heloo
today i have DDos Attack in my server
what is the better way to secure my server from DDos Attack
i use CentOS 4&5
i try every firewall and talk to softlayer - iweb i've Tried every possible solutions but I can not find a solution to the problems
Give Me The best way plzz
The best way to avoid being the victim of a DoS attack is to close off all un-used services/daemons & install all security patches from your vendor... I'd run Nessus/NMap against your server to see what's open & vulnerable
Hi!
First of all you should determine from which kind of DDoS you suffer. The most common DDoS types (by OSI levels):
1) Network (bandwidth limits). The number of DDoS agents can send you enormous number of any packets. It's no matter whether your server reject them or not, the meaning of such attack is exhasting of you bandwidth. Usually, web-hosting providers, which specializes on anti DDoS services, provides network chanels with very high network badwidth.
2) Transport (for example SYN flood). There is a lot of solutions: Cisco routers with special DDoS prevention functionality, SYN cookies in your OS kernel etc. Also a reverse-proxies farm could help in this case.
3) Application (DDoS targeted on application service like HTTP server). In general case this kind of attack is the same as flush event, when your service has enormous number of _valid_ users as a result of, for example, excelent advertising or flash mob. However:
a) it is possibly to drop dynamicly the most flodive subnetworks by simple measuring of number of requests from the subnetwork (Cisco also has such solutions on routers). However, this solution will work badly if DDoS agents are internet propagated trojans, so a lot of internet networks will infected and involved into the attack. By this way such solution will block a lot of sub-network or won't blok anything (depending on sensitivity of DDoS sensors).
b) such system (desribed in previous point) could has some service semantics in its sensors. For example, it can make clustering of posible DDoS zombie sub-networks by number of heurisics like value of heavy requests, ratio of requests to received responses, requests signatures and so on. By corelating of these parameters such system can block DDoS requests more precisely. I don't know about market solutions of such systems. My company provides such solutions only by individual clients requests...
So DDoS prevention is quite complex problem which requires also complex measures.
From a home user perespective, I don't think there is anything you could do against ddos attacks except maybe avoid places like irc or other dark webs.
To have a very basic DDOS protection, I would suggest first installing DDOS Deflate script. It is quite effective from simple (D)DOS attacks. Script itself is here. I wrote a small article on how to install and use it here.
Next step can be installing mod_dosevasive for Apache to get rid of HTTP DDOS attacks.