Resisting ddos attack from redirected Bittorrent hits

Post Reply
billmccollam
Junior Member
Posts: 1
Joined: 24 Jan 2015, 19:09
Location: Canada

Resisting ddos attack from redirected Bittorrent hits

Post by billmccollam »

Our server has been under repeated 'attacks' from overwhelming port flooding and syn flooding and http requests. Installed CSF last week and successfully blocked the syn attacks and was able to deny certain httpd IP addresses that caused most of the issues. All good.

This week - the attack resumed. This time it was more or less focused on httpd. And too many different IPs to effectively block. (Most from China - but blocking China didnt really help).

The most common http request was one of these:
GET /announce?info_hash=%A8rJW%5B9X%1F%D0%BD%BC%2F%D4%E8R%E5%C6
GET /announce.php?info_hash=lh%7F%0Ex%9A%08a%AAb%40S%AEi%E87%3D

I take it that these are bit torrent requests and that somehow the attacker has gotten client BT requests redirected to targets like ours. I can block these in mod_security2 I think - but can i also block them upstream (in CSF)? If so, I couldn't figure that out. (but very much a csf novice).

Any advice welcomed.
Cheers,
Bill
vox
Junior Member
Posts: 1
Joined: 04 Jun 2015, 04:31

Re: Resisting ddos attack from redirected Bittorrent hits

Post by vox »

Bill,

No replies from the original posting, I was wondering if you are still using csf on your tracker if so did you get it working well with your setup?
Post Reply