My forum is being DDoS'ed..Need help.

[mani123]

Well I'm not a big guy on anti DDoS tactics but I've tried everything I can and I cannot afford real DDoS protection (only a small forum). What do you guys suggest? Sorry if this is in the wrong section.

[DSystem]

What type of hosting do you use? (VPS, Dedicated or shared)
What's the URL of your forum?

[Burke ♞ Knight]

DDoS attacks are usually up to the host to deal with.
I'd suggest you report it to them and let them deal with it, as they will have more experience and tools to use.

[Night09]

Well I'm not a big guy on anti DDoS tactics but I've tried everything I can and I cannot afford real DDoS protection (only a small forum). What do you guys suggest? Sorry if this is in the wrong section.

What makes you think your being DDoSed? No one would waste their time doing this to a small forum.

[mani123]

Oh maybe DoS, I'm not to sure of the type of the attack but I have logs of it before I changed to a dedicated IP which did nothing

Code Select Expand

. Here they are.

Code Select Expand

Dear valued customer,


Your account has been suspended.
Your website is the target of a large DDoS attack, causing congestion on the network and causing server overloads.

Your domain name has been null-routed.


Snapshot logs:

   Current Time: Wednesday, 04-Feb-2015 18:36:48 PST
   Restart Time: Wednesday, 04-Feb-2015 18:36:37 PST
   Parent Server Config. Generation: 1
   Parent Server MPM Generation: 0
   Server uptime: 11 seconds
   Server load: 0.56 37.15 57.03
   Total accesses: 15182 - Total Traffic: 12.3 MB
   CPU Usage: u3.01 s5.93 cu2.05 cs.55 - 105% CPU load
   1380 requests/sec - 1.1 MB/second - 852 B/request
   249 requests currently being processed, 1 idle workers

    PID    Connections    Threads      Async connections
         total accepting busy idle writing keep-alive closing
   29395 73    yes       25   0    0       0          49
   29396 66    yes       25   0    0       0          42
   29397 81    yes       25   0    0       0          57
   29399 72    yes       25   0    0       0          48
   29406 66    no        25   0    0       0          42
   29411 70    yes       25   0    0       0          45
   29421 84    yes       25   0    0       0          59
   29426 60    yes       25   0    0       0          36
   29440 66    yes       25   0    0       0          42
   29455 74    yes       24   1    0       0          50
   Sum   712             249  1    0       0          470

RRWRRRRWRRRRRRRRRWRRRRRWRRRRRWWRRRRRRRRRWRRRWRRRRRRRRRRRRRRRRWRR
RRRRRRWRRRRRRRRRRRRWRRWRRWRWRRRRRRRWRRRRRRWRRRRRWRRRWRWWRRRRRRRR
WRRRRRRRRRRRRRWRRRRRRRRWWRWRRRRRRRRRRRRRRRRRRRWRRWRRRRRRRRRRRRWR
RWRRRRRRRRRWRRRRWRRRRWRRRRRRRWWRRRRRRWRRRRRRWW_RWRRRRRRRRR

   Scoreboard Key:
   "_" Waiting for Connection, "S" Starting up, "R" Reading Request,
   "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
   "C" Closing connection, "L" Logging, "G" Gracefully finishing,
   "I" Idle cleanup of worker, "." Open slot with no current process

   Srv PID Acc M CPU SS Req Conn Child Slot Client VHost Request
   0-0 29395 0/89/89 R 1.21 0 0 0.0 0.07 0.07 190.201.176.166
   0-0 29395 0/93/93 R 1.18 0 0 0.0 0.07 0.07 186.89.85.150
   0-0 29395 0/34/34 R 1.08 1 0 0.0 0.03 0.03 112.255.166.115
   0-0 29395 0/79/79 R 1.21 0 0 0.0 0.06 0.06 190.79.239.178
   0-0 29395 0/54/54 R 1.03 2 0 0.0 0.04 0.04 46.99.131.58
   0-0 29395 0/55/55 R 1.20 0 0 0.0 0.04 0.04 190.204.154.28
   0-0 29395 0/36/36 W 0.74 6 0 0.0 0.03 0.03 210.75.14.146 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   0-0 29395 0/73/73 R 1.21 0 0 0.0 0.06 0.06 200.8.140.186
   0-0 29395 0/73/73 R 1.18 0 0 0.0 0.06 0.06 186.89.120.55
   0-0 29395 0/23/23 R 0.78 6 0 0.0 0.02 0.02 190.74.53.206
   0-0 29395 0/23/23 R 0.37 9 0 0.0 0.02 0.02 190.200.19.33
   0-0 29395 0/68/68 R 1.18 0 0 0.0 0.05 0.05 190.206.206.71
   0-0 29395 0/43/43 R 0.80 5 0 0.0 0.03 0.03 190.36.123.103
   0-0 29395 0/105/105 R 1.21 0 0 0.0 0.08 0.08 190.37.108.192
   0-0 29395 0/42/42 R 1.21 0 0 0.0 0.03 0.03 190.204.154.28
   0-0 29395 0/47/47 R 1.20 0 0 0.0 0.04 0.04 190.206.181.117
   0-0 29395 0/49/49 W 1.21 0 0 0.0 0.04 0.04 189.84.5.129 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   0-0 29395 0/61/61 R 1.19 0 0 0.0 0.05 0.05 190.72.51.78
   0-0 29395 0/57/57 R 1.02 2 0 0.0 0.06 0.06 190.206.31.161
   0-0 29395 0/8/8 R 0.29 9 0 0.0 0.01 0.01 190.204.238.129
   0-0 29395 0/71/71 R 1.21 0 0 0.0 0.06 0.06 190.38.198.114
   0-0 29395 0/66/66 R 1.16 0 0 0.0 0.05 0.05 190.202.160.105
   0-0 29395 0/63/63 W 0.98 1 0 0.0 0.05 0.05 46.99.131.58 SITEREMOVEDHERE:80
   POST / HTTP/1.0
   0-0 29395 0/56/56 R 1.04 2 0 0.0 0.05 0.05 190.206.31.161
   1-0 29396 0/61/61 R 1.78 0 0 0.0 0.05 0.05 190.38.38.138
   1-0 29396 0/33/33 R 1.39 3 819 0.0 0.03 0.03 190.201.132.58
   1-0 29396 0/58/58 R 1.80 0 0 0.0 0.05 0.05 186.89.85.150
   1-0 29396 0/56/56 R 0.73 5 0 0.0 0.04 0.04 201.209.93.115
   1-0 29396 0/90/90 W 1.78 0 0 0.0 0.07 0.07 186.213.122.143
   SITEREMOVEDHERE:80 POST / HTTP/1.0
   1-0 29396 0/12/12 W 0.16 9 0 0.0 0.01 0.01 161.22.33.30 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   1-0 29396 0/84/84 R 1.79 0 0 0.0 0.07 0.07 190.78.184.128
   1-0 29396 0/75/75 R 1.80 0 0 0.0 0.06 0.06 186.88.97.42
   1-0 29396 0/74/74 R 1.62 0 0 0.0 0.06 0.06 190.78.83.140
   1-0 29396 0/64/64 R 1.80 0 0 0.0 0.05 0.05 186.89.180.229
   1-0 29396 0/75/75 R 1.80 0 0 0.0 0.06 0.06 190.203.244.56
   1-0 29396 0/52/52 R 1.47 2 0 0.0 0.04 0.04 186.92.188.200
   1-0 29396 0/105/105 R 1.80 0 0 0.0 0.08 0.08 190.75.84.188
   1-0 29396 0/86/86 R 1.78 0 0 0.0 0.07 0.07 190.77.93.19
   1-0 29396 0/82/82 R 1.78 0 0 0.0 0.06 0.06 190.78.253.122
   1-0 29396 0/62/62 W 0.96 3 0 0.0 0.05 0.05 103.27.24.114 SITEREMOVEDHERE:80
   POST / HTTP/1.0
   1-0 29396 0/80/80 R 1.79 0 0 0.0 0.06 0.06 201.209.206.156
   1-0 29396 0/75/75 R 1.80 0 0 0.0 0.06 0.06 200.84.90.141
   1-0 29396 0/14/14 R 0.11 10 0 0.0 0.01 0.01 186.90.76.254
   1-0 29396 0/5/5 W 0.07 10 0 0.0 0.00 0.00 201.248.26.152 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   1-0 29396 0/85/85 R 1.76 0 0 0.0 0.07 0.07 190.205.29.146
   1-0 29396 0/93/93 R 1.77 0 0 0.0 0.07 0.07 202.102.22.153
   1-0 29396 0/76/76 R 1.80 0 0 0.0 0.06 0.06 186.88.106.211
   1-0 29396 0/96/96 R 1.79 0 1 0.0 0.08 0.08 190.206.178.92
   1-0 29396 0/84/84 R 1.80 0 0 0.0 0.07 0.07 183.140.162.2
