Technology
Microfine™ Granularity
Adaptive Threshold Estimation
Virtual Identifiers
Scan Prevention
Source Tracking
Protocol Anomaly
Custom ASICs
White Papers
FAQs
Overview Presentation
DoS Articles
 

Customer Pain from DDoS - Real Stories from Around the World:

 

Hey everyone, I have read so many posts, however I am still in need of help.
I have been getting ddossed for the last month, my host has tried many things on my server that are commonly suggested around here, however we have over 40 000 connections hitting the server from this attack and it keeps rising.
I am on LiteSpeed.
I also have NetScreen 50 firewall which helped for a little while, however the server still keeps going down.
- A troubled customer of a webhost

Man, my server has been getting KILLED all day long. Apparently it is one of my main domains getting slammed, so my server host "nulled" that IP address. Which brings back the rest of my server, but I'm going to be screwed if that other domain can't get back online. Basically they are telling me that there is nothing they can do at all but wait it out.

- An e-commerce vendor

We are working on this machine. I don't think you realize what is going on here. Someone decided to flood your server with http requests. This basically kills the box. There is nothing we can do short of nulling the IP which was done. The IP that was nulled was the .147 one since that's what was getting hit. The script we put in place could not hold it. The attack was subsiding but came back full force. There is nothing we can do aside from waiting it out. I am sorry.

- Web-host for the above Vendor

I'm looking for a piece of advice what I can do because finally after 20+ hours I give up.

My resources are constantly at 20%CPU and 70-99% Resources(RAM)

So you might think simply ban them.. I did ! But I can ban IP's for 30+ min straight and it won't end.
I can do this for 100+ times and there are still IP's with more than 10 connections. Maybe I should change ddos-config to iptables ban but heck I can't add 500+ ip to iptables because the servload will dramatically increase.

If anyone can help me that would be awesome. I can't think of any other way how to fix it and I have no clue why they are ddosing my server. The hosting staff said they are also brute forcing cpanel but "\_ /usr/local/ap" doesn't look like cpanel to me.
- Affected by DDoS

My site ... dot com was attacked for almost one month. The attacker demand for admin of the forum. I had switched for three company and non of them really provide the real ddos protection. The only thing they do is remove the site when attacked.

- Displaced Again and Again by DDoS

Just a short question. Can you restart the httpd to get the server online again while you are under an DDoS attack?
The reason for asking is that I was told that when restarting the httpd it should start to work again instantly, and so it seems.

But why? doesnt the attack "continue" after the restart ?

- Ignorance is not bliss when under DDoS

Your site is under an attack and will be for this entire weekend. You have a flaw in your network that allows this to take place. You can ignore this email and try to keep your site up, which will cost you tens of thousands of dollars in lost wagers and customers, or you can send us $40k by Western Union to make sure that your site experiences no problems.

- Extortion email to a betting-website administrator
 
Ask us how we can help.