Joined: 21 Sep 2003 Posts: 16777097 Location: Portugal
Posted: Sun Jan 23, 2005 8:28 pm Post subject:
Ok, here's an update.
It seems our server was under a DDoS attack for the better part of Friday and Saturday. Our hosting took the necessary measures to counteract the problem, but of course some issues did still arise.
We are expecting the problem to be solved by now, thank you for your input.
Posted: Sun Jan 23, 2005 11:18 pm Post subject: log in problems
Same thing here,got a few error messages while trying to hit this site but starting saturday I had problems getting on to any php hosted site. I put it down to "Santy" untill I noticed others having problems logging in or getting timed out.
I think Zone alarm had something to do with it. I had to allow third party cookies and private headers to get on any php site or would get weird error messages.
I didnt change any settings and all security scans showed my box was clean.I can replicate this error by unchecking those two options in zone every time.
Could Santy be causing Ddos attacks on all php sites?
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
Posted: Mon Jan 24, 2005 6:24 am Post subject:
Partially Santy and it's variants plus we quite often get DDoSed anyway being a 'security' site.
Our host is using an anti-DoS device now in front of the box, the problems people were having was due to this device dealing with the attack, it was dropping some of your SYN packets as attack packets when you tried to connect to the site along with those from the 'real' attack. So the site was up, just that at times it was hard to establish the full 3-way handshake.
There are some good papers here about DDoS mitigation strategies:
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum