Hi i wonder if anyone can help/advise? I manage a dedicated server for an e-commerce website running on Magento. The website runs fine normally until it gets an onslaught of visitors, - [dont laugh] Is it possible that someone could deliberatley/malicously send the website loads of requests and it just crumbles? Could it be done through a server stress tool? If so how can I stop this? Hope someone can help/advise? Thanks, Richard.
Hi
First of all, I think that it would be the best for you to contact your current web host. I think they have seen a lot of different attacks (DoS Digg effect etc ), and I’m confident they have several algorithms how to prevent or solve that.
rikmg,
I’m sure there’s a way to script that incoming requests from one IP address be limited - at least throttled. I’m not enough of a Linux expert to know what that is, though.
Regards,
DK
Thanks for the reply, David. Anyone else know what I could look into?
Cheers.
Can you see the IP addresses in your logs? If so, you can use your .htaccess file to block those specific IP addresses.
If what you are seeing is a Denial Of Service (DOS) attack, it could be from many different computers and I have no idea how to deal with that.
Does it crash or just respond slowly during stress (and then recover)?
If it crashes, check the apache logs for clues to the crash reason. Chances are the apache config allows too many processes to be spawned and then gets OOMed.
Have a look at mod_evasive if you reckon it’s a deliberate attack and non-distributed.
Well is your dedicated server managed or non managed. May be you can ask your host if they can help on these issues by paying some extra bucks…