   2-0 29397 0/64/64 R 1.25 0 2363 0.0 0.05 0.05 190.78.83.36
   2-0 29397 0/88/88 R 1.23 0 0 0.0 0.07 0.07 186.95.208.72
   2-0 29397 0/93/93 R 1.23 0 0 0.0 0.07 0.07 190.74.53.206
   2-0 29397 0/60/60 R 1.24 0 0 0.0 0.05 0.05 186.92.188.200
   2-0 29397 0/89/89 R 1.25 0 0 0.0 0.09 0.09 190.204.55.100
   2-0 29397 0/76/76 R 1.26 0 0 0.0 0.06 0.06 190.72.49.79
   2-0 29397 0/66/66 R 1.22 0 0 0.0 0.05 0.05 190.205.29.146
   2-0 29397 0/62/62 R 1.25 0 0 0.0 0.05 0.05 186.89.190.141
   2-0 29397 0/11/11 R 0.58 7 0 0.0 0.01 0.01 190.74.86.145
   2-0 29397 0/53/53 R 0.87 4 0 0.0 0.04 0.04 190.203.206.121
   2-0 29397 0/69/69 R 1.20 0 0 0.0 0.05 0.05 190.36.73.204
   2-0 29397 0/57/57 W 1.18 1 0 0.0 0.04 0.04 46.99.131.58 SITEREMOVEDHERE:80
   POST / HTTP/1.0
   2-0 29397 0/57/57 R 1.26 0 0 0.0 0.04 0.04 190.206.110.246
   2-0 29397 0/98/98 R 1.20 0 0 0.0 0.08 0.08 190.207.255.251
   2-0 29397 0/50/50 R 0.97 3 0 0.0 0.04 0.04 190.199.205.161
   2-0 29397 0/62/62 R 1.23 0 0 0.0 0.05 0.05 181.208.176.109
   2-0 29397 0/80/80 R 1.25 0 0 0.0 0.06 0.06 186.95.208.72
   2-0 29397 0/86/86 R 1.25 0 0 0.0 0.07 0.07 186.90.246.137
   2-0 29397 0/69/69 R 1.24 0 0 0.0 0.06 0.06 200.84.33.85
   2-0 29397 0/75/75 R 1.25 0 0 0.0 0.06 0.06 186.88.165.71
   2-0 29397 0/56/56 W 0.92 2 0 0.0 0.04 0.04 46.99.131.58 SITEREMOVEDHERE:80
   POST / HTTP/1.0
   2-0 29397 0/68/68 R 1.18 0 0 0.0 0.05 0.05 186.93.121.102
   2-0 29397 0/83/83 R 1.23 0 0 0.0 0.06 0.06 202.147.11.201
   2-0 29397 0/62/62 R 1.24 0 0 0.0 0.05 0.05 200.90.103.86
   2-0 29397 0/86/86 R 1.25 0 1006 0.0 0.07 0.07 186.94.29.20
   3-0 29399 0/22/22 R 0.91 0 0 0.0 0.02 0.02 190.207.160.152
   3-0 29399 0/60/60 R 0.60 4 0 0.0 0.05 0.05 201.248.23.55
   3-0 29399 0/36/36 R 0.91 0 0 0.0 0.03 0.03 190.74.81.151
   3-0 29399 0/31/31 R 0.87 0 0 0.0 0.02 0.02 190.75.109.3
   3-0 29399 0/87/87 R 0.91 0 0 0.0 0.07 0.07 200.84.43.94
   3-0 29399 0/25/25 R 0.72 2 0 0.0 0.02 0.02 190.207.192.114
   3-0 29399 0/71/71 R 0.88 0 0 0.0 0.06 0.06 186.88.175.144
   3-0 29399 0/84/84 R 0.91 0 0 0.0 0.06 0.06 186.88.172.10
   3-0 29399 0/37/37 W 0.82 1 0 0.0 0.03 0.03 46.99.131.58 SITEREMOVEDHERE:80
   POST / HTTP/1.0
   3-0 29399 0/87/87 R 0.91 0 0 0.0 0.07 0.07 46.99.131.58
   3-0 29399 0/67/67 R 0.91 0 0 0.0 0.05 0.05 190.206.181.117
   3-0 29399 0/39/39 W 0.63 4 0 0.0 0.03 0.03 180.127.62.177 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   3-0 29399 0/58/58 R 0.89 0 0 0.0 0.05 0.05 190.75.72.218
   3-0 29399 0/67/67 R 0.91 0 0 0.0 0.05 0.05 186.92.9.178
   3-0 29399 0/56/56 R 0.91 0 85 0.0 0.04 0.04 201.209.94.46
   3-0 29399 0/52/52 R 0.89 0 0 0.0 0.10 0.10 190.78.189.85
   3-0 29399 0/36/36 W 0.91 0 0 0.0 0.03 0.03 202.119.25.73 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   3-0 29399 0/76/76 R 0.84 0 0 0.0 0.06 0.06 190.77.119.40
   3-0 29399 0/55/55 R 0.89 0 0 0.0 0.04 0.04 190.72.51.78
   3-0 29399 0/71/71 R 0.91 0 0 0.0 0.06 0.06 200.84.33.50
   3-0 29399 0/20/20 R 0.31 8 0 0.0 0.02 0.02 186.90.157.221
   3-0 29399 0/83/83 R 0.91 0 0 0.0 0.06 0.06 190.206.81.45
   3-0 29399 0/72/72 R 0.88 0 0 0.0 0.07 0.07 201.209.93.115
   3-0 29399 0/23/23 R 0.91 0 2364 0.0 0.02 0.02 190.73.229.150
   3-0 29399 0/35/35 W 0.51 6 0 0.0 0.03 0.03 180.127.62.177 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   4-0 29406 0/74/74 R 1.06 0 0 0.0 0.06 0.06 186.94.223.94
   4-0 29406 0/66/66 R 1.06 0 0 0.0 0.05 0.05 201.209.233.98
