1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to prevent DDOS?

Discussion in 'Security' started by NewTier, Jun 22, 2009.

  1. #1
    How do I prevent DDOS on my site? And how can I provide this service to other people? Thanks
    SEMrush
     
    NewTier, Jun 22, 2009 IP
    SEMrush
  2. maestria

    maestria Well-Known Member

    Messages:
    705
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    110
    #2
    If you have the root access, there are couple of tools like mod dos evasives which might give you protection upto an extent.
    Though there is no fool proof guarenteed solution for ddos.
    Make the server secure in general, harden the security loopholes and install the firewall and enhance it.
    Take the help of any experienced server admins
     
    maestria, Jun 23, 2009 IP
    thuankkk likes this.
  3. thuankkk

    thuankkk Active Member

    Messages:
    503
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    95
    #3
    If you have root SSH access:
    - Install mod evasive
    - Install APF
    - Install DDos Deflate http://deflate.medialayer.com

    If you're just a webmaster
    Add some script to deny bad request and stop when server load goes high
    
    <?php
      if(!$_SERVER['HTTP_USER_AGENT']
        or strpos(strtolower($_SERVER['HTTP_USER_AGENT']), 'php')!==false
        or strpos(strtolower($_SERVER['HTTP_REFERER']), '.swf')!==false
        ) {
        header('HTTP/1.1 403 Forbidden');
        exit('Bad request.');
      }
      if(function_exists('sys_getloadavg') and current(sys_getloadavg())>1) {
        header("HTTP/1.1 503 Service Unavailable");
        exit('High server load.');
      }
    ?>
    
    PHP:
     
    thuankkk, Jun 23, 2009 IP
    NewTier likes this.
  4. RectangleMan

    RectangleMan Notable Member

    Messages:
    2,825
    Likes Received:
    131
    Best Answers:
    0
    Trophy Points:
    210
    #4
    It's unlikely that if you need to ask how to prevent DDOS that you will be able to reliably provide the service to others. Preventing DDOS attacks is normally done by someone with a great deal of experience. While installing some apache modules and firewalls can be helpful there are many other things involved. The ability to read logs is probably the most important to stopping a DDOS attack. Once you understand the attack you can work to prevent it.
     
    RectangleMan, Jun 26, 2009 IP
  5. turbulence

    turbulence Well-Known Member

    Messages:
    956
    Likes Received:
    59
    Best Answers:
    0
    Trophy Points:
    138
    #5
    @ OP - this not like installing a firewall or some sort of software DDoS protection is a really hard to do job and people that deal with the mitigation of such attacks are highly educated and qualified professionals...

    if you want to get protected do not trust companies or people telling you that they could guard you for hundreds of dollars...the real good protection and that one that really stops the attacks will more probably cost you thousands of dollars...

    that is thee first thing you could look at ... the price, you could tell by the price whether the service is good or bad...
     
    turbulence, Jul 3, 2009 IP
  6. Algert

    Algert Active Member

    Messages:
    961
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    80
    #6
    probably even if you install apf/csf ( its better if you setup your iptables ) , ddos deflate, mod_evasive, etc you won't be able to stop a REAL attack.
     
    Algert, Jul 5, 2009 IP
  7. Bohra

    Bohra Prominent Member

    Messages:
    12,579
    Likes Received:
    537
    Best Answers:
    0
    Trophy Points:
    310
    #7
    Bohra, Jul 5, 2009 IP
  8. pitagora

    pitagora Peon

    Messages:
    248
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    0
    #8
    i hate to burst the bubble but stopping ddos attacks by filtering the packets that reach your client still implies that you will receive them. So in order to stop it you need more bandwidth then the atacker. It still comes to financial power and protection from the datacenter.
     
    pitagora, Jul 8, 2009 IP
    theapparatus likes this.
  9. LENOVOhost

    LENOVOhost Peon

    Messages:
    59
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Install mod evasive and DDos Deflate and prefrork will prevent the DDOS attack to maximum extend
     
    LENOVOhost, Jul 10, 2009 IP
  10. awesometbn

    awesometbn Peon

    Messages:
    268
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    #10
    Take a closer look at the services provided by akamai and similar companies. They create a distributed version of your exact website, and serve up your content from the nearest electronic point to the end user. A denial of service attack against your website is actually against the data aggregation company like akamai, and they aren't going down if you attack the end points. The attacker would have to target the root servers or distribution center of akamai to make any disruption.
     
    awesometbn, Jul 12, 2009 IP
  11. lyl

    lyl Banned

    Messages:
    28
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #11
    Thanks, i go to try installing apf
     
    lyl, Jul 15, 2009 IP
  12. theapparatus

    theapparatus Peon

    Messages:
    2,925
    Likes Received:
    119
    Best Answers:
    0
    Trophy Points:
    0
    #12
    +1. We have some serious software firewalls in place and they will ban if the traffic gets suspicious.

    We really screwed up though on our first slashdotting. :)
     
    theapparatus, Jul 15, 2009 IP
    pitagora likes this.
  13. justdoit1

    justdoit1 Peon

    Messages:
    100
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #13
    to date, there is no such foolproof defense for DDOS.
     
    justdoit1, Jul 17, 2009 IP
  14. AfterHim.com

    AfterHim.com Peon

    Messages:
    1,924
    Likes Received:
    51
    Best Answers:
    0
    Trophy Points:
    0
    #14
    Failover redundancy would help, but if you're receiving the packets, you're in trouble.
     
    AfterHim.com, Jul 17, 2009 IP