How can I stop a currently active DDoS attack? [duplicate]

My VPS is under a DDoS attack. I cannot access RDP, and I cannot take it offline, or access it in any way at all. What can I do?

They are not trying to bruteforce, just trying to stop access to the VPS. I don't know if maybe the datacenter messed up or something, but the VPS is online and denying all requests as is normal when under DDoS.

Is there anything that I or my dedicated hosting provider can look at in the logs? How should I approach forensics after the fact?

I don't know much about DDoS attacks, do they usually stop after a few days?

Is there an existing anti-ddos program or something?


Solution 1:

There is no easy way to stop DDoS attacks. Get in touch with your provider and ask them for help. No program will help you against a DDoS which is intended to consume your bandwidth, you can only absorb these attacks by having more capacity and working with your upstream providers to dismantle the attack.

Solution 2:

Compared to hard- or software failure, DDoS is a rare occurence. Your system just being unreachable is no proof whatsoever.

If your system were under a good solid DDoS, you wouldnt be able to reach it at all. No ping, no nothing, and the dedicated server would be off too, perhaps along with the entire datacenter. Just "RDP not responding" probably is a sign of a DDoS not happening.

Try getting the VPS rebooted. Check if the host is alive and well. Check network, duplicate IPs, gateways, firewalls, updates, etc.

Is a VPS within the EULA of the host? Perhaps the provider interferes with the NAT or bridging?

Solution 3:

Open a ticket with your hosting company. Hopefully, they can put up a block upstream.