Results 1 to 4 of 4
  1. #1

    Huge DoS problem

    Okay, basically I manage a website which runs on the cpanel/whm interface and was wondering if there was anything my host could do to prevent DoS attacks on the server...at the moment we are having huge DoS attacks on our website therefore taking the whole website down for quite long periods of time.

    My host just seems to be manually blocking the DoS'ers IP's manually but this is just too tedious and not efficient enough.

    Is there any program for example that he can install which will block andy ip which sends a certain amount of requests within a given time period?

    Thanks alot for your help.

  2. #2
    Join Date
    May 2002
    Location
    Moscow
    Posts
    1,490
    blocking per attacker ip is not so good. For many many reason. At least it is not effective.
    for apache flood attack would be more useful using more optimized solution:

    setup proxy server which can filter request per attack pattern and transfer only legitimate traffic or setup firewall which can do same thing (btw - pf in most case is very useful tools for filtering traffic). Some web server has inline function for such "filtering" like a nginx or litespeed.
    Of course both is solution designed for light weight apache flood attack - their main characteristics is fact that number of attacker ip may be high (10-15k ip's is not rare case) but all request usually is short and for that reason in most case they do not eat so many incoming traffic. Also, in many case ip's listed in connection is spoofed ip's so blocking that ip just has not prevent any attack and you will still experience problem with max apache process limit.
    Also you may setup as many apache as you want (you will need set for example 10-20-100 apache instances and assign each of them to different port) and again transfer incoming request to each instances using simple "round robin" method or any other what you want. Of course, setting many apache instances will required enough server config - many many RAM and power cpu.
    But, in answer your question, i don't know any script which can do such complex work without experienced admin.
    Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR, AS51168

  3. #3
    Quote Originally Posted by Pootsey View Post
    Is there any program for example that he can install which will block andy ip which sends a certain amount of requests within a given time period?
    If you're using iptables then look at limit module.
    If you're using pf then read documentation
    ...comming soon?

  4. #4
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    Quote Originally Posted by rustelekom View Post
    blocking per attacker ip is not so good. For many many reason. At least it is not effective.
    for apache flood attack would be more useful using more optimized solution:

    setup proxy server which can filter request per attack pattern and transfer only legitimate traffic or setup firewall which can do same thing (btw - pf in most case is very useful tools for filtering traffic). Some web server has inline function for such "filtering" like a nginx or litespeed.
    This works sometimes. It depends on how determined the attacker is but i'll also backup the LSWS recommendations.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •