Website Update DDoS Attack (Website and forums)
- Thread starter RESiSTANT
- Start date
- Status
Billy you have some good points , BUT , if we speak for dos attacks in general , routes/iptable drops on the server will not help.
Let me explain why.... Lets say you have 1Gbps connection to your ISP and shaper for 500Mbps . (here i'll talk about traffic dos)
If the incomming traffic is 2Gbps , it dosnt matter what iptables rules you have ..the packet will come to you , and it dosnt really matter if you'll drop it or not... cose the pipe to you is 500Mbps big.
But if we are talking about dos attacks like it was in this case , yes you have right it can help , oh thou you are forgeting the 2 most important things
1. the server must have not downtime ot as less as possbile
2. if you stop it you'll stop the service for the users - so no good.
BUT ...there are few fun things you can do .... if you know who's attacking you ...you can just forward your domain to his IP
So he takes his own dos 
Or you can forward the domain to 127.0.0.1 so every drone tries to dos himself (harakiri)
Anyway i'm helping the server admins with problems like this and the best solution is to filter the traffic not on the end point server, but to let your ISP filter it.(as we are doing).
And about the detection (with IP is drone witch is not) there's no 100% sure way to do it , but 'cose most botnet scripters are lame , there's a easy way to find match all drones and only few users..... the log files of the web server write the user browser ID string ..all drones in botnet use the same browser id string ...
So here's a easy way to find who's who
p.s.: Billy , one other thing ...its kind of hard to do iptables -blqblq when you are running cmd.exe, i hope you'll understand what am i trying to say here.
Let me explain why.... Lets say you have 1Gbps connection to your ISP and shaper for 500Mbps . (here i'll talk about traffic dos)
If the incomming traffic is 2Gbps , it dosnt matter what iptables rules you have ..the packet will come to you , and it dosnt really matter if you'll drop it or not... cose the pipe to you is 500Mbps big.
But if we are talking about dos attacks like it was in this case , yes you have right it can help , oh thou you are forgeting the 2 most important things
1. the server must have not downtime ot as less as possbile
2. if you stop it you'll stop the service for the users - so no good.
BUT ...there are few fun things you can do .... if you know who's attacking you ...you can just forward your domain to his IP
So he takes his own dos Or you can forward the domain to 127.0.0.1 so every drone tries to dos himself (harakiri
) Anyway i'm helping the server admins with problems like this and the best solution is to filter the traffic not on the end point server, but to let your ISP filter it.(as we are doing).
And about the detection (with IP is drone witch is not) there's no 100% sure way to do it , but 'cose most botnet scripters are lame , there's a easy way to find match all drones and only few users..... the log files of the web server write the user browser ID string ..all drones in botnet use the same browser id string ...
So here's a easy way to find who's who
p.s.: Billy , one other thing ...its kind of hard to do iptables -blqblq when you are running cmd.exe, i hope you'll understand what am i trying to say here.
4 servers from xtremetop were atacked with DDoS
Nope.
Thnx a lot RESiSTANT <3
Thank to l4m3rx for the big help. I really appreciate it.
Thanks to everyone who supported us and understand us. Have a nice game!
- Status