couple of tactics that are used for prevention of attack or basic security measures that can be put in place at the network level, however none of these actually can prevent the damage of a DDoS attack of any traditional scale. Though it is good to practice some of the above security measures, a lot of them are intended for home networks and not for datacenter environments.

Most hosting providers will provide in-house, hardware based filtering at the network-level that will protect the entire infrastructure from being vulnerable to DDoS attacks, this is the only true way to prevent a DDoS attack and is becoming and industry standard as these attacks become more common, and bigger every day. When choosing your hosting provider, I recommend selecting one that has one of these implementations capable of a minimum of 10Gbps+ per server. With these implementations, if your server comes under attack the hardware in place will redirect the attack traffic and only allow safe and clean traffic to your server, ensuring that no network gear is damaged and your server remains online..

Also, be sure when choosing a hosting provider that is DDoS Safe that you choose one with DDoS Mitigation rather than Protection; or you ask the provider what method they use as most will simply null-route your IP address for the duration of the attack.

We see an average of 20Gbps per day of DDoS Traffic, though our customers do not notice any difference in the network during said attacks because of the mitigation hardware in place on our network.

How can you determine whether you are under attack? Well, your host will usually alert you if an attack is detected.... Other than that, attacks are usually sever enough to knock a server offline without proper mitigation in place.
 

Scopehosts

New member
Joined
Aug 24, 2016
Messages
59
Points
0
Firstly How to determine whether the server has been DDOS attack
Either renting or server hosting, no one has been to ensure smooth sailing. generally exhibit after the server suffers DDOS, CC attack : website stuff seriously , or not open when you visit the Web site , or open the prompt "server unavailable", after the refresh it is still the case , the server remotely difficult , very tough to use remote connection to the desktop card , or the remote into the desktop is black. Some users could just go in a remote desktop connection , but operational difficulties , CPU at 100 percent , memory usage is high , the server has been paralyzed.

Let us talk about How to do When the server is under DDOS attack
1. Ensure that all servers use the latest systems , and security patches . Computer Emergency Response Coordination Center found that nearly every system by DDoS attacks are not patched in time .

2. Ensure that administrators check on all hosts , not just for key host. This is to ensure that each host system administrator to know what is running ? Who is using the host ? Who can access the host ? Otherwise , even if the hacker violated the system , it is difficult to identify .

3.Make sure to remove unused services from the appropriate directory server or file database , such as FTP or NFS. Wu-Ftpd like that, there are some known vulnerabilities , hackers can gain access to the system through the root privilege attack , and can access other systems and even protected by a firewall system.
4. To ensure that all services running on Unix has TCP wrappers to limit access to the host.

5. Disable internal network through Modem connecting to the PSTN system. Otherwise, the hacker line found unprotected hostthrough the telephone, will be able to instantly access extremely confidential data?

6. Prohibit the use of network access procedures, such as Telnet, Ftp, Rsh, Rlogin and Rcp, PKI-based access to programs such as SSH substituted. SSH is not transmitted over the Internet in clear text passwords, and Telnet and Rlogin the opposite, a hacker can find these passwords, which immediately access critical servers on the network. In addition, the Unix should .rhost and hosts.equiv file deletion, because you do not guess the password, these documents will provide login access!

7. Limit file sharing and network outside the firewall. This will have the opportunity to hackers intercept system files, and replace it with Trojan horses, file transfer function is no different to a standstill.

8.Ensure that there is a new network topology On your hand. This map should indicate in detail TCP / IP addresses, hosts, routers and other network equipment, should also include internal confidential part of the network border, the demilitarized zone (DMZ) and the network.

9. Run the port scanner port mapping program or on the firewall . Most events are due to improper firewall configuration , so that DoS / DDoS attack success rate is high , so he must carefully check privileged ports and non-privileged port .

10 . Check all logs network equipment and host / server system. As long as a loophole or a time log to change appears almost certain : the associated host security threat has been .

your ideas?
Nice list.
When you search for new provider. Check with your provider whether they provide DDOS protection.
Also, follow all the major security practices to avoid DDOS. DDOS attack can be hard to manage, so you can check Managed VPS or management support from your provider. They will usually monitor your service and handle all security issues.
 

anindahosting

New member
Joined
Sep 25, 2021
Messages
18
Points
3
You should definitely ask at which layer they provide DDoS protection.

Because we know that layer 7 attacks are done more than layer 3 and layer 4.
 

hostguy

New member
Joined
Sep 25, 2021
Messages
20
Points
3
If you think that your server is under DDoS attack then it is must to sure for this.
You can check with below command:
# netstat -ant | awk '{print $6}' | sort | uniq -c | sort -n

If you will find thousands number of connections then it means your server is going through DDoS attack.

You can overcome with this issue but there are several steps to solve DDoS attack issue.
 
Newer threads
Latest threads
Recommended threads
Replies
17
Views
10,901
Replies
4
Views
5,879
Replies
4
Views
6,788

Referral contests

Referral link for :

Sponsors

Popular tags

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top