   4-0 29406 0/81/81 R 1.06 0 0 0.0 0.06 0.06 190.73.166.89
   4-0 29406 0/18/18 R 0.22 9 0 0.0 0.01 0.01 200.8.7.180
   4-0 29406 0/74/74 R 1.06 0 0 0.0 0.06 0.06 201.243.114.62
   4-0 29406 0/62/62 _ 1.07 0 0 0.0 0.05 0.05 186.90.246.137 SITEREMOVEDHERE:80
   POST / HTTP/1.0
   4-0 29406 0/77/77 W 1.06 0 0 0.0 0.06 0.06 60.208.51.18 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   4-0 29406 0/83/83 R 0.99 1 0 0.0 0.07 0.07 190.77.110.23
   4-0 29406 0/75/75 R 1.06 0 0 0.0 0.07 0.07 201.243.121.15
   4-0 29406 0/49/49 R 1.01 0 0 0.0 0.04 0.04 190.202.186.135
   4-0 29406 0/42/42 R 0.94 1 0 0.0 0.03 0.03 190.75.37.215
   4-0 29406 0/69/69 _ 1.06 0 0 0.0 0.05 0.05 190.79.249.172 SITEREMOVEDHERE:80
   POST / HTTP/1.0
   4-0 29406 0/69/69 W 1.06 0 0 0.0 0.05 0.05 202.119.25.73 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   4-0 29406 0/57/57 R 0.93 1 49 0.0 0.05 0.05 82.146.147.112
   4-0 29406 0/63/63 R 1.02 0 0 0.0 0.05 0.05 190.73.235.243
   4-0 29406 0/53/53 R 1.04 0 0 0.0 0.04 0.04 190.75.100.46
   4-0 29406 0/83/83 W 1.06 0 0 0.0 0.06 0.06 186.213.122.143
   SITEREMOVEDHERE:80 POST / HTTP/1.0
   4-0 29406 0/47/47 R 0.93 1 0 0.0 0.04 0.04 190.77.119.40
   4-0 29406 0/54/54 W 0.74 4 0 0.0 0.04 0.04 180.127.62.177 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   4-0 29406 0/44/44 W 0.71 4 0 0.0 0.03 0.03 5.190.141.213 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   4-0 29406 0/52/52 R 0.97 1 0 0.0 0.04 0.04 190.75.193.73
   4-0 29406 0/59/59 R 1.01 0 0 0.0 0.05 0.05 201.243.190.139
   4-0 29406 0/68/68 R 0.86 2 0 0.0 0.05 0.05 186.91.162.44
   4-0 29406 0/65/65 R 1.06 0 0 0.0 0.10 0.10 190.198.186.103
   4-0 29406 0/75/75 _ 1.07 0 0 0.0 0.06 0.06 201.242.43.20 SITEREMOVEDHERE:80
   POST / HTTP/1.0
   5-0 29411 0/72/72 R 0.70 1 84 0.0 0.06 0.06 190.75.100.46
   5-0 29411 0/69/69 R 0.97 0 0 0.0 0.05 0.05 190.201.168.181
   5-0 29411 0/60/60 R 0.97 0 0 0.0 0.27 0.27 190.199.33.33
   5-0 29411 0/78/78 R 0.97 0 93 0.0 0.06 0.06 190.201.176.166
   5-0 29411 0/78/78 R 0.94 0 0 0.0 0.06 0.06 190.77.110.23
   5-0 29411 0/62/62 R 0.97 0 0 0.0 0.05 0.05 186.92.24.175
   5-0 29411 0/66/66 R 0.94 0 77 0.0 0.05 0.05 190.38.68.181
   5-0 29411 0/0/0 R 0.00 11 0 0.0 0.00 0.00 186.94.104.92
   5-0 29411 0/59/59 R 0.96 0 0 0.0 0.05 0.05 190.203.239.89
   5-0 29411 0/78/78 R 0.97 0 0 0.0 0.06 0.06 186.95.51.210
   5-0 29411 0/13/13 R 0.12 9 0 0.0 0.01 0.01 190.207.160.152
   5-0 29411 0/8/8 R 0.10 10 0 0.0 0.01 0.01 190.77.119.40
   5-0 29411 0/89/89 R 0.97 0 0 0.0 0.07 0.07 200.8.140.186
   5-0 29411 0/64/64 R 0.93 0 0 0.0 0.05 0.05 190.78.253.122
   5-0 29411 0/78/78 R 0.97 0 0 0.0 0.06 0.06 186.93.152.3
   5-0 29411 0/38/38 R 0.97 0 2363 0.0 0.03 0.03 190.38.68.181
   5-0 29411 0/1/1 R 0.01 10 1 0.0 0.00 0.00 186.91.162.44
   5-0 29411 0/47/47 W 0.57 3 0 0.0 0.04 0.04 186.213.122.143
   SITEREMOVEDHERE:80 POST / HTTP/1.0
   5-0 29411 0/87/87 R 0.97 0 0 0.0 0.07 0.07 46.99.131.58
   5-0 29411 0/86/86 R 0.97 0 0 0.0 0.07 0.07 200.8.140.186
   5-0 29411 0/79/79 R 0.96 0 0 0.0 0.06 0.06 190.73.47.46
   5-0 29411 0/74/74 R 0.96 0 0 0.0 0.06 0.06 190.78.79.9
   5-0 29411 0/106/106 R 0.97 0 0 0.0 0.08 0.08 186.95.208.72
   5-0 29411 0/59/59 R 0.66 2 0 0.0 0.05 0.05 190.204.10.99
   5-0 29411 0/46/46 R 0.91 0 0 0.0 0.04 0.04 186.89.129.180
   6-0 29421 0/18/18 R 0.16 9 0 0.0 0.01 0.01 200.93.70.90
