[Mauzen]

Quote:

Originally Posted by Michael23 It's on a VPS hosted by a hosting company, we know who is DDoSing us.

Point is that most of the times people know who the dos'er is, they just know his internet identity, and this doesnt mean anything. If you got his name send this info and all relevant logs to his or your provider. Especially ask your hoster for connection logfiles, or better ask him to take care of it, if its a reliable hoster they will manage it, as its an attack on one of their servers.

First thing to do is always adding a DROP entry to the iptables for the attacking IP. Most "ddos" attacks are just "dos" attacks, and not distributed in any way, as it is just a single guy running a dos flooder on his own computer, most do not even use proxy connections. So they dont got much power, dropping all packets from that ip will reduce effects to a minimum or to nothing.
It just starts getting ugly when iterative changing IPs and a whole bunch of attacking machines come into play.