29-02-2016, 09:12 PMGrowl Wrote: Okay this going to be a long post on how to stop big DDoS attacks
1. Ban the User Agents
Find the user agents they are using to connect to your server. Some botnets will have similar user so take advantage of that. Use fail2ban or any other ip limiting system to ban the user agents. Use a wildcard.
2. Limit connection per ip
You could limit the connect per ip down to like 1 per 5 seconds. This will definitely effect the DDoS attack.
3. Simply ban the ips
You've been under attack for 16 hours. Get all IPs that have been hitting or pinging your server more than 5-10 hours and ban the ip from the server using fail2ban.
4. Mitigate it
Get another server to take the load. Your server doesn't have to take the hit if you have another server to take the hit instead.
5. Finally get a proper firewall
It can even be a Digitalocean server that is acting as a firewall. I have 3 layers on my site. It goes like this. Cloudflare ---> Firewall ---> Site
I change the name server to Cloudflare on the domain registrar, then from Cloudflare I point all my DNS records to my firewall. Then on my firewall I redirect them to my server IP. Therefore it goes through 2 layers before even reaching my origin server. Also make your firewall unpingable.
Might be some spelling or grammar mistakes, I'm very tired.
Try this and good luck.
This looks like a really good general guide to use. I might use this method once my site gets up and going.
![[Image: uKufxuL.jpg?1]](http://i.imgur.com/uKufxuL.jpg?1)