   6-0 29421 0/68/68 W 1.14 1 0 0.0 0.05 0.05 46.99.131.58 SITEREMOVEDHERE:80
   POST / HTTP/1.0
   6-0 29421 0/30/30 W 1.24 0 0 0.0 0.02 0.02 202.119.25.73 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   6-0 29421 0/29/29 R 0.42 5 0 0.0 0.02 0.02 201.248.23.55
   6-0 29421 0/105/105 R 1.24 0 0 0.0 0.08 0.08 190.198.132.208
   6-0 29421 0/83/83 R 1.23 0 0 0.0 0.06 0.06 190.198.170.171
   6-0 29421 0/58/58 R 1.21 0 0 0.0 0.05 0.05 114.233.11.209
   6-0 29421 0/67/67 R 1.20 0 0 0.0 0.06 0.06 190.203.210.249
   6-0 29421 0/81/81 R 1.20 0 0 0.0 0.06 0.06 201.209.91.234
   6-0 29421 0/57/57 R 1.24 0 0 0.0 0.04 0.04 190.204.232.21
   6-0 29421 0/53/53 R 1.23 0 0 0.0 0.04 0.04 186.92.105.141
   6-0 29421 0/38/38 R 1.24 0 0 0.0 0.03 0.03 186.88.64.71
   6-0 29421 0/78/78 R 1.24 0 0 0.0 0.06 0.06 201.249.6.113
   6-0 29421 0/73/73 R 1.23 0 0 0.0 0.06 0.06 190.199.225.12
   6-0 29421 0/92/92 R 1.24 0 0 0.0 0.07 0.07 190.36.174.249
   6-0 29421 0/92/92 R 1.16 0 0 0.0 0.07 0.07 190.206.202.146
   6-0 29421 0/15/15 R 0.25 8 0 0.0 0.01 0.01 190.74.81.151
   6-0 29421 0/86/86 R 1.27 0 0 0.0 0.07 0.07 186.94.233.3
   6-0 29421 0/80/80 R 1.23 0 0 0.0 0.06 0.06 186.89.252.212
   6-0 29421 0/96/96 R 1.23 0 0 0.0 0.07 0.07 190.38.167.208
   6-0 29421 0/39/39 R 1.17 0 0 0.0 0.03 0.03 46.99.131.58
   6-0 29421 0/70/70 R 1.27 0 0 0.0 0.05 0.05 190.199.108.229
   6-0 29421 0/85/85 R 1.24 0 0 0.0 0.07 0.07 190.206.89.24
   6-0 29421 0/86/86 R 1.24 0 0 0.0 0.08 0.08 186.88.48.54
   6-0 29421 0/56/56 W 1.24 0 0 0.0 0.04 0.04 ::1 asgard.coreisp.net:80
   GET /whm-server-status HTTP/1.0
   7-0 29426 0/61/61 R 1.00 0 0 0.0 0.05 0.05 190.73.166.89
   7-0 29426 0/49/49 R 0.99 0 0 0.0 0.04 0.04 190.75.193.73
   7-0 29426 0/52/52 W 0.62 1 0 0.0 0.04 0.04 46.99.131.58 SITEREMOVEDHERE:80
   POST / HTTP/1.0
   7-0 29426 0/4/4 R 0.06 10 0 0.0 0.00 0.00 190.207.150.227
   7-0 29426 0/69/69 R 0.94 0 0 0.0 0.05 0.05 190.200.166.37
   7-0 29426 0/73/73 R 0.68 2 0 0.0 0.06 0.06 46.99.131.58
   7-0 29426 0/59/59 R 0.99 0 0 0.0 0.05 0.05 186.91.162.44
   7-0 29426 0/29/29 R 0.52 5 0 0.0 0.02 0.02 186.89.120.55
   7-0 29426 0/78/78 R 0.97 0 0 0.0 0.06 0.06 190.37.108.192
   7-0 29426 0/16/16 R 0.34 7 0 0.0 0.01 0.01 190.78.225.178
   7-0 29426 0/79/79 R 1.00 0 0 0.0 0.06 0.06 190.77.245.104
   7-0 29426 0/59/59 R 1.00 0 0 0.0 0.05 0.05 186.93.98.3
   7-0 29426 0/58/58 R 0.99 0 0 0.0 0.05 0.05 190.78.79.9
   7-0 29426 0/54/54 R 1.00 0 0 0.0 0.04 0.04 190.72.123.215
   7-0 29426 0/25/25 R 0.33 7 0 0.0 0.02 0.02 190.203.41.179
   7-0 29426 0/84/84 W 0.99 0 0 0.0 0.07 0.07 202.119.25.73 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   7-0 29426 0/67/67 R 0.70 2 0 0.0 0.05 0.05 190.207.150.227
   7-0 29426 0/59/59 R 0.64 3 0 0.0 0.05 0.05 186.88.175.144
   7-0 29426 0/15/15 W 0.33 7 0 0.0 0.01 0.01 108.254.26.12
   tngaming.com:80 POST /taigachat/list.json HTTP/1.1
   7-0 29426 0/96/96 R 1.00 0 0 0.0 0.09 0.09 190.77.195.192
   7-0 29426 0/79/79 R 0.68 2 0 0.0 0.06 0.06 190.203.112.112
   7-0 29426 0/98/98 R 0.98 0 0 0.0 0.08 0.08 190.198.186.103
   7-0 29426 0/40/40 R 0.33 7 0 0.0 0.03 0.03 190.75.72.218
   7-0 29426 0/122/122 R 1.00 0 0 0.0 0.09 0.09 190.39.93.79
   7-0 29426 0/10/10 R 1.00 0 0 0.0 0.01 0.01 186.90.123.130
   8-0 29440 0/48/48 R 0.77 1 0 0.0 0.04 0.04 190.207.99.16
   8-0 29440 0/65/65 R 0.87 0 0 0.0 0.06 0.06 190.198.186.103
