New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Best way to prevent outbound DDoS for Centos 6 VPS?
I recently had 2 servers suspended due to outbound DDoS attacks. I have a small VPN that I run with Free Radius and WHMCS on a few servers. (Around 3-4 at any given time)
I know of ways to limit bandwidth, but what would be the best ways to limit bandwidth that wouldn't interfere with Radius and OpenVPN? Perhaps something added to the IP tables I am thinking, all firewalls I've found seem to be very intrusive to OpenVPN as they try to close all ports and we allow port forwarding for Xbox and gaming clients.
Comments
Best way is to not get compromised. Usually when this happens it means someone got into your server and used it for that. Mitigating it could be bad as it could mask the issue and prevent you from realizing the problem.
@Jarland, I'd assume he sells VPS services and likely a bad Client uses it to send some bad traffic.
@juju if that's the case, do you at least know which Customer is that ? What sort of attack was it, volumetric ? Application layer ?
Is this OpenVZ or something more virtual, like KVM/Xen? If OpenVZ, install nodewatch, it will shut down a VPS that starts spewing crap
Turn it off.
It sounds like you got compromised with XOR-DDOS if it isn't a sub user pounding the attack out.
Make sure:
The XORDDOS botnet isn't self propagating so they don't draw attention to the boxes and get the TOS'd, instead the hurders have a handful of /24's routed by CT/CU that they use for all brute forcing. The /24's change out since they get sunk over time.
Francisco