How to deal with DDOS attack against shared server?

Portal Home > Knowledgebase > Articles Database > How to deal with DDOS attack against shared server?

Posted by HostFriendly, 10-19-2012, 02:31 PM
As you know, those days anyone has 5-10$ can buy botnet which can be even more than 1Gbps. My question is, if you are webhosting company, how do you protect shared servers aginst DDOS ? Especially if it larger than your uplink ? (The ones that software level solitons wont work) Just wait for it to stop, or use expensive ddos protection ? Regards.
Posted by dareORdie, 10-19-2012, 08:38 PM
It all depends on the type of websites you have on the server.We can set custom firewall rule and large mod_security rulesets protecting our servers.Make sure that DC has enabled with network level flood protection.Other measures are confidential.
Posted by anuja9991, 10-19-2012, 08:49 PM
If your shared server is target of high ddos attack often, you need to setup hardware firewall. If the server still gets ddos, you can check logs or apache status to detect domain that is target of the attack.
Posted by dareORdie, 10-19-2012, 08:52 PM
We can also check the connections on the server that from which IP getting more hits so that we can block it.
Posted by dareORdie, 10-20-2012, 01:05 AM
If you are unaware of how to check the IP connections just fire the below command :- # netstat -an | grep :80 | awk '{print($5)}' | cut -f1 -d":" | sort | uniq -c | sort -n
Posted by Beast5, 10-20-2012, 02:04 AM
Utilize a Hardware based firewall, such as cisco guard or fortigate, and bump up your switch uplink to 10GE, that will help a lot.
Posted by HostFriendly, 10-20-2012, 02:50 PM
Hi. Thanks all for relpies. But as i stated above, the solutioon by blocking the attackers ip's and so on are working till the attack size is less than your uplink Can you recommend a datacenter which has network level protection ? (If possible, should not be extremely expensive) Regards.
Posted by Hoopla-Brad, 10-20-2012, 04:07 PM
These days most hosts run CSF which defends those $5 bonnets.
Posted by RobertJP, 10-20-2012, 05:41 PM
You coud try IP tunel from a remote ddos protection firm or moove your servers to a DDoS protected datacenter. If you plan this for long term would be better to moove server to a better DC.
Posted by Boxxed, 10-20-2012, 06:01 PM
These days all i can see is most of the hosts run CSF.
Posted by ssfred, 10-22-2012, 04:24 AM
A sensitive mod_sec rule set along with CSF + lfd would be quite efficient.
Posted by SumVPS, 10-22-2012, 04:40 AM
Contact Data center to block the range IP's which is affecting your server. Or you may need to invest money for hardware firewall.
Posted by Rob T, 10-22-2012, 04:49 AM
Most everyone here has ignored one of the most critical aspects of the OP's post - he's concerned about flood attacks that can saturate an upstream link. No amount of CSF and mod_security tuning is going to help you if you are getting slammed with 1.5G on a 1G link. In these cases, you basically have 2 choices - increase your uplink size and try to filer the attack in some way, which can be expensive and isn't really practical at the server level in many cases, or find a host that offers network-based protection against that type of flood attack, either through equipment deployed within their network or through utilization of a "clean pipe" service which scrubs traffic before it hits the provider's network. Either way, keep in mind that you pretty much get what you pay for when it comes to DoS mitigation, and trying to handle mitigation in any kind of shared environment can be very difficult.
Posted by HostFriendly, 10-22-2012, 01:00 PM
I noted this twice in this thread. Still some people believe that software level protection can help even if the attack size is bigger than uplink Regards.
Posted by BestServerSupport, 10-23-2012, 08:51 AM
It seems that RackSpace is providing Network level security to protect from DDOS attack. For more details kindly refer following URL: http://www.rackspace.com/managed_hos...dosmitigation/
Posted by ClaudiuPopescu, 10-23-2012, 02:56 PM
There are more than a few data centers offering ddos protection for their services. But be very careful, bandwidth attacks are very expensive and the easiest way to stop wasting bandwidth is to null route the attacked IP (downtime for you). This should be as a last resort, but many data centers practice this. So you should ask the right questions before deciding for a ddos protection service.