[Sysadmins] DDOS protection for web forum

Michele Neylon :: Blacknight michele at blacknight.ie
Tue Sep 29 13:29:11 IST 2009


On 29 Sep 2009, at 13:19, Kieran Tully wrote:

> I occasionally help admin a popular Irish web forum who are
> increasingly come under DDOS attack. I don't have much time to look at
> this but it appears to be a SYN flood to the http port. It's a
> dedicated web-server running apache 2 and Linux kernel 2.6.
>
> 1) Are there some quick configuration changes on the webserver that
> will reduce the impact of the attack?
>
> The hosting company did add some iptables rules to blackhole the
> initial source but it's now moved to (what I assume is) a botnet.


I don't see how that would help. If it's a a real DDOS you need to  
stop the traffic before it comes near the server

>
> Are mod_evasive or mod_qos good options? Is there something in
> iptables or the kernel that can help adapt dynamically?
>
> 2) Are there alternatives to apache that would handle this better? All
> they need to serve are static files and PHP.
>
> 3) Are there any Irish hosting companies that do DDOS protection at
> the network level, e.g. ingress rate limiting, etc. ?
>
> 4) Are there legal or criminal routes to pursue if you can identify
> the initial attack source?
>
> Thanks for any suggestions,
> Kieran
> -- 
> Kieran Tully, Software Developer and Tenor, http://ktully.net
>
> _______________________________________________
> Sysadmins mailing list
> Sysadmins at lists.stdlib.net
> http://lists.stdlib.net/mailman/listinfo/sysadmins

Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
http://www.blacknight.com/
http://blog.blacknight.com/
http://mneylon.tel
Intl. +353 (0) 59  9183072
US: 213-233-1612
UK: 0844 484 9361
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 1 4811 763
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business  
Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845




More information about the Sysadmins mailing list