Ways to stop your website from getting DDOSd?

[KatnissEverdeen]

So my fiancée and I are currently running/working on our own forum. We have been trying to advertise in many ways. The last 2 days we have been getting DDOSD. It is driving us nuts. It's just like some kid that is just jealous that our forum is doing better than the forum he is trying to create. We are starting to add features to stop this from happening. I am just curious to hear other peoples ideas and thoughts on how to stop this from happening.
Thanks for reading and your responses.

 

[nesito29]

I see, well that sucks, what you need to do is to Change your IP.

Log in on your router (if typed ipconfig in command the default gateway there is your router). Type that IP in browser and log in on there usually username admin pass admin.

Try to find anywhere in the router settings mac cloning, enable that and reboot / replug everything and you should have a new IP.

If you don't have mac cloning specifically, check if you can change your WAN Mac Address anywhere in the settings and do the same after that.

I also recommend you don't share your Skype with anyone there or they can get your new IP again in like.. seconds and continue to do that crap.
If you can't do this yourself contact your internet service provider, explain the situation and I'm sure they will be happy to help, after all what they are doing is highly illegal.

Hope this helps

 

[KatnissEverdeen]

Well we aren't using Macs....... But also he isn't hitting our ip. Everything runs fine other than our forum site. As well as there is a nice little feature on Skype that blocks your ip so it can't be resolved. We both have that feature enabled on our skypes. There has been a few times where people have gotten our ip from Skype and we have been hit. Since then we have changed our ip and enabled that feature on Skype. There has been no problems until yesterday. I guess we just some how piss off or irritate others. Not our intentions by any means.

Thank You for your input though. I appreciate it. Anyone else have any advice?

 

[harrygreen90]

Have you used CDN which they used to offer a service included for stopping from DDOS attack?

 

[KatnissEverdeen]

No, we haven't looked into CDN. I will look into it and discuss it with my fiancée. Thank you for the advice.

 

[Hassan]

KatnissEverdeen feel free to contact me i can solve your problem.

 

[ElixantTechnology]

Howdy,

There are a couple of things that can be done to protect your website from a DDoS attack, first of all being to select a web hosting provider that offers DDoS Protection as a standard with their services. Who is your current hosting provider? If you jump up and say Godaddy, Hostgator or iPage then I can guarantee you that your provider does not have a DDoS mitigation implementation in place, either that, or you're going to get hassled from them if under any sort of attack.

The second step would be to implement a solution such a CloudFlare as a Reverse Proxy solution for your website, this is not a one-click-fix-all solution, however, if the attacks are targetted towards your domain and not the server's IP then this should definitely help out, at least a little bit.

Select a hosting provider that is capable of mitigating your services with little to no downtime or packet loss.

 

[KatnissEverdeen]

Yes, we are currently using GoDaddy. They do not offer any protection. HostGator does offer protection for an extra fee of course. We are debating on switching, using CloudFlare, CDN, or just sticking it out. Lol! We haven't really came to a desicion yet. It's really about if we want to spend the extra money right now or wait until our forum gets bigger. Maybe one day this skid will just get over it and move on.

Thanks for all the input and advice guys. I appreciate it.

 

[ElixantTechnology]

First off, I recommend you avoid any big-name provider like the plague (Godaddy, Hostgator, Etc) unless you are running small-time personal or company pages; otherwise you're in for a whole world of problems as these companies limit the accounts in such ways that will make life difficult for you. There is a whole array of small to medium sized hosting companies that I would reccomend to you that would provide a better solution.

 

[KatnissEverdeen]

KatnissEverdeen

Please feel free to post here or PM me with a list of providers that you recommend. Thanks

 

[MightWeb]

One company I could advice you of is Site5. They're a reputable company, and I know they have some kind of TMS on all of their solutions, helping to alleviate any potential DDoS attacks.
Just like Elixant mentioned, I'd advice against any of the huge providers. Generally speaking, their services are terrible when compared to any of the small or medium-sized providers.

 

[Harry P]

Harry P

As your sig, you are providing a web hosting service.
Does MightWeb provide a service to stop from getting DDoS attacks?

 

[MightWeb]

MightWeb

There's no way to stop a DDoS-attack in its track (due to the simple fact that its distributed). We don't offer DDoS-protection as a standard, but we do help our clients with setting up a multitude of solutions that help both mitigating and blocking that traffic. CloudFlare is one of the options we widely recommend for this purpose.

 

[Kal K]

Kal K

CloudFlare charge $200 month for including DDoS-attack service in their package, can it work in free package?

 

[elcidofaguy]

elcidofaguy

Yes it can... As mentioned there is a "help I am under attack mode" which you can set... This will slow down your website a little with a popup which checks if the web visitor is real or not... Also keep in mind DDOS attacks tend to happen in waves so at some point it will stop... Hence the free option is a good one to use as you can ride out the storm and in parallel incorporate other measures on your web server to help mitigate in future.. As mentioned its real important to understand how this is happening and therefore check server logs as a first step to identifying...

 

[elcidofaguy]

Hiya Katniss,

There is some good advice presented here such as use of CDNs... I would also consider moving to another web host... Keep in mind the attack may be targeting someone else who is on your shared server so you must find out the details of why this is happening... Your web host should be able to help...

With all that said I would take the time and effort to try understand how they are doing this yourself... Therefore check your server logs as this can be critical with identifying ways to mitigate in future...

For example in the past I also experienced a DOS attack (not quite DDOS) as my site was still operational but extremely slow... I discovered that there was a brute force attack which attempted to logon onto wordpress admin... From the logs I figured out that the attempted hack was targeting a file called "xmlrpc.php" as it was getting a massive amount of hits and researching this online I found out that this file could be used to log onto wordpress...

As such I found a solution online whereby I restricted access to xmlrpc.php file using .htaccess and also incorporated redirects to a non existent URL (outside of domain) in addition to some additional steps to hardening wordpress security such as limit logon plugin etc.

In addition I also noticed that the vast majority of the attacks was coming from countries which I would not expect and hence I also incorporated IP server blocking of countries which are not relevant to my website (this may not apply to all websites but if you can block certain countries you can certainly mitigate or reduce the level of attacks)...

Finally I also adopted use of CDN with using Cloudflare (free account option)... There is even a "help I'm under attack" mode setting which can remove the bad traffic before it arrives at your website...

Wishing you the best of luck!