one hacker attacked my website with DoS attack.What should i for this problem?
Excuse me I can speak basic english.If you writed with basik english.i am happy.
Thanks...
Printable View
one hacker attacked my website with DoS attack.What should i for this problem?
Excuse me I can speak basic english.If you writed with basik english.i am happy.
Thanks...
What kind of web site? Is it hosted from your computer? If so, a firewall is supposed to be able to take care of a DoS attack. If it is remotely hosted, it also affects the company hosting the web site and they should take action.
yeah good point,im kinda new but i see what your saying.get a web site hosted by someone esle then you don't have to wrry about it.
True, only if you can afford to pay that much a month. From the sound of it, I am going to assume that this site is on a computer of yours because you would not have known about this DoS attack if your site was hosted by someone else. keezel is right, a firewall will put a stop to that.Quote:
get a web site hosted by someone esle then you don't have to wrry about it.
I would actually recommend Kerio for this. I have found the configuration to be somewhat nicer than the rest of the free ones out there.
With Kerio, you also get an IDS.
Oh yeah, if you're running Linux, look into IPtables/IPChains.
If using Linux/Iptables what can you do to reduce or even avoid the Dd0s? ( Possible? )
I have seen so much so i dont know what to belive. :(
What kind of DNS do you have? If it's locally hosted try to renew your IP [provided your ISP doesn't give you a static] and then update your DNS settings [if you're using dyndns.org or something].
The action you need to take depends on the type of DoS attack
If it's a web application / web server DoS attack, it needs fully formed TCP connections to be effective - therefore it cannot use spoofed IPs, so you should record the IPs and block them at your firewall. Also you can use some web sevrer plugin modules like mod_security or its IIS equivalents to identify DoS attempts and block them, also some lame bandwidth DoS attempts.
If it's a synflood, just turn syn cookies on on your web servers or redirectors, job done.
If it's a bandwidth DoS, that is the hardest problem, it will be using spoofed source IPs set randomly, so you can't block the IPs at an upstream firewall. The DoSers will be using a TCP packet type which is part of legitimate traffic, so you can't block it upstream by flags or port numbers either.
Of course a local firewall has absolutely no effect on a bandwidth DoS, because the bandwidth is exhausted before it even gets there.
Your best bet is to work with your upstream providers, and get them to work with their peers to identify the routes used by the DoS traffic, and attempt to narrow it down to a given area, and if it's a truly distributed attack, there may be little they can do.
One option is to get your upstream provider to install some kind of QoS to somehow limit this traffic, to give established legitimate connections higher priority, or to set up a stateful firewall upstream, but again, this is dependent on how much resources your upstream provider have to throw at the problem.
No, it isn't.Quote:
a firewall is supposed to be able to take care of a DoS attack
Slarty