Results 1 to 18 of 18
  1. #1

    Exclamation Filter DDOS attacks

    So, I want to filter some DDOS attacks.

    Currently, I have apache2/php5 and a firewall/dos script to prevent post, get, flood spam. I'm not sure if whenever someone makes a request to my server(s) that those php scripts will take place. They use sessions, so I can't run them via php <filename>.

    Will my scripts work no matter the port, and are there anymore ways to filter DDOS attacks?

    Thanks!

  2. #2
    Join Date
    Aug 2004
    Location
    Kauai, Hawaii
    Posts
    3,799
    Quote Originally Posted by TakeControl View Post
    So, I want to filter some DDOS attacks.

    Currently, I have apache2/php5 and a firewall/dos script to prevent post, get, flood spam. I'm not sure if whenever someone makes a request to my server(s) that those php scripts will take place. They use sessions, so I can't run them via php <filename>.

    Will my scripts work no matter the port, and are there anymore ways to filter DDOS attacks?

    Thanks!
    You can't stop your port from being saturated by using scripts on the server side, but if the ddos is based on using too much of your apache/php resources you could look into firewall rules to limit connections per second, certain post/get requests, etc.

    Ultimately sticking something like cloudflare.com (free) in front of your site might be a quick fix for you.

  3. #3
    Join Date
    Jul 2013
    Posts
    296
    If your server have hardware firewall you can limit ddos attack using some rules on special ports. However you need a ddos protected network, the server can't block or limit ddos attacks without ddos protection tools.

  4. #4
    Quote Originally Posted by gordonrp View Post
    You can't stop your port from being saturated from scripts on the server side, but if the ddos is based on using too much of your apache/php resources you could look into firewall rules to limit connections per second, certain post/get requests, etc.
    Hi, I don't think you're understanding me.

    I have a server with apache2/php5 running, and in the /var/www folder I have both a firewall and a dos filtering script, which I am trying to use to null DDOS attacks.

    What I am asking:
    • Will the PHP scripts work on every port? (Not just port 80)
    • Are there other methods of redirecting, nulling etc. DDOS?


    My server already comes with some DDOS protection, but I'm looking to turn my server into a bunch of reverse proxies; which is why I need scripts similar to my PHP ones to work on every port.

    Thanks!

  5. #5
    Join Date
    Jul 2013
    Posts
    296
    PHP work on apahce using port 80, there is no way to bypass it but the attack still connect to your server and it can cause low speed in your server connection. If you have hardware firewall, you can block it before reach the server.

  6. #6
    Join Date
    Mar 2003
    Location
    /root
    Posts
    23,990
    Moved > Hosting Security and Technology .

    Specially 4 U
    Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
    JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
    Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx

  7. #7
    Join Date
    Jul 2013
    Posts
    296
    PHP work on apahce using port 80, there is no way to bypass it but the attack still connect to your server and it can cause low speed in your server connection. If you have hardware firewall, you can block it before reach the server.

  8. #8
    Quote Originally Posted by Genius Guard View Post
    PHP work on apahce using port 80, there is no way to bypass it but the attack still connect to your server and it can cause low speed in your server connection. If you have hardware firewall, you can block it before reach the server.
    So, say someone is trying to DDOS my server (xxx.xxx.xx.x), would the DDOS go to my php scripts then to be nulled?

  9. #9
    Join Date
    Jul 2013
    Posts
    296
    he alos can ddos your dns server or ftp server too. The ddos can affect any other ports. You should have a firewall which could detect attack from legal traffic otherwise your regular clients maybe detected as attacker and blocked.

  10. #10
    Quote Originally Posted by Genius Guard View Post
    he alos can ddos your dns server or ftp server too. The ddos can affect any other ports. You should have a firewall which could detect attack from legal traffic otherwise your regular clients maybe detected as attacker and blocked.
    How would I setup this firewall? It has to be software.

  11. #11
    Join Date
    Jul 2013
    Posts
    296
    do you use CSF ? use Connection Tracking and limit number of connection to server per IP,enable SYN Flood protection, block ICMP, however all these work when the attack size is small. for large attacks you have no choice unless use hardware firewall.

