Move you domains for a while certainly will help, but from DDos's gives guarantees nobody I can think...
Only main thing to do is to null-route the IP until it ends. If it doesn't end... ask your DC to step up their mitigation...
You can maybe ask your host to set up a honeypot... Or block the IPs he's DDoSing from, then hope he doesn't have more than one botnet...
Well, here's a question - what type of DDoS? If it's a SYN flood, disable SYN incoming and/or throttle it using IPTables - this will at least slow it down, but not stop it.
The way it works is it requests a SYN.
You reply with a ACK SYN.
(it sends 1, you send 2 - therefore creating the overflow/flood).
I think that's right, I'm a little rusty on my DDoS's - but if you throttle for 1 response per IP, per.. lets say .. hour, this should throttle the bandwidth down to half. Then they can block it via their firewalls.
Just a suggestion, this is what I did when I ran a hosting company (and helped with VPS's, etc)..
This is incorrect. There are three phases to the TCP handshake..
1. Computer connects to you with the SYN bit set in the TCP header.
2. Your computer responds with both the SYN and ACK bit set in the TCP header.
3. Computer sends the last phase with the ACK bit set in the tcp header.
All further communications within the TCP session are performed with just the ACK bit set..
Throttling one response per IP per hour will effectively break your site for many, many people..
Although you are completely correct, the method of combating a DoS attack will depend on the method being used..
To the OP, your best bet is to make sure your provider is blocking the attack and that you're not getting charged for the bandwidth. Then wait it out...
Is this a shared hosting account or a dedicated server?.
Theres only so much you can do to limit a ddos if it's flooding your port you can't really stop it at the server level but the majority of attacks now adays will be service level attacks (IE against the webserver) which it is going to depend upon the exact nature of the attack on how you deal with it..
If it's just a few hundred or a few thousand ips you can filter them in no time at all, if it's a larger base and it's low bandwidth SYN you could use a tarpit to limit it..