From owner-freebsd-security@FreeBSD.ORG Thu Mar 6 12:46:06 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C91A106566B for ; Thu, 6 Mar 2008 12:46:06 +0000 (UTC) (envelope-from marcs@draenor.org) Received: from hu-out-0506.google.com (hu-out-0506.google.com [72.14.214.232]) by mx1.freebsd.org (Postfix) with ESMTP id 7A5488FC1F for ; Thu, 6 Mar 2008 12:46:05 +0000 (UTC) (envelope-from marcs@draenor.org) Received: by hu-out-0506.google.com with SMTP id 28so1306375hub.8 for ; Thu, 06 Mar 2008 04:46:03 -0800 (PST) Received: by 10.86.52.1 with SMTP id z1mr4653261fgz.52.1204806752046; Thu, 06 Mar 2008 04:32:32 -0800 (PST) Received: by 10.86.82.8 with HTTP; Thu, 6 Mar 2008 04:32:32 -0800 (PST) Message-ID: Date: Thu, 6 Mar 2008 14:32:32 +0200 From: "Marc Silver" To: "kamolpat@dmaccess.net" In-Reply-To: <47CFCE4C.7010200@dmaccess.net> MIME-Version: 1.0 References: <47CFCE4C.7010200@dmaccess.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: Re: DDOS problem from Bangkok, Thailand X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Mar 2008 12:46:06 -0000 Hi, I assume the DoS is coming from multiple machines all hitting you on port 80? If it's from a specific address or range of addresses you should use ipfw or pf to block it at a firewall level before it hits your machine. Is the DoS hitting one specific page or a whole bunch of different ones? Sadly there is very little you may be able to do but if you provide more information people on this list may be able to help you mitigate the threat slightly. Most importantly, you should also consider contacting your upstream providers so that they can take action. Cheers, Marc On Thu, Mar 6, 2008 at 12:58 PM, kamolpat@dmaccess.net < kamolpat@dmaccess.net> wrote: > Dear Security team, > > I'm Kamolpat Pornatiwiwat, Sys admin of DMaccess Co., Ltd. I'm got the > problem, My FreeBSD 6.0 got Dos attacked. What should I do? At the > present, I decide to stop apache and leave only mail feature on > functioning. Any guide/recommend/solution will be appreciated. > > More detail about my server: > ====================== > FreeBSD 6.0 > apache-1.3.34_4 > php5-5.1.2_1 > MySQL 5.0.20 > > > php.ini > ====== > ;;;;;;;;;;;;;;;;;;; > ; Resource Limits ; > ;;;;;;;;;;;;;;;;;;; > > max_execution_time = 30 ; Maximum execution time of each script, in > seconds > max_input_time = 60 ; Maximum amount of time each script may spend > parsing r > memory_limit = 32M (at the beginning it is 8M, I change to 32MB since > the cause of httpd-error.log, however, it still the error as the following > showed on httpd-error.log > > > FILE:/var/log/httpd-error.log > ===================== > Allowed memory size of 33554432 bytes exhausted .... happend like this > all over the log > > Thanks in Advanced, > Kamolpat Pornatiwiwat, > Sys admin > DMaccess Co., Ltd. > > > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > -- Light up the Darkness. - Bob Marley