DDos and what to do?
For a few weeks, one of the sites on my server is getting attacked. The site is on dedicated ip. When I do a tcpdump I see various diffrent ips attacking. Most of the ips start with 15, 13, 21 etc. It causes apache to fail and server becomes unreachable. I have installed apf with antidos and mod_dosevasive. But they don't seem to help. Actally I'm not even sure wheter they are working or not.
Because the site is on a dedicated ip, I just change the ip of the site and request the datecenter to nullroute the current ip. Then it comes back to normal but I can't be online all the time.
APF seems like working, no errors when I type apf -r but When I add IP's to deny hosts those IPs still can reach the server. And when I type apf -st the last two lines make me think that firewall isn't active. And altough I set antidos active the antidos log file is always emty.
.......
Dec 13 04:02:03 host apf(9269): loading sysctl.rules
Dec 13 04:02:03 host apf(9269): determined (OUT_IF) eth0 has address xxxxxx
Dec 13 04:02:03 host apf(9269): determined (IN_IF) eth0 has address xxxxxxx
Dec 13 04:02:03 host apf(9218): parsing block.txt into /etc/apf/ds_hosts.rules
Dec 13 04:02:03 host apf(9218): downloading xxxx
Dec 13 04:02:03 host apf(9218): activating firewall
Dec 13 04:02:02 host apf(9142): firewall offline
Dec 13 04:02:02 host apf(9142): flushing & zeroing chain policies
What are your reccomendations?
and
How can I block an IP, for example which starts with 80 ? What is the mask for that? I want to block each ip that starts with 80.
Thank you.
