[Sysadmins] DDOS protection for web forum
Michele Neylon :: Blacknight
michele at blacknight.ie
Tue Sep 29 13:29:11 IST 2009
On 29 Sep 2009, at 13:19, Kieran Tully wrote:
> I occasionally help admin a popular Irish web forum who are
> increasingly come under DDOS attack. I don't have much time to look at
> this but it appears to be a SYN flood to the http port. It's a
> dedicated web-server running apache 2 and Linux kernel 2.6.
> 1) Are there some quick configuration changes on the webserver that
> will reduce the impact of the attack?
> The hosting company did add some iptables rules to blackhole the
> initial source but it's now moved to (what I assume is) a botnet.
I don't see how that would help. If it's a a real DDOS you need to
stop the traffic before it comes near the server
> Are mod_evasive or mod_qos good options? Is there something in
> iptables or the kernel that can help adapt dynamically?
> 2) Are there alternatives to apache that would handle this better? All
> they need to serve are static files and PHP.
> 3) Are there any Irish hosting companies that do DDOS protection at
> the network level, e.g. ingress rate limiting, etc. ?
> 4) Are there legal or criminal routes to pursue if you can identify
> the initial attack source?
> Thanks for any suggestions,
> Kieran Tully, Software Developer and Tenor, http://ktully.net
> Sysadmins mailing list
> Sysadmins at lists.stdlib.net
Mr Michele Neylon
Hosting & Colocation, Brand Protection
Intl. +353 (0) 59 9183072
UK: 0844 484 9361
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 1 4811 763
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
Road,Graiguecullen,Carlow,Ireland Company No.: 370845
More information about the Sysadmins