   8-0 29440 0/14/14 R 0.17 8 0 0.0 0.01 0.01 186.90.157.221
   8-0 29440 0/20/20 W 0.21 8 0 0.0 0.02 0.02 5.190.141.213 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   8-0 29440 0/98/98 R 0.86 0 0 0.0 0.08 0.08 201.242.72.75
   8-0 29440 0/67/67 R 0.87 0 89 0.0 0.05 0.05 190.204.156.104
   8-0 29440 0/73/73 R 0.87 0 0 0.0 0.06 0.06 186.89.179.137
   8-0 29440 0/93/93 R 0.87 0 0 0.0 0.07 0.07 186.90.24.151
   8-0 29440 0/52/52 W 0.66 2 0 0.0 0.05 0.05 46.99.131.58 SITEREMOVEDHERE:80
   POST / HTTP/1.0
   8-0 29440 0/28/28 R 0.87 0 0 0.0 0.02 0.02 201.243.190.139
   8-0 29440 0/51/51 R 0.86 0 94 0.0 0.04 0.04 190.206.206.71
   8-0 29440 0/45/45 R 0.87 0 2363 0.0 0.03 0.03 190.77.80.196
   8-0 29440 0/56/56 R 0.86 0 0 0.0 0.04 0.04 111.94.120.137
   8-0 29440 0/33/33 W 0.66 3 0 0.0 0.03 0.03 123.167.126.208
   SITEREMOVEDHERE:80 POST / HTTP/1.0
   8-0 29440 0/52/52 R 0.84 0 0 0.0 0.04 0.04 186.89.85.150
   8-0 29440 0/61/61 R 0.87 0 0 0.0 0.05 0.05 201.209.91.234
   8-0 29440 0/61/61 R 0.76 1 0 0.0 0.05 0.05 190.206.31.161
   8-0 29440 0/14/14 R 0.15 9 0 0.0 0.01 0.01 200.8.7.180
   8-0 29440 0/93/93 R 0.86 0 0 0.0 0.07 0.07 103.27.24.112
   8-0 29440 0/81/81 R 0.87 0 0 0.0 0.11 0.11 190.75.37.215
   8-0 29440 0/71/71 R 0.87 0 0 0.0 0.06 0.06 190.77.189.220
   8-0 29440 0/94/94 W 0.85 0 0 0.0 0.07 0.07 5.190.141.213 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   8-0 29440 0/63/63 W 0.86 0 0 0.0 0.05 0.05 180.127.62.177 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   8-0 29440 0/20/20 R 0.34 6 0 0.0 0.02 0.02 186.14.196.233
   8-0 29440 0/44/44 R 0.81 1 0 0.0 0.03 0.03 190.203.206.121
   9-0 29455 0/63/63 R 1.23 0 0 0.0 0.05 0.05 186.93.121.93
   9-0 29455 0/56/56 R 1.24 0 0 0.0 0.04 0.04 190.78.76.184
   9-0 29455 0/4/4 R 0.07 10 0 0.0 0.00 0.00 186.92.188.200
   9-0 29455 0/79/79 R 1.23 0 0 0.0 0.06 0.06 190.72.148.223
   9-0 29455 0/45/45 W 0.88 5 0 0.0 0.04 0.04 117.173.11.131 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   9-0 29455 0/53/53 R 1.22 0 0 0.0 0.04 0.04 190.207.206.82
   9-0 29455 0/45/45 R 1.08 2 0 0.0 0.04 0.04 190.203.206.121
   9-0 29455 0/58/58 R 1.23 0 0 0.0 0.05 0.05 190.203.50.42
   9-0 29455 0/87/87 R 1.22 0 0 0.0 0.07 0.07 186.95.208.72
   9-0 29455 0/83/83 R 1.22 0 0 0.0 0.07 0.07 190.78.183.230
   9-0 29455 0/19/19 R 1.17 1 0 0.0 0.01 0.01 201.208.194.40
   9-0 29455 0/48/48 W 1.00 3 0 0.0 0.04 0.04 5.190.141.213 SITEREMOVEDHERE:80
   POST / HTTP/1.1
   9-0 29455 0/14/14 W 0.13 9 0 0.0 0.01 0.01 183.222.228.230
   SITEREMOVEDHERE:80 POST / HTTP/1.1
   9-0 29455 0/113/113 R 1.23 0 0 0.0 0.09 0.09 190.203.146.118
   9-0 29455 0/82/82 R 1.23 0 0 0.0 0.07 0.07 186.95.117.5
   9-0 29455 0/63/63 W 1.00 1 0 0.0 0.05 0.05 46.99.131.58 SITEREMOVEDHERE:80
   POST / HTTP/1.0
   9-0 29455 0/74/74 R 1.14 1 0 0.0 0.06 0.06 190.75.72.218
   9-0 29455 0/69/69 R 1.10 2 0 0.0 0.05 0.05 46.99.131.58
   9-0 29455 0/65/65 R 1.22 0 0 0.0 0.05 0.05 190.73.235.243
   9-0 29455 0/26/26 R 0.34 7 0 0.0 0.02 0.02 190.201.132.58
   9-0 29455 0/84/84 R 1.23 0 0 0.0 0.07 0.07 190.200.132.216
   9-0 29455 0/91/91 R 1.23 0 0 0.0 0.07 0.07 186.92.195.230
   9-0 29455 0/79/79 R 1.23 0 0 0.0 0.06 0.06 190.75.38.118
   9-0 29455 0/47/47 R 1.22 0 0 0.0 0.04 0.04 190.75.72.218
   9-0 29455 0/90/90 R 1.21 0 0 0.0 0.07 0.07 186.88.175.144
     __________________________________________________________________

