Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 7 of 7
  1. #1
    Member
    Join Date
    Apr 2008
    Location
    UK
    Posts
    63
    Member #
    16740
    Iím require a little information about DDoS attacks.:-/

    I have a website that some people would frown upon, therefore in some countries it may require the user to be a little more discreet so they donít raise any suspicion from the authorities from where they reside. Now, Iíve noticed a certain IP, 86.96.228.89, is using over 30 gig a day, Itís a proxy server in Dubai. I know they filter lots of ďsitesĒ so could it be half the population are viewing the site via that proxy so they donít get rumbled. Or does it bare any resemblance to a Dos attack? Do DDoS attacks increase the bandwidth usage?

    Anyway, any help would be much appreciated.

    Thank you.

    BTW, I have mod_evasive and mod_security.

  2.  

  3. #2
    WDF Staff Wired's Avatar
    Join Date
    Apr 2003
    Posts
    7,657
    Member #
    1234
    Liked
    137 times
    Is it constant bandwidth suck, or is it randomly? Does the usage pattern meet the usage pattern coming from other IPs?
    The Rules
    Was another WDF member's post helpful? Click the like button below the post.

    Admin at houseofhelp.com

  4. #3
    Senior Member
    Join Date
    Jun 2005
    Location
    Atlanta, GA
    Posts
    4,146
    Member #
    10263
    Liked
    1 times
    DoS attacks (denial of service) may match your description. DDoS (distributed denial of service), not so much, since all of the traffic concerned is coming from a single host, and therefore not particularly distributed.

    In your case, how does the traffic coming from that IP compare to that coming from others? Also, is it significantly slowing your site down? DoS attacks are meant to cripple sites, and usually cause extremely high load. They also tend to be less about bandwidth and more about CPU time, which typically is achieved by maximizing the number of requests to your server rather than the amount of data downloaded per request. So the other question is, how many simultaneous connections are typically open to this one host, on average?

  5. #4
    Member
    Join Date
    Apr 2008
    Location
    UK
    Posts
    63
    Member #
    16740
    Thanks for your answers guys.

    The traffic coming from that one IP is probably 10 times the amount as everyone elseís. There is also another IP that is using around 20 gig of bandwidth a day from the exact same location. Itís not effecting the site whatsoever, we can easily manage Terabytes of bandwidth per day.

    Iím 90% certain its nothing malicious. Iíve done a bit more research and spoken with my programmer, we think it is that everyone is using the same proxy to access our site, both IPís are in Dubai so Iím guessing people are trying to avoid raising any suspicion from their ISP. Iíve also noticed a massive flux in traffic from that region too. Iíve modified mod evasive and changed its email alert address so I now receive emails from Apache. Should anyone attempt a dos attack I can easily block there IP.

    I also have a Cisco firewall, would that stop a dos attack?

    Cheers

  6. #5
    Senior Member
    Join Date
    Jun 2005
    Location
    Atlanta, GA
    Posts
    4,146
    Member #
    10263
    Liked
    1 times
    I'm not too familiar with how Cisco firewalls handle DoS attacks, but it's possible. Still, if the traffic isn't even putting a dent in your capacity, then that in no way qualifies as denial of service :-P

  7. #6
    WDF Staff Wired's Avatar
    Join Date
    Apr 2003
    Posts
    7,657
    Member #
    1234
    Liked
    137 times
    Do you have a login access to your site? If so, you can guesstimate if it's a bandwidth horny...err HUNGRY... user, or if it's just a high number of users on that same proxy (assuming that's what it is).
    The Rules
    Was another WDF member's post helpful? Click the like button below the post.

    Admin at houseofhelp.com

  8. #7
    Junior Member
    Join Date
    Sep 2009
    Posts
    2
    Member #
    19841
    Nope, if it was a DOS attack your site would already crash regularly, a DOS attack
    is usually an unrelenting series of service requests.
    Although at times it may be intent on sucking up bandwidth, the standard DOS attack
    comes more in the form of multiple data requests in very short succession.
    By multiple I'm talking as many as possible, thousands a second and more, most
    servers won't stand up to one for more than say, 20-30 seconds at a time.
    If such is the case, one can temporarily ban the offending IP via .htaccess, then start
    doing some research into effective scripting that helps prevent it (because banning IP's
    becomes unfruitful quick).

    More, or just as likely the source of your problem is image harvesting software, I forget
    the proper term but it's basically this program people use to gather only images from
    however many Web sites, it works a bit like a search engine except the user never has
    to visit any of the Web sites.
    These bots will consume your bandwidth.

    There exist htaccess scripts designed to help prevent this nonsense somewhat as well.
    Basically you will want to deny access to any and all non-friendly bots, via the htaccess file.


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Search tags for this page

ddos signs

,

ddos symptoms

,
sign of ddos
,

signs of a ddos

,

signs of a ddos attack

,

signs of ddos

,
signs of ddos attack
,
symptoms of a ddos
,

symptoms of ddos

,
symptoms of ddos attack
Click on a term to search for related topics.
All times are GMT -6. The time now is 09:39 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com