looking for script to protect against DDOS attacks

**bgillingham** · Oct 23rd, 2007, 9:34 pm

Hi all --

I am looking for a good PHP script that would be able to dynamically adjust to block those IP addresses for suspicious activity. Activities that would lead to getting blocked would include repeated posts of > 50kb (or whatever threshold makes the most sense - based on how my site is used), multiple port requests other than 80, - and I am guessing that there has to be some specific actions that deal with the HTTPS part of the site.

I am pretty sure that I saw some code that is written into phpBB that seems to do this, but there's no better way to find a great script than to look at what other web developers recommend.

Thanks in advance for any info on protecting a site against DDOS attacks.

**grim** · Oct 23rd, 2007, 9:50 pm

What kind of server/hosting package do you have? Do you have a firewall installed, vps/dedicated to give you the option of installing a firewall?

**bgillingham** · Oct 24th, 2007, 7:10 am

Originally Posted by Grim

What kind of server/hosting package do you have? Do you have a firewall installed, vps/dedicated to give you the option of installing a firewall?

Grimm -- thanks for asking. These details should help some:

The server is running Linux 2.6.9-55.0.9.ELsmp. The package is basically unlimited, but the cPanel's package name value is "default" (that really helps).

I forgot to mention that the package has a dedicated IP address. Also, most everything else is unlimited (like bandwidth, hard drive space, subdomains, email addresses).

MOD_SECURITY is installed. I am sure that there's a firewall, but I don't know any details (I am thinking that both types are used - a software firewall and hardware firewall).

I think that my host knows his security upside-down and backwards. I recently asked him a similar question about how safe is my site from hackers. He an open source apache module installed at one point to protect against DDOS attacks, but it caused some kind of other problem/s at the time.

It's time to hit some golf balls -- back in a couple hours

**grim** · Oct 24th, 2007, 7:59 am

So if I understand correctly you do not have a VPS or dedicated server?

TBH if you're that worried about it I would recommend getting a VPS or Dedicated server myself so that you could tweaks a firewall with DDOS protection.

This is what I have on all of my servers and I have 'yet' to have a problem. You can configure them to block out known attack methods and IP's, plus they will block IP's as needed automatically from such instances as incorrect passwords, brute force attacks, too many connections, etc.

**bgillingham** · Oct 24th, 2007, 6:59 pm

I may be able to close this question. I really don't think that I am going to code my own PHP routines to do this - or reinvent the wheel while I'm at it.

Originally Posted by Liquid Lust

So if I understand correctly you do not have a VPS or dedicated server?

Yes - that is what you'd call it -- dedicated, although not virtual and it has the static IP address.

Originally Posted by Liquid Lust

TBH if you're that worried about it I would recommend getting a VPS or Dedicated server myself so that you could tweaks a firewall with DDOS protection.

This sounds like something my web host was saying. I would have to think that you two have similar experiences. He's been doing his own hosting and tweaking of firewalls for over 10 years (that's a lot!!).

**grim** · Oct 24th, 2007, 7:11 pm

You have a dedicated server? If so is it cpanel with WHM?

If that is the case I can recommend a very easy to install and configure firewall with ddos protection

**bgillingham** · Oct 25th, 2007, 4:42 am

Originally Posted by Liquid Lust

You have a dedicated server? If so is it cpanel with WHM?

If that is the case I can recommend a very easy to install and configure firewall with ddos protection

Yes! I do have a cPanel with WHM for this domain. :grin: What firewall configuration can protect against the DDOS attacks?

-WTF is that a great place or what?! Hee hee.... Just having a little fun with the abbreviations.

**grim** · Oct 25th, 2007, 7:01 am

As long as you have ssh access and the required permissions 'usually needs vps or dedicated' the following is very easy to install and configure

http://www.configserver.com/cp/csf.html

I use this on 2 servers of mine and so far it's been great. Integrates with WHM, nice easy admin. Can block ip's server wide in an instant!