Advertisement:

Author Topic: Protection against DDoS attacks (post requests)  (Read 3406 times)

Offline pritimujumdar

  • Newbie
  • *
  • Posts: 3
Protection against DDoS attacks (post requests)
« on: February 07, 2017, 01:18:20 AM »
Attack is periodically happening by plugging the input channel on the http (sending large post requests).

I disabled the post processing with nginx and it gives 405 Not Allowed error. But, apparently, the server receives the request body and only then nginx gives an error.

I sift through a list of bots on the logs and added IP in iptables.

1. How to limit the POST requests to the server at all did not take them (or as an option: take all that less than 4K)?

2. If the IP is blocked: iptables -A INPUT -s 1.2.3.4 -j DROP - I understand that there is no incoming traffic to the server from this ip right?

3. Thinking to automate: Someone tried to feed large (3-10 GB) http logs in fail2ban - whether it will ship the system? Of course, you can write suspicious requests to a separate log. But the attack style can be changed.

Offline Linkjay

  • Jr. Member
  • **
  • Posts: 205
  • Gender: Male
  • eh
    • My Homepage.
Re: Protection against DDoS attacks (post requests)
« Reply #1 on: February 07, 2017, 01:19:54 AM »
I play games in my free time and volunteer my knowledge and support to the gaming communities of the internet.

You can contact me by these methods:
Use my Contact Script • PM me here • Add me on Steam

Offline Illori

  • Project Manager
  • SMF Master
  • *
  • Posts: 46,602
Re: Protection against DDoS attacks (post requests)
« Reply #2 on: February 07, 2017, 05:12:43 AM »
are you actually using SMF?

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 16,519
  • Gender: Male
  • CoreISP.net
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: Protection against DDoS attacks (post requests)
« Reply #3 on: February 07, 2017, 06:43:43 AM »
The traffic will still reach the server, but iptables will discard any packets coming from that IP.
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Offline pritimujumdar

  • Newbie
  • *
  • Posts: 3
Re: Protection against DDoS attacks (post requests)
« Reply #4 on: February 15, 2017, 05:58:48 AM »
The site is hosted on managed wordpress hosting from MilesWeb and it has cloudflare by default. Not able to understand how to fix this.

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 16,519
  • Gender: Male
  • CoreISP.net
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: Protection against DDoS attacks (post requests)
« Reply #5 on: February 15, 2017, 10:00:40 AM »
So block all incoming traffic to the HTTP(S) ports and only allow CloudFlare and perhaps your home IP to pass through?
It's a bit hard to tell you what to do since we don't know anything about your setup, and don't even know exactly what your problem is. Be more detailed. What's happening? Despite the 405 being thrown, do you still see high load or something? If not, why do you care much about the requests hitting your server - if they aren't being processed and don't cause a high load: you mitigated it. Or is the problem bandwidth consumption? What other steps have you taken to mitigate the effect of any such attack?

There's not enough details.
But if you have managed hosting anyway, why not simply ask your host to do this...? They're supposed to help you out if it's managed hosting.
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Offline pritimujumdar

  • Newbie
  • *
  • Posts: 3
Re: Protection against DDoS attacks (post requests)
« Reply #6 on: February 16, 2017, 03:11:49 AM »
Thanks for your help! Communicated with the support department at milesweb.com and they have fixed the issue. I made some changes in permission on my vps which created the problem.

Thanks again

Offline sangilca

  • Newbie
  • *
  • Posts: 4
Re: Protection against DDoS attacks (post requests)
« Reply #7 on: February 18, 2017, 06:16:49 PM »
The free version of Cloudfare don't stop Ddos attacks.

Offline Linkjay

  • Jr. Member
  • **
  • Posts: 205
  • Gender: Male
  • eh
    • My Homepage.
Re: Protection against DDoS attacks (post requests)
« Reply #8 on: February 18, 2017, 07:52:09 PM »
The free version of Cloudfare don't stop Ddos attacks.

Taken right off the CloudFlare site:


It says limited but will stop just about any attack thrown its way...
I play games in my free time and volunteer my knowledge and support to the gaming communities of the internet.

You can contact me by these methods:
Use my Contact Script • PM me here • Add me on Steam

Offline sangilca

  • Newbie
  • *
  • Posts: 4
Re: Protection against DDoS attacks (post requests)
« Reply #9 on: February 19, 2017, 01:30:48 PM »
The free version of Cloudfare don't stop Ddos attacks.

Taken right off the CloudFlare site:


It says limited but will stop just about any attack thrown its way...

IS says, I hope you don't have to try this, because his limited is the same as nothing.

Offline Linkjay

  • Jr. Member
  • **
  • Posts: 205
  • Gender: Male
  • eh
    • My Homepage.
Re: Protection against DDoS attacks (post requests)
« Reply #10 on: February 19, 2017, 07:08:18 PM »
The free version of Cloudfare don't stop Ddos attacks.

Taken right off the CloudFlare site:
[-snip-]https://uploads.linkjay1.com/image_16148746549332.png[/img]

It says limited but will stop just about any attack thrown its way...

IS says, I hope you don't have to try this, because his limited is the same as nothing.

I haven't had a single DDoS attack get through on my site ever since I have gotten on CloudFlare. I have tried stress tests in the past and none have gotten through. According to CloudFlare and hosting stats, I get a pretty decent amount of traffic, and people have tried in the past...

I don't understand where you're coming from or what proof you have that CF doesn't work fully, but I am interested in why you think CloudFlare isn't suitable.

I also want to state that both my sites are on the FREE version of CF.
I play games in my free time and volunteer my knowledge and support to the gaming communities of the internet.

You can contact me by these methods:
Use my Contact Script • PM me here • Add me on Steam

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 16,519
  • Gender: Male
  • CoreISP.net
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: Protection against DDoS attacks (post requests)
« Reply #11 on: February 19, 2017, 08:18:53 PM »
If the IP of the site is already known (like OP), or is discovered, CloudFlare on its own is of no use at all to block a (D)DoS attack. Absolutely zero.
For pre-emptive measures or to put up right before you switch your site to a new IP: it can work, absolutely. (Indeed with limits on the free plan btw.)
For sites already under attack, it's usually useless (exception: the attacker has no clue what he/she is doing, or the sw is crap.) to switch to CF unless you also move it to another server/IP.
CloudFlare is quite easy to bypass with the default configuration that most people use, always pay attention to that as well. :)
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.