Comments on: Success Means Security: How to protect your most profitable web sites from distributed denial of service attacks (an open source approach)

By: Jez

Jez — Wed, 12 Sep 2007 16:08:46 +0000

Well we just suffered a “suspected” DDOS attack… have yet to prove this but we lost service several times due to a series of spikes in the volume of requests.
Having read this post a few days ago installing this module was on my list of things to do… following our recent problems we installed it in a bit of a hurry (without proper testing )! It will be interesting to see the results!

By: Hamlet Batista

Hamlet Batista — Thu, 06 Sep 2007 14:34:52 +0000

Many hosting companies have in their TOS a termination clause if you are caught spamming or facing a DDOS attacks. The problem is that those attacks usually affect all of their clients.

By: Hamlet Batista

Hamlet Batista — Thu, 06 Sep 2007 14:32:18 +0000

Bart - let me know how it works for you

By: Hamlet Batista

Hamlet Batista — Thu, 06 Sep 2007 14:31:43 +0000

Paul - I only use dedicated and co-located servers so I don’t know where to point you. On the other hand, if you are using shared hosting (and you are not upsetting someone) you are probably not an interesting target for these attackers.

By: Hamlet Batista

Hamlet Batista — Thu, 06 Sep 2007 14:28:46 +0000

There are hardware solutions to DDOS, but my problem with them is flexibility and cost. It is usually easier and cheaper to add more memory and CPU to a Linux server than to a Cisco device. You also don’t need an expensive support contract to upgrade the software

By: Hamlet Batista

Hamlet Batista — Thu, 06 Sep 2007 14:25:42 +0000

Jez - this technique is very scalable. Another reason I separate the protection from the real server is that the real server is usually CPU and memory intensive, while the protection requires minimum. Ultimately your server hardware and available bandwidth will determine the size of the attacks you can handle.

By: Florchakh

Florchakh — Wed, 05 Sep 2007 21:13:42 +0000

What a great comprehensive post, I was looking for it*

* - sounds spammy but this time I’m serious, I was in dramatical need of getting the DDOS problem solved and I do think your post helped a lot!

By: Jez

Jez — Wed, 05 Sep 2007 11:47:02 +0000

One company I had a dedicated server with said something along the lines of “if you suffer DDOS attacks we will terminate your contract, burn your data to DVD ROM and send it to you in the post”… i.e. that hosting company could not handle sustained DDOS attacks. This was a few years ago when there seemed to be no answer to the problem… they were actually a very good company…. not idiots by any stretch… they were one of the only companies I saw at the time that actually had a policy covering DDOS.

By: Jez

Jez — Wed, 05 Sep 2007 11:43:05 +0000

A firewall can protect against DDOS?

By: Sharingmatters.com

Sharingmatters.com — Wed, 05 Sep 2007 08:37:44 +0000

Hi Hamlet. Can you recommend any hosting company that you think is quite safe and protects against different attacks? Your solutions are for dedicated servers but still many people use standard hosting packages.

By: Indiana Jones

Indiana Jones — Tue, 04 Sep 2007 21:18:43 +0000

Usually a hardware firewall is a better solution.

By: Jez

Jez — Tue, 04 Sep 2007 14:46:09 +0000

Hi Hamlet,

Is this countermeasure just designed to stop your servers being knocked over as opposed to dealing with a sustained barrage of requests?

Perhaps that type of ’sustained’ attack is out-moded now IP spoofing is more difficult???

This is a very interesting post!

By: Protecting Your Site from DDOS Attacks ::

Protecting Your Site from DDOS Attacks :: — Tue, 04 Sep 2007 13:42:19 +0000

[...] Success Means Security: How to protect your most profitable web sites from distributed denial of ser… Subscribe! Social Bookmark This! These icons link to social bookmarking sites where readers can share and discover new web pages. [...]