  12. #12
    Quote Originally Posted by Genius Guard View Post
    do you use CSF ? use Connection Tracking and limit number of connection to server per IP,enable SYN Flood protection, block ICMP, however all these work when the attack size is small. for large attacks you have no choice unless use hardware firewall.
    I've never heard of CSF. Like I said, I have PHP scripts which -should- filter all incoming connection and null any DDOS.

  13. #13
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,180
    Like @Genius Guard said, you can only block very small DDoS attacks or layer 7 attacks directly on your server with a software. The best way to do so is by using CSF or something like DDoS Deflate (http://deflate.medialayer.com/) and probably something like BARF (http://supmag.ru/?p=618) to block layer 7 attacks - PHP scripts are completely the wrong approach.
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>infinitnet.de

  14. #14
    Join Date
    Jul 2013
    Posts
    296
    if you mean your firewall is a php script, i should say your firewall can be attacked itself, you can't block ddos attack using a scritp firewall, CSF is great firewall but it also have some limitation against ddos attack, when your server flooded, the only thing can help you is hardware firewall.

  15. #15
    Quote Originally Posted by TakeControl View Post
    So, say someone is trying to DDOS my server (xxx.xxx.xx.x), would the DDOS go to my php scripts then to be nulled?
    DDoS attacks are not accessing your website to be handled by php scripts. Generally DDoS attacks are network packets sent to your server's IP saturating the server's bandwidth. Once the bandwidth is saturated, you can install anything you want. You can filter packets, but packets are still reaching your server's network card, using the whole port capacity. It's like you try to pass water trough a clogged pipe. Also if you have a big attack on an unprotected server, the hoster will nullroute your server's IP to protect his network.

    Also DDoS attacks can use less bandwidth, but a high amount of packets per second, over the network card's / OS's capacity to process packets.

    In any case, you have nothing to do with a php script.
    Also software firewalls are just a waste of time. DDoS attacks are huge those days, so software firewalls are not a solution.
    My recommandation is to get a DDoS protected server and if you already have one, you no longer need any additional software firewall on it.

    PS: PHP scripts doesn't "work" on ports. Apache listen on ports 80 (and 443), making scripts executable from an URL.
    Last edited by 5gbps; 11-23-2013 at 07:12 PM.

  16. #16
    Quote Originally Posted by infinitnet View Post
    Like @Genius Guard said, you can only block very small DDoS attacks or layer 7 attacks directly on your server with a software. The best way to do so is by using CSF or something like DDoS Deflate (http://deflate.medialayer.com/) and probably something like BARF (http://supmag.ru/?p=618) to block layer 7 attacks - PHP scripts are completely the wrong approach.
    Thank you. I had DDOS deflate too, but I'm not sure if the crontab is working. My server already has around 40Gbps DDOS protection, I just want to try and make it more efficient.

  17. #17
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,180
    Quote Originally Posted by TakeControl View Post
    Thank you. I had DDOS deflate too, but I'm not sure if the crontab is working. My server already has around 40Gbps DDOS protection, I just want to try and make it more efficient.
    You can check the crontabs with "crontab -e". If you already have a DDoS protection, you don't have to install any additional anti DDoS software on your server - just make sure to harden your kernel to make sure it can handle small attacks getting through the protection, so your servers stays online until the attack was detected by the hardware firewall.
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>infinitnet.de

  18. #18
    Join Date
    Jul 2013
    Posts
    296
    you have enough protection, you should work on your server local security, kernel, sharing, exploit and more...

Similar Threads

  1. Hiring sysadmin to help with iptables and filter small DDoS attacks
    By DylanP in forum Systems Management Requests
    Replies: 13
    Last Post: 04-02-2013, 08:27 AM
  2. Replies: 0
    Last Post: 03-28-2013, 09:01 AM
  3. Replies: 2
    Last Post: 11-03-2012, 05:29 PM
  4. Replies: 10
    Last Post: 07-07-2012, 06:45 PM
  5. Small HTTP GET Attacks - How to Filter?
    By AlpineTech in forum Hosting Security and Technology
    Replies: 8
    Last Post: 08-19-2010, 02:18 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •