rantsh Posted January 29, 2007 Share Posted January 29, 2007 Hey, just wondering... how do you deal with a DoS attack to your webserver? Link to comment https://forums.phpfreaks.com/topic/36185-dos/ Share on other sites More sharing options...
steviewdr Posted January 29, 2007 Share Posted January 29, 2007 There are various apache modules you can use. mod_throttle is one of them - it limits the connections and bandwith been eaten up in a DOS.Google for "hardening apache" for more tips etc.-steve Link to comment https://forums.phpfreaks.com/topic/36185-dos/#findComment-171949 Share on other sites More sharing options...
trq Posted January 29, 2007 Share Posted January 29, 2007 You might also take a look at iptables. Link to comment https://forums.phpfreaks.com/topic/36185-dos/#findComment-172209 Share on other sites More sharing options...
Stray_Bullet Posted January 30, 2007 Share Posted January 30, 2007 [quote author=steviewdr link=topic=124542.msg516217#msg516217 date=1170090922]mod_throttle is one of them - it limits the connections and bandwith been eaten up in a DOS.[/quote]I use mod_limitipconn. ;D Link to comment https://forums.phpfreaks.com/topic/36185-dos/#findComment-173098 Share on other sites More sharing options...
steviewdr Posted January 31, 2007 Share Posted January 31, 2007 [me=steviewdr]just found out today that mod_throttle is not available for apache2 :-([/me]Aparently there is mod_throttle which throttles apache and cgi processes. mod_bandwith is another one. I think apache2 has mod_cband - however its only for bandwith.Anways.-steve Link to comment https://forums.phpfreaks.com/topic/36185-dos/#findComment-173899 Share on other sites More sharing options...
the_oliver Posted February 5, 2007 Share Posted February 5, 2007 best way is to stick the server behind some kind of hardware firewall, but expencive. Cisco PIX is the best ive found, even there lower range, but come with a hefty price!Also usefull to have a second network card, on diffrent subnet, (idealy a non public IP) so you can still get to your server durin a DoS attack. Link to comment https://forums.phpfreaks.com/topic/36185-dos/#findComment-177804 Share on other sites More sharing options...
steviewdr Posted February 7, 2007 Share Posted February 7, 2007 the_oliver: I mainly use xen virtual machines - so I can xm console in directly if the network gives any issues etc :-)-steve Link to comment https://forums.phpfreaks.com/topic/36185-dos/#findComment-178692 Share on other sites More sharing options...
the_oliver Posted February 9, 2007 Share Posted February 9, 2007 steviewdr: That looks really clever! Can it be used to run multiple, compleatly indipendant, servers off one peice of hardware? Link to comment https://forums.phpfreaks.com/topic/36185-dos/#findComment-180543 Share on other sites More sharing options...
steviewdr Posted February 10, 2007 Share Posted February 10, 2007 the_oliver: Xen can indeed run completely independant servers off one piece of hardware.Basically - there is dom0 and domU. dom0 is the base Linux OS. Several domU's (guest os's) can run then on top of dom0. Typically there is nothing but xend and sshd running on dom0 - so its bullet proof. dom0 can then be used to control/console reboot/powerdown etc. etc. any of the domU's. If you have only 1 external ip address, dom0 can route the netconnections from the domU's, or each domU can have its own independant LAN and ip.You can also take a look at VMWare. Their vmware server offering is also free - and will allow you to run a Virtual Windows os either if thats what your looking for.Rgds,steve Link to comment https://forums.phpfreaks.com/topic/36185-dos/#findComment-181386 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.