• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

AAC IpTables - nuking my site

roriscrave

Advanced OT User
Joined
Dec 7, 2011
Messages
1,188
Solutions
34
Reaction score
200
Some people are dropping my site with atack DDos, I use linux and the server does not suffer any damage, it continues online and without any lag.
But the site goes offline with the attacks, what IpTable is recommended in this case?
 
You have two options
Easy one to use Cloudflare.
Hard one to...
1-check your http error/access log files it will help to determine which type of attack or bug they are using.
2-check your mysql log maybe you have some pages that use a lot of resources
based on 1,2 you might need to tweak your http/mysql server.
if none of the above works then your best bet to take a tcp dump on port 80 during the attack and provide it to your hosting company.
 
You have two options
Easy one to use Cloudflare.
Hard one to...
1-check your http error/access log files it will help to determine which type of attack or bug they are using.
2-check your mysql log maybe you have some pages that use a lot of resources
based on 1,2 you might need to tweak your http/mysql server.
if none of the above works then your best bet to take a tcp dump on port 80 during the attack and provide it to your hosting company.

if I use cloudflare, it will mask my ip, correct?
for example my site is: www.test.com (ip: 155.108.0.1)
then the cloudflare will camouflage www.test.com, changing the ip to (123.0.0.1), just as an example ...
but if the person enters the game and uses the CMD (netstat), can it find the real ip and make the attack again, or am I wrong?
 
"DDoS"-attacks, most probably just scriptkiddies.

Go to your apache-config, edit following:
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
</IfModule>

<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>

Raise the numbers of servers and max clients, this will allow these kids to continue to send their booters but won't have an effect on the site.
 
if I use cloudflare, it will mask my ip, correct?
for example my site is: www.test.com (ip: 155.108.0.1)
then the cloudflare will camouflage www.test.com, changing the ip to (123.0.0.1), just as an example ...
but if the person enters the game and uses the CMD (netstat), can it find the real ip and make the attack again, or am I wrong?
True, that’s why you should only allow domain to access your webserver.
 
"DDoS"-attacks, most probably just scriptkiddies.

Go to your apache-config, edit following:
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
</IfModule>

<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>

Raise the numbers of servers and max clients, this will allow these kids to continue to send their booters but won't have an effect on the site.

i'll try it, thx!
 
"DDoS"-attacks, most probably just scriptkiddies.

Go to your apache-config, edit following:
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
</IfModule>

<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>

Raise the numbers of servers and max clients, this will allow these kids to continue to send their booters but won't have an effect on the site.

I did not find the file, in what folder is it located?
 
/etc/httpd/conf/httpd.conf

<IfModule mpm_worker_module>
ServerLimit 250
StartServers 10
MinSpareThreads 75
MaxSpareThreads 250
ThreadLimit 64
ThreadsPerChild 32
MaxRequestWorkers 8000
MaxConnectionsPerChild 10000
</IfModule>

interesting, but I dont found this folder here too
found here apache2.config
 
/etc/httpd/conf/httpd.conf

<IfModule mpm_worker_module>
ServerLimit 250
StartServers 10
MinSpareThreads 75
MaxSpareThreads 250
ThreadLimit 64
ThreadsPerChild 32
MaxRequestWorkers 8000
MaxConnectionsPerChild 10000
</IfModule>
I dont found this folder here too
found here apache2.config
 
you could also use iptables to restrict amount of connections per host.

This will limit to 10 connections per client on port 80, rest will be rejected.
/sbin/iptables -I INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-mask 0 --connlimit-above 10 -j REJECT --reject-with tcp-reset


but you could also take a look into MaxClients option for apache config.
mpm_common - Apache HTTP Server
 
none of the solutions worked for me, does anyone know of any iptables or firewall to activate on linux that protects apache?
 
Back
Top