I have one the server that is on a DDOS attach for more than a day now. I managed to keep the server running by manually blocking the corresponding ip's.

I use mod_evasive(does not realy help I think) and APF. I enabled antidos from APF but it does not catch all I think. I want the corresponding ip's automaticly blocked on server level (like apf -d <ip>).

Does anyone has any hints how to solve this ?

Why-o-Why do they launch DDOS attacks...

Use BFD together with APF

http://www.rfxnetworks.com/bfd.php

I do use BFD but this only signals wrong logins (for example for SSH / ftp). It does nothing with the Ddos ip's or am I wrong ?

try this script
http://deflate.medialayer.com/

Thx Jackc, i am trying http://deflate.medialayer.com at this moment.

1) I think it is a (d)DOS attach because many different ip's are trying to load the same page over-and-over again. Blocking the ip's only result in new ip's that are loading the page again.

2) As far as I can tell mod_avasive does not block, it only shows a 403 page instead of the real page. That is not good enough for blocking the ip.

3) many hardware based firewalls runs on...... linux.... ;-) I don't think it would change much in case of a dDos attack ?

you can write a simple shell script to check the log file and block the ips keep requesting the same page.

If you know which page and which sites they are attacking dont you think you should take the site offline?

If you know which page and which sites they are attacking dont you think you should take the site offline?
I did that already, but the requests still keep coming in. Of course the original page was not loaded but the connections were still there.

Right now the attack(s) has stopped. I am not sure if it is because of all the things I did ;-)