DDoS attacks, high load, APF needs your help!

Hello,

There have recently been a large amount of DDoS attacks on my server via httpd, trying to access directories and files that do not exist. For some reason, this is causing a VERY high load on my server. I need to remedy this situation immediately.

I currently have APF firewall installed, and I want to do something with it. I need to block certain countries/isp's... is there a way to do this?

I have already blocked hundreds of IP's manually, but it is getting out of hand. I need to block a country RDNS/extension or ISP.

I'd need to wildcard such extensions as .nl, .vn until I know these attacks are going to stop. I have many security options set on my server, although nothing is stoping this.

My server is getting about a 200% load when the attacks get big enough.

Specs:
AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
1 GB Ram

Top:
/usr/sbin/httpd (about 50 processes of that during attacks)

VMStats:
procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
r b swpd free buff cache si so bi bo in cs us sy id wa
0 0 283156 748548 7136 45428 27 46 90 87 307 565 5 3 86 5
0 0 283156 748352 7144 45420 0 0 17 18 1949 3063 0 0 99 0
1 0 282412 747824 7152 45540 0 0 18 11 1969 24519 10 7 82 2

CP:
Plesk 7.5.4 Reloaded

CentOS 4.0 2.6.9-22.0.2.ELsmp

Pretty insane, huh? Without these attacks the load is usually 0.00, and during normal times it goes to ~1 load and hops around. I want this back, or as close to 0 and steady as possible.

Please help!

 

 

 

 

Top