    Srv  Child Server number - generation
    PID  OS process ID
    Acc  Number of accesses this connection / this child / this slot
     M   Mode of operation
    CPU  CPU usage, number of seconds
    SS   Seconds since beginning of most recent request
    Req  Milliseconds required to process most recent request
   Conn  Kilobytes transferred this connection
   Child Megabytes transferred this child
   Slot  Total megabytes transferred this slot
     __________________________________________________________________

   SSL/TLS Session Cache Status:
   cache type: SHMCB, shared memory: 1024000 bytes, current entries: 0
   subcaches: 32, indexes per subcache: 177
   index usage: 0%, cache usage: 0%
   total entries stored since starting: 0
   total entries replaced since starting: 0
   total entries expired since starting: 0
   total (pre-expiry) entries scrolled out of the cache: 0
   total retrieves since starting: 0 hit, 0 miss
   total removes since starting: 0 hit, 0 miss









   Current Time: Wednesday, 04-Feb-2015 18:28:31 PST
   Restart Time: Wednesday, 04-Feb-2015 18:25:11 PST
   Parent Server Config. Generation: 1
   Parent Server MPM Generation: 0
   Server uptime: 3 minutes 20 seconds
   Server load: 146.78 129.92 78.96
   Total accesses: 2016 - Total Traffic: 19.2 MB
   CPU Usage: u3.27 s6.38 cu1295.23 cs128.67 - 717% CPU load
   10.1 requests/sec - 98.1 kB/second - 9.7 kB/request
   150 requests currently being processed, 0 idle workers

