I have a problem here. Could I ask you for some help or at least detailed advice?
I am running a pihole server on a vps. On the same vps is a dns server installed called
unbound.
In fact only port 53 is open, the port where unbound directly listens to queries
is closed from outside. Only 127.0.0.1 (pihole server) can send queries there.
Now, since 3 days I am victim of a massive attack. 60000 queries.....
The funny part, only 0.1 % of the queries are filtered by pihole, like someone has access to
unbound directly, which as far as my knowledge goes is impossible.
I installed your app in hope to block this DDOS or dynamic DDOS attacks, but it doesn't work.
the app seems running on the server, but doesn't block port 53
When I do: ddos --view-port 53
i get: 1 118.24.147.252:63498
so I can see a chinese from Qinzhou, somewhere left of Hong-Kong with ip 118.24.147.252
is attacking me, but the app doesn't block him on port 53...
(Or at least his vpn provider has a server there.)
Is there anything i can do to focus on port 53?
I am a beginner and student in this stuff, and I know I took a risk in deploying a dns.
But from mistakes you learn, no?
Thanks for any help.
UPDATE:
When I do:
ddos --view-port 53
He changes his ip adres every time....
1 118.24.147.252:43401
root@user:/etc/ddos# ddos --cron
Warning: this feature is deprecated and ddos-deflate should be run on daemon mode instead.
root@user:/etc/ddos# ddos --start
ddos daemon is already running...
Can I manually add banned ip's?
there is something I really do not understand here.....
When I bypass the program and do a hard:
iptables -I INPUT -s 118.24.147.252 -j DROP
to block at least that ip address, and afterwards I do a
ddos --view-port 53,
the response is:
1 118.24.147.252:8550
1 118.24.147.252:13183
So, I block it an they still manage to get queries???? am I missing something here?
Can Chinese admins bypass iptable firewalls?
oh, before you ask for it, I forgot to add this:
root@user:/etc/ddos# ddos --start
ddos daemon is already running...
Guys,
I have a problem here. Could I ask you for some help or at least detailed advice? I am running a pihole server on a vps. On the same vps is a dns server installed called unbound.
In fact only port 53 is open, the port where unbound directly listens to queries is closed from outside. Only 127.0.0.1 (pihole server) can send queries there.
Now, since 3 days I am victim of a massive attack. 60000 queries..... The funny part, only 0.1 % of the queries are filtered by pihole, like someone has access to unbound directly, which as far as my knowledge goes is impossible.
I installed your app in hope to block this DDOS or dynamic DDOS attacks, but it doesn't work. the app seems running on the server, but doesn't block port 53
When I do: ddos --view-port 53 i get: 1 118.24.147.252:63498
so I can see a chinese from Qinzhou, somewhere left of Hong-Kong with ip 118.24.147.252 is attacking me, but the app doesn't block him on port 53... (Or at least his vpn provider has a server there.)
Is there anything i can do to focus on port 53? I am a beginner and student in this stuff, and I know I took a risk in deploying a dns. But from mistakes you learn, no?
Thanks for any help.
UPDATE:
When I do: ddos --view-port 53
He changes his ip adres every time.... 1 118.24.147.252:43401 root@user:/etc/ddos# ddos --cron Warning: this feature is deprecated and ddos-deflate should be run on daemon mode instead. root@user:/etc/ddos# ddos --start ddos daemon is already running...
Can I manually add banned ip's?
there is something I really do not understand here..... When I bypass the program and do a hard:
iptables -I INPUT -s 118.24.147.252 -j DROP
to block at least that ip address, and afterwards I do a ddos --view-port 53,
the response is:
1 118.24.147.252:8550 1 118.24.147.252:13183
So, I block it an they still manage to get queries???? am I missing something here? Can Chinese admins bypass iptable firewalls?
oh, before you ask for it, I forgot to add this:
root@user:/etc/ddos# ddos --start ddos daemon is already running...