attack

[Teo]

Hello guys,

someone is attacking my SOF2.ORG website with something weird, the VPS where is running my webserver is DDoS protected and it works fine but this bastard is doing something against the 8080 port, during a recent attack i was able to get this from LOG:
http://paste.ubuntu.com/13211397/

he seems is attacking with something which generate a stress for the VPS


untill the mysql server crash and it stops.

my action: i have VPS with OVH using their DDoS protection and i added Mod_Security and Mod_evasive in my webserver.

any idea on how to block this please?

thanks.

[ykpon]

https://github.com/kyprizel/testcookie-nginx-module
I think, that help you.

[Teo]

oh many thanks, but what it exactely do and what who is attacking is exactely doing please? Have you experienced the same issue yourself?

[DRS]

Have you tested with the DDOS Deflate Script?

1º) Download:

wget http://www.inetbase.com/scripts/ddos/install.sh

2º) Grant permissions:

chmod 0700 install.sh

3º) Install:

./install.sh

4º) Settings:

nano /usr/local/ddos/ddos.conf

[Options]

FREQ=1 (Frequency of script in minutes)
NO_OF_CONNECTIONS=150 (Maximum connections before being banned)
APF_BAN=1 (1 to use APF, 0 to use IPTables)
BAN_PERIOD=600 (time ban)
EMAIL_TO=”root” (Send email whenever someone is bans)
KILL=1 (1 to unable anti-DDOS, 0 for disable anti-DDOS)


[Recommendation]

FREQ=1
NO_OF_CONNECTIONS=100
APF_BAN=0
BAN_PERIOD=10800
EMAIL_TO=”[email protected]”
KILL=1