    PID    Connections    Threads      Async connections
         total accepting busy idle writing keep-alive closing
   12842 25    yes       25   0    0       0          1
   12843 24    yes       25   0    0       0          0
   12844 25    yes       25   0    0       0          1
   12847 27    no        25   0    0       0          3
   12850 25    yes       25   0    0       0          1
   13223 24    yes       25   0    0       0          0
   Sum   150             150  0    0       0          6

WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWRWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWLWWW

   Scoreboard Key:
   "_" Waiting for Connection, "S" Starting up, "R" Reading Request,
   "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
   "C" Closing connection, "L" Logging, "G" Gracefully finishing,
   "I" Idle cleanup of worker, "." Open slot with no current process
root@asgard [~/cpanelnginx]# httpd fullstatus
                  Apache Server Status for localhost (via ::1)

   Server Version: Apache/2.4.10 (Unix) OpenSSL/1.0.1e-fips
          mod_bwlimited/1.4

   Server MPM: event
   Server Built: Dec 23 2014 06:06:45
   

Please open a support ticket to resolve the situation.

[mani123]

What type of hosting do you use? (VPS, Dedicated or shared)
What's the URL of your forum?

I'd assume it's shared hosting from CoreISP

[Burke ♞ Knight]

Um.... That makes no sense to me.
You do not know who your host is, but just assume it's CoreISP's?

[Bruce the Shark]

Have you tried emailing CoreISP or opening up a support ticket there?

[mani123]

My host is dedicatedbox.us, the problem is I've already gone through the support end. They can't anything on their end as it just kills their other customers (shared hosting) I believe.

[DSystem]

What's the url of your forum?
Which administrative panel that you use in this server?

[LiroyvH]

What's the url of your forum?
Which administrative panel that you use in this server?

How's that even relevant...?


Anyway, FTR: this is indeed a site on our shared hosting platform.
The attacks are two different DDoS attacks; one of which is a high-yield multi-gbps UDP/TCP flood.

We do offer ddos protected hosting, but it's unfortunately more costly; so I totally understand the attempt to find another solution.
CDN's might be a potential solution, but requires additional services to protect the origin being revealed whilst maintaining essential services.

[mani123]

Yea, I am at a loss. I really don't know much about the subject matter as to what should I do service wise.

[6TiME6]

I know this is an older post already, but the OPs question doesn't seem to have been answered appropriately yet. Because DDoS attacks pose a major threat to a lot of webmasters and I'm certain there are other people with similar issues who might stumble upon this post while searching for a solution, I'll take the time to answer the question in as much detail as possible.

While DDoS attacks are cheap to initiate nowadays, it's often costly to protect your website from them. Also there are multiple different approaches for DDoS protection. Let me elaborate and the two most common ones when it comes to websites.

1. Remote DDoS Protection
With remote DDoS protection you can keep hosting your website on the same server you're hosting it on now. With this protection method you update your domain's DNS records to point to a protected IP of your remote protection provider instead of your actual server IP. The remote protection provider will forward the scrubbed traffic (meaning only the legitimate traffic minus the DDoS attack traffic) to your server's IP through a HTTP reverse proxy or a tunnel such as GRE - there are multiple ways to do this and it might vary depending on the provider, although remote protection for websites will use a HTTP reverse proxy in 99% of the cases.

This keeps your server IP safe from DDoS, because the only IP the outside world can resolve your domain to is the DDoS protected one of your remote protection provider. You have to make sure that it stays hidden to avoid it being targeted directly. This means you have to make sure that there is no single DNS record pointing to your actual server IP (no MX record or anything like that either). You also shouldn't send any emails from your server directly (such as "Welcome" or "Forgot Password" emails and the like), because that will expose your server IP to the recipient. Instead you should use a SMTP service such as SendGrid or Mandrill.

Receiving emails can also be an issue with remote protection, because if your MX records resolve to your server IP, it will allow attackers to hit it directly, bypassing the remote protection. However there are some remote protection providers who don't only forward HTTP, but also SMTP and IMAP ports (best contact the provider about it and ask how you can receive mails on your server if you use their service).

While there are some down sides to remote protection, it's often the most cost-efficient way to protect a website from DDoS attacks. If you're short on budget, you can try something like the free plan that hxxp:www.cloudflare.com/ [nonactive] offers (just make sure to follow all tips above). hxxp:www.incapsula.com/ [nonactive] is another similar service that you might consider, although it's not free. Both are not forwarding email traffic though.

2. DDoS Protected Hosting
Another very obvious choice is to move your website to a DDoS protected hosting environment, be it shared hosting, VPS or dedicated. If your website is hosted inside a DDoS protected network, it will always be safe from DDoS attacks and you don't need to worry about attackers figuring our your server IP or sending/receiving emails.

DDoS protected hosting however can be more expensive than remote protection. It also comes with other culprits, such as very often missing layer 7 DDoS filtering. For example HTTP floods (when you see many weird requests in your access logs and experience a high web server, application server or data base server load on your system) are a rather common type of layer 7 DDoS attacks. Now while this type of attack more often then not is being filtered by remote protection services, most DDoS protected hosting providers lack proper means to filter these attacks before they can reach your server.

So if you decide to go with DDoS protected hosting instead of remote DDoS protection, make sure to ask the provider about layer 7 filtering - odds are they don't have it or you need a specific plan for it.

If you're short on budget, then you can check out hxxp:www.ovh.com/ [nonactive] which is a mass hosting provider with very cheap dedicated server offers which all come with basic DDoS protection (no layer 7 filtering by default though). Another alternative might be hxxp:javapipe.com/ [nonactive], who offer different types of DDoS protected hosting (including layer 7 filtering and they offer remote protection with email forwarding as well). Depending on which location you pick they are likely more expensive than OVH, but also have a lot more to offer. There are several types of DDoS attacks that OVH's protection can't filter properly.

Whatever you pick - remote protection or a protected hosting environment - make sure to ask the provider the questions outlined above before you go with their products to avoid any surprises. Because the threat of DDoS attacks is growing quickly, there will be more and more hosting providers adding DDoS protection to their network within the coming years, so it also makes sense to first ask your current provider if they offer any DDoS mitigation options already.

Good luck!