Results 1 to 18 of 18
Thread: Filter DDOS attacks
-
11-23-2013, 06:15 PM #1Newbie
- Join Date
- Nov 2013
- Posts
- 6
Filter DDOS attacks
So, I want to filter some DDOS attacks.
Currently, I have apache2/php5 and a firewall/dos script to prevent post, get, flood spam. I'm not sure if whenever someone makes a request to my server(s) that those php scripts will take place. They use sessions, so I can't run them via php <filename>.
Will my scripts work no matter the port, and are there anymore ways to filter DDOS attacks?
Thanks!
-
11-23-2013, 06:26 PM #2Corporate Member
- Join Date
- Aug 2004
- Location
- Kauai, Hawaii
- Posts
- 3,799
You can't stop your port from being saturated by using scripts on the server side, but if the ddos is based on using too much of your apache/php resources you could look into firewall rules to limit connections per second, certain post/get requests, etc.
Ultimately sticking something like cloudflare.com (free) in front of your site might be a quick fix for you.
-
11-23-2013, 06:29 PM #3Web Hosting Guru
- Join Date
- Jul 2013
- Posts
- 296
If your server have hardware firewall you can limit ddos attack using some rules on special ports. However you need a ddos protected network, the server can't block or limit ddos attacks without ddos protection tools.
-
11-23-2013, 06:30 PM #4Newbie
- Join Date
- Nov 2013
- Posts
- 6
Hi, I don't think you're understanding me.
I have a server with apache2/php5 running, and in the /var/www folder I have both a firewall and a dos filtering script, which I am trying to use to null DDOS attacks.
What I am asking:
- Will the PHP scripts work on every port? (Not just port 80)
- Are there other methods of redirecting, nulling etc. DDOS?
My server already comes with some DDOS protection, but I'm looking to turn my server into a bunch of reverse proxies; which is why I need scripts similar to my PHP ones to work on every port.
Thanks!
-
11-23-2013, 06:33 PM #5Web Hosting Guru
- Join Date
- Jul 2013
- Posts
- 296
PHP work on apahce using port 80, there is no way to bypass it but the attack still connect to your server and it can cause low speed in your server connection. If you have hardware firewall, you can block it before reach the server.
-
11-23-2013, 06:33 PM #6The Linux Specialist
- Join Date
- Mar 2003
- Location
- /root
- Posts
- 23,990
Moved > Hosting Security and Technology .
Specially 4 U
Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx
-
11-23-2013, 06:33 PM #7Web Hosting Guru
- Join Date
- Jul 2013
- Posts
- 296
PHP work on apahce using port 80, there is no way to bypass it but the attack still connect to your server and it can cause low speed in your server connection. If you have hardware firewall, you can block it before reach the server.
-
11-23-2013, 06:39 PM #8Newbie
- Join Date
- Nov 2013
- Posts
- 6
-
11-23-2013, 06:43 PM #9Web Hosting Guru
- Join Date
- Jul 2013
- Posts
- 296
he alos can ddos your dns server or ftp server too. The ddos can affect any other ports. You should have a firewall which could detect attack from legal traffic otherwise your regular clients maybe detected as attacker and blocked.
-
11-23-2013, 06:46 PM #10Newbie
- Join Date
- Nov 2013
- Posts
- 6
-
11-23-2013, 06:52 PM #11Web Hosting Guru
- Join Date
- Jul 2013
- Posts
- 296
do you use CSF ? use Connection Tracking and limit number of connection to server per IP,enable SYN Flood protection, block ICMP, however all these work when the attack size is small. for large attacks you have no choice unless use hardware firewall.
-
11-23-2013, 06:55 PM #12Newbie
- Join Date
- Nov 2013
- Posts
- 6
-
11-23-2013, 07:00 PM #13Digital Marketing Strategist
- Join Date
- Dec 2011
- Location
- Germany
- Posts
- 1,180
Like @Genius Guard said, you can only block very small DDoS attacks or layer 7 attacks directly on your server with a software. The best way to do so is by using CSF or something like DDoS Deflate (http://deflate.medialayer.com/) and probably something like BARF (http://supmag.ru/?p=618) to block layer 7 attacks - PHP scripts are completely the wrong approach.
➤ Inbound Marketing & real SEO for web hosting providers
✎ Get in touch with me: co<at>infinitnet.de
-
11-23-2013, 07:03 PM #14Web Hosting Guru
- Join Date
- Jul 2013
- Posts
- 296
if you mean your firewall is a php script, i should say your firewall can be attacked itself, you can't block ddos attack using a scritp firewall, CSF is great firewall but it also have some limitation against ddos attack, when your server flooded, the only thing can help you is hardware firewall.
-
11-23-2013, 07:07 PM #15Disabled
- Join Date
- May 2012
- Posts
- 145
DDoS attacks are not accessing your website to be handled by php scripts. Generally DDoS attacks are network packets sent to your server's IP saturating the server's bandwidth. Once the bandwidth is saturated, you can install anything you want. You can filter packets, but packets are still reaching your server's network card, using the whole port capacity. It's like you try to pass water trough a clogged pipe. Also if you have a big attack on an unprotected server, the hoster will nullroute your server's IP to protect his network.
Also DDoS attacks can use less bandwidth, but a high amount of packets per second, over the network card's / OS's capacity to process packets.
In any case, you have nothing to do with a php script.
Also software firewalls are just a waste of time. DDoS attacks are huge those days, so software firewalls are not a solution.
My recommandation is to get a DDoS protected server and if you already have one, you no longer need any additional software firewall on it.
PS: PHP scripts doesn't "work" on ports. Apache listen on ports 80 (and 443), making scripts executable from an URL.Last edited by 5gbps; 11-23-2013 at 07:12 PM.
-
11-23-2013, 07:24 PM #16Newbie
- Join Date
- Nov 2013
- Posts
- 6
-
11-24-2013, 08:03 AM #17Digital Marketing Strategist
- Join Date
- Dec 2011
- Location
- Germany
- Posts
- 1,180
You can check the crontabs with "crontab -e". If you already have a DDoS protection, you don't have to install any additional anti DDoS software on your server - just make sure to harden your kernel to make sure it can handle small attacks getting through the protection, so your servers stays online until the attack was detected by the hardware firewall.
➤ Inbound Marketing & real SEO for web hosting providers
✎ Get in touch with me: co<at>infinitnet.de
-
11-24-2013, 03:53 PM #18Web Hosting Guru
- Join Date
- Jul 2013
- Posts
- 296
you have enough protection, you should work on your server local security, kernel, sharing, exploit and more...
Similar Threads
-
Hiring sysadmin to help with iptables and filter small DDoS attacks
By DylanP in forum Systems Management RequestsReplies: 13Last Post: 04-02-2013, 08:27 AM -
★ EU DDoS Protected Hosting **Filter all attacks* cPanel/Litespeed ** 50% OFF CHEAP ★
By vmserv in forum Shared Hosting OffersReplies: 0Last Post: 03-28-2013, 09:01 AM -
DoS and DDoS attacks on server And bat boot and crawler attacks
By ahmadtrco in forum Dedicated ServerReplies: 2Last Post: 11-03-2012, 05:29 PM -
Is it possible to filter DDOS attacks with a Linux virtual machine?
By xtgaming in forum Dedicated ServerReplies: 10Last Post: 07-07-2012, 06:45 PM -
Small HTTP GET Attacks - How to Filter?
By AlpineTech in forum Hosting Security and TechnologyReplies: 8Last Post: 08-19-2010, 02:18 PM