November 25, 2024, 03:48:20 PM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: Help me, please. My server is attacked DDoS  (Read 4732 times)

Offline ndduy

  • New Member
  • Posts: 1
Help me, please. My server is attacked DDoS
« on: November 29, 2009, 05:18:59 AM »
can you write a script, please ? it use to ati DDoS but i'm a newbie i can't do it.
I have a log file www.mediafire.com/?yz2njlm0kzj . I want to read a DDos's IP address from log file, after that i want to add that IP to Firewall . I can do it by handicraft but i need a script, it can autorun every 5 min on my server.

Thank .

Offline kaushalpatel1982

  • LST CareTaker
  • Linux Learner
  • *****
  • Posts: 87
Re: Help me, please. My server is attacked DDoS
« Reply #1 on: November 29, 2009, 09:37:12 AM »
You have not mentioned the nature of the server. Means what is it used for?

Log is showing SIP communication which is normally using for VoIP. While talking about VoIP, it generate good amount of traffic and consume bandwidth.

If you feel this is DoS attack from single IP Address then the Rule you provided should work. I personally suggest do not open unnecessary ports which is not used.