Knowledgebase

DDOS protection on apache

Posted by zahirw, 06-22-2011, 04:57 PM
How do I harden a server to protect against ddos? I've currently got CSF & mod_security(csr) setup & running. Would rather prepare for it than pay 1000s to a mitigation service.
Posted by cpanellover, 06-22-2011, 05:05 PM
DDos deflate mod_evasive can help http://deflate.medialayer.com http://www.zdziarski.com/blog/?page_id=442
Posted by zahirw, 06-22-2011, 05:26 PM
Yes but it doesn't always play nice Any other advice?
Posted by Crashus, 06-23-2011, 08:32 AM
try limiting everything on the firewall it's way better
Posted by Thomak, 06-24-2011, 03:53 PM
This. Much better than any mod as far as I know, most mods will probably just do something similar anyway. If the attack is large enough however, their really isn't much you can do unfortunately until the botnet or attackers stop.
Posted by MikeDVB, 06-24-2011, 03:54 PM
Realistically there isn't a lot you can do server-side. If the attack is bigger than your pipe or more packets per second than the kernel can handle you're going to be offline either way.
Posted by DomainNameInvesting, 06-24-2011, 03:59 PM
I like this suggestion the most too, just did this on my server.
Posted by zahirw, 06-24-2011, 05:45 PM
How do you configure csf to tackle ddos or dos attacks?
Posted by zahirw, 06-25-2011, 01:08 AM
Found this but don't know how effective it would be in a large attack Step 1 : Open the CSF configuration file /etc/csf/csf.conf Step 2 : In that search for option called CT_LIMIT, by default it will be like CT_LIMIT=0 , change this to CT_LIMIT=90 ,here 90 is the max no.of connections from an IP to your server ( choose this value according to your server usage ) Step 3:Now search for option called CT_PORTS.This option is used to specify the port for which you want prevent DOS attack.Since our aim is to prevent the DOS attck to apache – port 80 , change CT_PORTS = “” to CT_PORTS = “80?
Posted by ZKuJoe, 06-25-2011, 01:46 AM
It would be ineffective against any size DDOS.
Posted by MrSaints, 06-25-2011, 01:22 PM
DDoS attacks are complex to deal with... as far as I'm concerned, there isn't any "bullet-proof" method of protecting or preparing yourself against a DDoS attack on a software-level. You will most definitely need protection on a hardware-level (e.g. Cisco Firewall). Of course, if you have a high-end server, then perhaps it would be more resilient against DDoS attacks, depending on the scale. Have a look at this blog post - please bare in mind the date of its postage. Mod_evasive will not do much in terms of DDoS mitigation. During a DDoS attack, there will be numerous connections from not a single IP address, but rather, numerous IP addresses, and if you are unable to filter the 'bad' requests from the 'real' requests, your server will be hit pretty hard before mod_evasive or DoS Deflate is even capable of doing anything. It's worth installing though, don't get me wrong. +1. Indeed, any filters or blocks carried out on a software-level will not do much as your server will still be 'hit' during a DDoS attack, and your port will still be flooded anyhow. I would recommend you set your server up on CloudFlare. It should be able to offer slightly more protection against DDoS attacks - http://support.cloudflare.com/kb/how...t-ddos-attacks Last edited by MrSaints; 06-25-2011 at 01:26 PM.
Posted by damoncloudflare, 06-25-2011, 07:28 PM
Just a quick note that CloudFlare can only help mitigate the impact of attacks. One cool thing you can do, however, is utilize our threat control panel to ban ips or challenge traffic from specific countries. If you know the attack is largely coming from Chinese IPs, you could make sure that all visitors from China get a challenge page before they can access your site (a captcha page). This means it doesn't even hit your server.
Posted by zahirw, 06-25-2011, 07:31 PM
Cool, will check it out. Thanks
Posted by damoncloudflare, 06-25-2011, 07:38 PM
Glad to help. One thing to keep in mind is that we will have to go direct if the attack gets too large. But being proactive and blocking/challenging will greatly help. My personal thoughts are that some sites should probably just not allow some traffic from other regions that they don't cater to. If you're a local website w/a local business, there's probably not too much of a worry with restricting access to regions that will never utilize your service.
Posted by MikeDVB, 06-25-2011, 07:48 PM
My major concern with that is accurately blocking those you don't wish to access the site and allowing those that you do. IP address Geo Location information changes all the time so unless your IP Location service is constantly updating you could inadvertently block some visitors you don't mean to block. It's not super likely, but it's a possibility.
Posted by damoncloudflare, 06-25-2011, 07:52 PM
My major concern with that is accurately blocking those you don't wish to access the site and allowing those that you do. IP address Geo Location information changes all the time so unless your IP Location service is constantly updating you could inadvertently block some visitors you don't mean to block." It does change fairly frequently...but probably not that much of a risk. And pretty easy to fix by whitelisting the IPs as well.
Posted by zahirw, 06-26-2011, 05:32 AM
Thanks Damon, when you say 'we will have to go direct if the attack is too large' what do you mean? Btw, is anyone else using cloudflare as a form of ddos protection?
Posted by brianoz, 06-26-2011, 09:42 AM
CSF is quite effective at blocking minor DDOS activity that might otherwise overwhelm an unprotected machine. However, by normal terminology standards, these couldn't really be called "DDOS"es at all - they're often not distributed, as just one example, but can still sink a server dead in the water. As everyone else has said, nothing you can do on the server will protect you from a true DDOS - at the end of the day you need to move to some sort of DDOS mitigation outfit, or get upstream work done - there's just no other option, yet, until the technology catches up with these attacks.
Posted by damoncloudflare, 06-26-2011, 10:17 AM
Since other customers may be on the same node, one customer having an attack could lead to performance issues for their sites. If we see this happening because of a large DDoS attack, then we have to go direct to your server (we temporarily remove you from our proxy, but still resolve the DNS).
Posted by Crothers, 06-28-2011, 02:53 PM
I've seen an attack before that actually uses bots to trace route the target, and attacks all of its bordering gateways instead. Things like that are not going to be mitigated by any piece of software. The DDoSers of today are not the same as yesterday that everyone is used to. Slow loading a page or getting an irc chat room to refresh a page 100 times isn't the same as some of these precise attacks that happen now.
Posted by orpheum, 06-29-2011, 09:09 AM
There are other CDNs, like Akamai, that offer DDoS protection. I imagine that CloudFlare's capabilities for DDoS mitigation are not as robust at this point, though it is indeed a great service. Several U.S. federal agencies use Akamai to protect against DDoS attacks, and so far have been successful in staying online.


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
Regex help needed (Views: 554)
sudo access (Views: 563)
Mail delivery failed: returning message to sender cpanel server (Views: 603)
Everyoneswebhost (Views: 654)
layeredtech 72.232.125.x network issue? (Views: 605)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.