DDos attack on server
My server's apache web server started failing 3-4 days ago. I got my server admin to look into this and he told me it is likely a ddos attack on the server. There are constant http flood connections.
I am using LayeredTech as my dedicated server host and a customer service officer told me the http problem is likely due to the fact that my server is sending out data at a rate of 30M/sec. Data traffic has been at around 48-81M/sec. She told me the traffic that is being used is outbound from your server to the internet and is most likely a get request attack where people are scripting a manual get of a web site several thousand times a minute. Furthermore, she mentioned i have a massive ongoing HTTP GET type attack which they can not do anything about since its coming from 10's of thousands of unique and most often forged IP's. They doubt its a ping flood since its coming from port 80. Somehow the problem is connected with outgoing traffic from the server.
I spoke to another guy from LayeredTech and he advised me the domain being attacked right now is the domain belonging to a free webspace hosting site i have on my server. Could it be that some hacker registered a free hosting account with my site and somehow utilise it to start the ddos attacks?
My server is unplugged from the network currently and i am still looking to find ways to solve the problem. Could anyone help advise me on the methods or steps i should take to rectify the problem? The last few days have been pretty frustrating for me
I am considering taking these steps:
1) Temporary block all ips on port 80. This might stop the hacker for a while but somehow i can't envisage this as being a permanent solution.
2) Block all the traffic coming through the server, then go through the logs and try and figure out who started the attack.
3) Null route the destination IP and renumber my sites to a different IP.
4) Since the problem lies with the free hosting site, currently i offer unlimited bandwidth to the free member accounts. If i were to limit bandwidth usage for each free account, i suppose this might solve the problem?
Are there any steps i could take? I am seriously at a loss as to what i should do now. Any help or advise would be greatly appreciated.
Thanks,
Dave
