Submitted by Arens on Fri, 04/17/2009 - 14:56
I use EHCP now for a year, I'm very happy with it. Now i have got a e-mail from my provider that there is tried to do a DDOSS attack with my server. Is this possible is my question. The provider gave me two sollutions to fix this problem. Bolk port 53 DNS in my router, or disable recursion. If it is possible what is the best sollution to fix this.
Fri, 04/17/2009 - 16:08
There are many types of DDOS
There are many types of DDOS attack.
You should carefully examine the situation.
Even some domains that you host, or some php files that are hosted in your server may cause the source of DDOS.
So, you should examine web logs too..
Blocking port 53 is not a good idea, because in that case, you dns will not function at all. And all your sites will be unreachable.
The good idea is to disable recursion.. The new default of bind/ehcp now is like this.
"auth-nxdomain no; " in /etc/bind/named.conf.options means this, i think...
I am not sure about details but, if your server allows recursion regarding dns, then your server may be used in a DDOS attack.. put "auth-nxdomain no;" into your named.conf.options...
if anybody knows more about this, please write her.e.
Fri, 07/03/2009 - 16:32
To make it clear, your ISP
To make it clear, your ISP contacted you through email? Are you a hosting business, or just hosting your own site? You're grammer sounds it seems as if your server is hosting the attack. If it's that your server is getting attacked, there is software out there from http://www.applicure.com, (dotdefender) that limits the sessions coming in per website and makes sure it doesn't exceed the normal load.
I use EHCP =)
Thu, 08/20/2009 - 14:42
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers, they can effect low cost hosting services along with the business hosting service providers servers.
One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service to ecommerce hosts or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.