Thanks for your answer, but that is not what we want in this case. This would worsen our situation as visitors won't be able to access the website anymore.
That's not entirely true; any HTTP1.1 connections will keep going as long as they don't let the keepalive expire. It's just going to *temporarily* block a surge of new connections (some valid connections will still get through even during a flood). Of course, you still want to have a layered approach of enabling tcp syn cookies, tuning the tcp_max_syn_backlog, and configuring a reasonable limit on the number of SYNs per minute with IPtables. If that still has issues you can look at using something like SnortSAM to dynamically adjust IPTables blocks in response to attack signatures.
Originally Posted by riquelme
I need a way to give high priority to matters such as CRONTAB or SSH access regardless of the rest of the tasks. Will I need to do like a VPS or limit the usage of some domain names ?
Increasing the priority of SSHD is only going to bring your server down faster. Rate limiting with IPTables should work well here as there is no valid reason to have a massive number of SYNs for SSH over the course of a minute.
On the crond issue, are you certain that crond is executing late?
Enterprise Network Engineer :: Hosting Hobbyist :: Master of Procrastination
"The really cool thing about facts is they remain true regardless of who states them."
Since you are woried about syn attacks to your web daemon, just use iptables to rate limit on port 80 and 443, that way there is no limits on ssh so you can still use ssh when you need to. Another trick is get a 2nd ip for the server (if you dont already have one) and setup/use SSH on the 2nd ip and only limit on the public (main) ip that dns points to. That way you can limit even ssh but only on the ip that remote attackers would know about, and keep the private ip firewalled so only your office pc can get through and now you have a back door to keep ssh open for you.
█ TurnKey Internet, Inc : phone 1.518.618.0999 and 1.877.539.4638 | Contact Us
█ Cloud Servers | Dedicated Servers | Colocation | VPS | Mail Services | Reseller hosting
█ New York / East Coast Green Datacenter