DOS prevention

[Mark Hutchings]

You sure it was just a http attack? Several hundred requests in a few 
minutes shouldnt really put it on it's knees, unless the server is a VPS 
with low memory/CPU usage limits, or the server itself is low on resources.

If you're using Apache, you should check into several modules to lock 
down your server.  In this case, check out mod_evasive.

Server firewall wise:
I also suggest fail2ban and also CSF
http://configserver.com/cp/csf.html

Also you could try CloudFlare, but I've seen that cause a lot of 
problems at the same time.  If you have a low traffic web site, I would 
suggest it.  But if you ever expect a surge of traffic, CloudFlare could 
cause you headaches.

Another idea is that if you're server is at a datacenter, they can help 
on their end also.

On 3/18/2013 2:19 PM, J. Wade Michaelis wrote:
> I have a CentOS web server that has recently been brought to a halt on 
> two separate occasions.  Checking the access.log, it appears that it 
> was a Denial of Service (DOS) attack (hundreds of HTTP requests in a 
> very short time, all from a single IP address).
>
> I want to prevent these types of attacks from bringing the server to 
> its knees.  We have a hardware firewall (SonicWall) in place, but it 
> isn't quite new enough to run the firmware that allows rate-limiting.
>
> I have found a number of tutorials that show how to do this type of 
> thing with IPTABLES.  Is there a better solution?
>
> Supposing I go with IPTABLES, do I need to include rules to allow FTP 
> and SSH (the only other services on the server)?
>
> Would any of you be willing to assist me with this?
>
> Thanks,
> ~ j.
> jwade at userfriendlytech.net <mailto:jwade at userfriendlytech.net>
>
>
> _______________________________________________
> KCLUG mailing list
> KCLUG at kclug.org
> http://kclug.org/mailman/listinfo/kclug

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kclug.org/pipermail/kclug/attachments/20130318/dbf86e7f/attachment.html>