Ddos

[iceraven721]

Hey,

I have a person who is DDOSing my servers through FTP. Is there any way to configure IP bans for ftp or change the ftp server port to something like 42?

Thanks

[jcroom]

System Settings > Plugins Manager > TC_Security

[ECF]

TO change the FTP port goto System Settings Servers and click on the server line. Change the FTP port and then restart your monitor program.

[no-server]

But he will search an other Port.

Just get a good anti-ddos system, ban his ips (ask the provider).

[Johnny5_Hull]

Is the attack you are having a DOS attack, or DDos attack? If it's a simple DOS attack, it can be quite easy to stop, if it's a DDOS attack, you better start calling the bank manager up and getting your good suit out

 

Just as a side note, if it is the same Ip that is performing the attacks (doubtful I know, but...) then you could always config your firewall tyo block this person out.

 

It is by far the better solution to have your security OUTSIDE your servers, rather than just on them, think castles with walls outside them

 

If you do not have a firewall, then I suggest you either invest in getting one, or alternatively speak to whoever hosts your server or co-locates it for you, as the professional ones amongst us will always be able to offer a shared firewall solution of sorts. Remember if you don't have a firewall solution in place, you are just asking for trouble!!

 

If you do have a firewall and the intruder is still getting through, speak to the datacenter/isp who manages the network, they will be able to provide not only detailed reports on the attacks, but also offer some really good solutions on how to prevent this from happening.

[Dan M]

Indeed, as the post relatively stated above...

 

DDOS = Distributed Denial of Service attack

DOS = Denial of Service Attack

 

Distributed meaning more than one person. I would contact whoever you are hosted with, mainly the datacenter and ask them about protection.. many setups vary as to how protection can be implemented

 

Good luck

[nosit1]

If you do have a firewall and the intruder is still getting through, speak to the datacenter/isp who manages the network, they will be able to provide not only detailed reports on the attacks, but also offer some really good solutions on how to prevent this from happening.

 

They will be able to filter IP's on a upstream basis rather than at server level, making it harder for the intruders to penetrate.

[Magnetar]

But they can just get new IPs or give all their hacker buddies the hack tools and do it again.

You can't stop them that way if they really want your servers down.

Keep blocking their IPs and IP subnets but...

Call their ISPs and get their Internet services shut down for DOS attacks coming from the US.

Then call the FBI if you have logs.

Send them all the logs and any other info you have on them.

 

If it is DDOS coming from China or Korea IP block both countries IP subnets for example.

I had to block both of them, too many attacks were coming in for over there.