Web server outages and DDOS attacks

Forums › IT Pro and developers › Web server outages and DDOS attacks - how common are they?

1 | 2 | 3 | 4

566 posts

Ultimate Geek

#1464796 7-Jan-2016 00:25

what os are you using
are you just hosting wordpress, forums, etc ?

is your firewall config right ?

I use a number of things

keep os up to date
all software up to date eg wordpress etc

cloudflare
https://www.cloudflare.com/

fail2ban

http://www.fail2ban.org

a script to block known pest bot spam etc
https://github.com/trick77/ipset-blacklist

zbblock, a script to use with php pages wordpress forums etc

http://www.spambotsecurity.com/zbblock.php

noting is 100% proof
so manually check server logs

dont just block ips block user agents too

Noodles

487 posts

Ultimate Geek

#1464891 7-Jan-2016 09:27

Another vote for putting Cloudflare in front of your server. It's very little work and gives you DDoS protection, ipv6, SSL, DNSSEC, HTTP/2 and you block ips by network range or by country.

michaelmurfy

meow
13242 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1464894 7-Jan-2016 09:30

As stated - if you have direct DNS control over the domains being hosted off the server then Cloudflare them. For extra security block everything but Cloudflare. I made a blog post about this: https://murfy.nz/2015/12/cloudflare-site-security/

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

timmmay

20578 posts

Uber Geek

Trusted

Lifetime subscriber

#1464900 7-Jan-2016 09:36

michaelmurfy: As stated - if you have direct DNS control over the domains being hosted off the server then Cloudflare them. For extra security block everything but Cloudflare. I made a blog post about this: https://murfy.nz/2015/12/cloudflare-site-security/

I use CloudFlare but I don't currently block direct access. I've read that if you have subdomains like ftp.example.com or mail.example.com that often leaks your IP, and though you can block the traffic at the IP it's still known. If your DNS records were ever public they can be found, so I've read it's best to request a new IP when you do this - very easy on AWS.

michaelmurfy

meow
13242 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1464901 7-Jan-2016 09:39

timmmay:
michaelmurfy: As stated - if you have direct DNS control over the domains being hosted off the server then Cloudflare them. For extra security block everything but Cloudflare. I made a blog post about this: https://murfy.nz/2015/12/cloudflare-site-security/

I use CloudFlare but I don't currently block direct access. I've read that if you have subdomains like ftp.example.com or mail.example.com that often leaks your IP, and though you can block the traffic at the IP it's still known. If your DNS records were ever public they can be found, so I've read it's best to request a new IP when you do this - very easy on AWS.

The idea in my case (which worked wonders) was to block traffic outside of Cloudflare. FTP + SSH can still be accessed but only via NZ with Google Authenticator on all logins + fail2ban.

RobinmNZ

24 posts

Geek

#1464922 7-Jan-2016 10:04

Thanks, all, I have a lot to read up on and think about./

I had asked our server folks about Cloudflare and what they said didn't give me a lot of confidence:

"We've seen mixed success with cloudflare. In a lot of cases, it works just fine. But we had one guy who used it, and instead of bots and whatnot going all over his site, it was cloudflare itself apparently scraping down humongous chunks of his site, and actually making it worse - much worse - than it was just dealing with the occasional spiky stuff that came through. It really defeated the entire purpose of having the thing in place. We had another guy with a very active political blog (and if you've seen any coverage of our politics here in the US, you know what a freak show that is) who used MaxCDN, which worked better than cloudflare for him, which he had also tried first."

timmmay

20578 posts

Uber Geek

Trusted

Lifetime subscriber

#1464935 7-Jan-2016 10:08

CloudFlare free doesn't give you as much direct control as the paid plans. It relies on you having your caching related headers correct. Since you have your own server it's relatively easy to rewrite any headers, especially with nginx which I find easier than apache.

