SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Zealot
    Join Date
    Aug 2006
    Posts
    164
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Denial of Service attack

    Hi all!

    I was wondering how do you protect your sites against DoS attack? Is it possible at all? How to survive such attack and have you ever experienced it?

    Cheers!
    Last edited by kuszeras; Nov 8, 2012 at 06:39. Reason: typo
    http://www.yourshoutbox.com <- FREE chat for your website - limited offer
    http://www.smartchatbox.com <- let your visitors talk

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,644
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    kuszeras,

    Good hosts (like WebHostingBuzz) monitor their connections and can shut down ports during an attack. While that means that attacks are successful, it prevents damage to your website/database.

    You can also help that a bit by blocking IP addresses (ranges, actually) but a well constructed DDOS attack can come from too many vectors to allow the few valid connections that are attempting to come through.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Zealot
    Join Date
    Aug 2006
    Posts
    164
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks dklynn! I wonder whether it is a standard for hosting companies to monitor the traffic.

    Has anyone ever encountered such attack? How long did it last and how did it go away?
    http://www.yourshoutbox.com <- FREE chat for your website - limited offer
    http://www.smartchatbox.com <- let your visitors talk

  4. #4
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,644
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    k,

    Yes, I haven't and n/a. Only time will tell (but I have an outstanding host - WebHostingBuzz - and wouldn't expect a DOS attack to last long when up against their monitoring).

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  5. #5
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,625
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Most shared hosts will probably melt and shut off your website -- it will take down all 4000 other sites on the server. That is folding money, even at $3.99 a month.

    Anyhow, we are on the short list of people certain groups don't like and I've been through at least one concentrated DDoS and probably a number of smaller ones. Also things like a slashdotting which can feel like a DDoS. The major attack lasted the bulk of the week, mainly because we (unlike the half dozen others targeted) did not admit we were under attack and in fact managed to stay up by and large. To be honest, the best thing in many cases is to just go down -- the only thing we got when we managed to stay up through said concentrated attack was to get a really nasty bandwidth bill. Rolling over and playing dead would have been more cost-effective in most senses.

    The best defense we had was we knew their plan -- major DDoS attacks are publicly announced with an attack script. If you know where you are being hit you can take measures to kill that traffic inexpensively. IP address blocking doesn't help much -- really too hard to predict, especially without hurting legitimate traffic. Having a reverse proxy that can do very stateful HTTP inspections, as well as take the brunt of the attack helps alot. We could at least stop the proxy so we could operate the app server. Proxies also scale amazingly -- we took the entire force of the attack on a single 4-core IIS reverse proxy that was successfully serving a half dozen sites throughout the attack.

  6. #6
    SitePoint Zealot
    Join Date
    Aug 2006
    Posts
    164
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    wwb_99 thank you very much. That was really helpful answer.
    http://www.yourshoutbox.com <- FREE chat for your website - limited offer
    http://www.smartchatbox.com <- let your visitors talk

  7. #7
    SitePoint Enthusiast AndyGambles's Avatar
    Join Date
    Jul 2006
    Location
    Scarborough, North Yorkshire, United Kingdom
    Posts
    45
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    We currently utilise CloudFlare to fend off any attacks - www.cloudflare.com


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •