[Sysadmins] DDOS protection for web forum

Kieran Tully kieran.tully at gmail.com
Tue Sep 29 13:19:19 IST 2009

I occasionally help admin a popular Irish web forum who are
increasingly come under DDOS attack. I don't have much time to look at
this but it appears to be a SYN flood to the http port. It's a
dedicated web-server running apache 2 and Linux kernel 2.6.

1) Are there some quick configuration changes on the webserver that
will reduce the impact of the attack?

The hosting company did add some iptables rules to blackhole the
initial source but it's now moved to (what I assume is) a botnet.

Are mod_evasive or mod_qos good options? Is there something in
iptables or the kernel that can help adapt dynamically?

2) Are there alternatives to apache that would handle this better? All
they need to serve are static files and PHP.

3) Are there any Irish hosting companies that do DDOS protection at
the network level, e.g. ingress rate limiting, etc. ?

4) Are there legal or criminal routes to pursue if you can identify
the initial attack source?

Thanks for any suggestions,
Kieran Tully, Software Developer and Tenor, http://ktully.net

More information about the Sysadmins mailing list