I've used CloudFlare free for a couple of years with no issues. Nothing much to lose trying it, just monitor your server for 48 hours after implementation.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Note that to use Quic Broadband you must be comfortable with configuring your own router.

freitasm

BDFL - Memuneh
79265 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1464945 7-Jan-2016 10:20

RobinmNZ: Thanks, all, I have a lot to read up on and think about./

I had asked our server folks about Cloudflare and what they said didn't give me a lot of confidence:

"We've seen mixed success with cloudflare. In a lot of cases, it works just fine. But we had one guy who used it, and instead of bots and whatnot going all over his site, it was cloudflare itself apparently scraping down humongous chunks of his site, and actually making it worse - much worse - than it was just dealing with the occasional spiky stuff that came through. It really defeated the entire purpose of having the thing in place. We had another guy with a very active political blog (and if you've seen any coverage of our politics here in the US, you know what a freak show that is) who used MaxCDN, which worked better than cloudflare for him, which he had also tried first."

It sounds like people who have no idea what a proxy is... Of course Cloudflare will "scrap down humongous chunks of a site" - every request will go through them so all you will see in logs is their IP addresses...

*sigh*

RobinmNZ

24 posts

Geek

#1464991 7-Jan-2016 10:58

See why I am so damned confused??

freitasm

BDFL - Memuneh
79265 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1465001 7-Jan-2016 11:09

Geekzone uses Cloudflare and we serve millions (as in almost 10 million) pages a month. We only see their IP addresses, huge chunks... Which is expected, instead of millions of different IP addresses...

timmmay

20578 posts

Uber Geek

Trusted

Lifetime subscriber

#1465019 7-Jan-2016 11:21

Cloudflare has 100 odd data centers, each will fetch static resources as often as required, as well as proxying every single page request that hits the site. The person who said "don't use cloudflare" may not be very experienced.

RmACK

196 posts

Master Geek

#1465556 8-Jan-2016 07:51

Another vote for cloud flare, an incredibly cheap (or free!) way to get the use of dozens of servers around the world hosting your site.
I've had really good results with cloud flare and also Varnish cache (although it's harder to configure).

I'd point out to you that by default cloud flare is very conservative, only caching static content like images, css etc. It doesn't cache your html generated by wordpress / other cms on the fly, causing database queries that suck cpu and disk IO. You can customise the settings in cloud flare with page rules to set patterns for what to cache or not.

Also take note of Timmay,s comment about ensuring your cache control headers are set correctly.

RobinmNZ

24 posts

Geek

#1465702 8-Jan-2016 10:33

Thanks, all, another outage right now which really does not help when I am trying to work on sites. I think I will stick the site* into the basic Cloudflare for now, at least for starters until I get sorted.

Timmay et al, what do you guys mean when you say sort out the 'caching related headers' - is that on the website side, or elsewhere?
thanks.

* meant to say, the main site that I think is at the root of all the issues.

Really appreciate all the advice I have received on GZ.

freitasm

BDFL - Memuneh
79265 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1465707 8-Jan-2016 10:38

By default Cloudflare will cache static resources - images, css, scripts. If your site has dynamics pages (created from a script/database) then you are good. If it has static pages only then you might change the settings to cache those pages as well - but don't worry until you start using Cloudflare.

timmmay

20578 posts

Uber Geek

Trusted

Lifetime subscriber

#1465709 8-Jan-2016 10:38

It's on the web server. They're typically generated by your software, but can be changed by your web server (apache/nginx). They're directives that tell the web browser and intermediate caches like Cloudflare what to cache and how long for. Cloudflare can override things though, using page rules.

If you just throw Cloudflare in it may help a little, just by caching images. It can also break things in some cases, usually only if you turn on css/js compression, so test thoroughly once you implement. It's generally pretty safe on conservative settings.

It sounds like you need professional help with this. I do that kind of consulting work as a side thing, PM me if you need help.

1 | 2 | 3 | 4