[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] DOS protection
- To: "list@xxxxxxxxxxxxx" <list@xxxxxxxxxxxxx>
- Subject: Re: [LUG] DOS protection
- From: Matt Stevenson <mrmstevenson@xxxxxxxxx>
- Date: Mon, 28 Sep 2015 19:24:42 +0100
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1428397562; h=Sender:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:To:From:Message-ID:Date:References:In-Reply-To:MIME-Version; bh=cgVRRqkm75AiMUq6upqAWMMzBeRBjEqhIg/p/BUOs6Y=; b=se2yLV90nCpzQMswwhqvJxPAtqdSdtumHfj9HlJd6c9wVZgYVYNwXg0QkZLYMebma3+EtT60S2802vLqCizBBBgqRsNjeBZA9qkoe2DMVZsL0R6XufvtZvEgxybGdEdPyIAn+rZaVIz6GgWuqqncPSkth1e12gbW0Dw+ks68r0Q=;
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=oOf77rDUXDGwVnhFlXwNjO9+2VuyOijD2b3LqwHaqZc=; b=aDIVelDji1timdtPdto6UyrB4YOQROPc92rdO0UFMhFF9WUa62wrXrY6MOLZoj3gVQ jxKBXfba86Pd2oNut1agxAcTOSqxWjYcH6CPlSuCHNkA5P+CMNBGigFBjQVqwaMr/ob5 LItt17iYc//iOrF6//PMJz+ESJIqRykhqSvcNhsZLecZTzd2Tyqjt+DYLqRZVE/u7bnv E0aATfAiWcPy4j2/ilQ5UAdTRDSpghyjsV/iulOL84nIaTuutpaLcoXmR6hTkoZuDV1P LAudDjZKtYqAqWegiQNQYq+AgpvblMPrhHF4ucR37GI6A3YZnTU7pfX7d1Jf49UGOBuX nWFg==
Its a cpanel server hosting a few websites and I have been looking in /usr/local/domlogs to identify which bots we want to visit and those that are there to disrupt or worse. I have not knowingly pissed off any competitors in Ukraine, Russia, Indonesia and China.
This command helped a bit to establish whose connecting to the web host.
netstat -anp | grep :80 | grep ESTABLISHED
Googled for Linux DDos attacks. Few sites out there helped https://www.liquidcomm.net/how-to-manage-a-ddos-or-dos-attempt-directed-at-your-linux-server.html
Now looking for an open source local script or perhaps I need to connect with a Linux security company.
Services like Cloudflare are a bit our my price range.
Thanks to you both.
On Monday, September 28, 2015, Gordon Henderson <gordon+lug@xxxxxxxxxx> wrote:
> On Mon, 28 Sep 2015, Matt Stevenson wrote:
>
>> Hey There
>>
>> Hope you all had a good weekend.
>>
>> Today seemed to get on my nerves the number of DOS attacks Iâm obviously
>> not setup for it.
>>
>> I found this :
>>
>> https://www.liquidcomm.net/how-to-manage-a-ddos-or-dos-attempt-directed-at-your-linux-server.html
>>
>> Who has setup there own DOS protection and what do you use ?
>
> What are you doing that (a) exposes your IP address and (b) pisses someone off enough to DDOS your home connection? (assuming it's your home connection being targeted)
>
> The only time I've ever had anything close to that was sipvicious attacks.
>
> However if its a hosted server then (b) applies.
>
> You can firewall your server/home connection to drop packets, however without the cooperation of the ISP those packets have already come down the wire to your firewall, so if you get billed for them, then expect big bills as the firewalling is doing nothing.
>
> Gordon
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
