How to prevent DOS attacks?

Forum Moderators: bakedjake

Message Too Old, No Replies

How to prevent DOS attacks?

limitup

5:27 pm on Jun 1, 2004 (gmt 0)

Lately we've had situations where someone was using an automated script etc. requesting the same database intensive script 100s and even 1000s of times in a row within a very short period of time. We operate in a pretty competitive niche and I can only assume this is one or more of our competitors trying to overload our server, etc. I don't know much about this stuff, but can anyone point me in the right direction in terms of a solution to preventing this type of thing? Ideally we need to set something up where more than X number of requests from the same IP address within X number of seconds get automatically refused, etc.

limitup

5:30 pm on Jun 1, 2004 (gmt 0)

Forget to ask ... someone said to look into Apache's mod_dosevasive. Does anyone have any experience with this?

outrun

11:14 pm on Jun 1, 2004 (gmt 0)

mod_dosevasive is simple to use and I have found it quite effective.

regards,
Mark

limitup

11:34 pm on Jun 1, 2004 (gmt 0)

Thanks for the reply, I'll look into it.

Is there anything that can be done about DoS attacks coming from a bunch of different IPs at the same time?

MovingOnUp

2:36 pm on Jun 10, 2004 (gmt 0)

There are many different things you can do.

For resource intensive scripts, I always check the load average on the box first and abort with a "Try Back Later" message if the load average is too high. That prevents malicious users, bots, or even spikes from TV publicity from bringing your entire site down.

I also keep a list of bots and use robots.txt and mod_rewrite to prevent them from accessing scripts.

I have another list of bots (site downloaders, email harvesters, etc.) that I don't allow to access any page on the site.

I also monitor my logs for IP addresses with a lot of traffic. Usually it's just search engine spiders, but sometimes it's site downloaders or bots masquerading as a regular browser. I usually deny from that IP address to block them.

Krugar

4:28 am on Jun 15, 2004 (gmt 0)

How did you compile your lists MovingOnUp and how do you block them?