1

i have a rhel 5.3 w/ few virtual machines and one of virtual pc runs

cpu: intel quad 2.83 mem: 3.5G os: Linux 2.6.18-128.1.14.el5xen #1 SMP Mon Jun 1 16:09:30 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

it also runs wordpress, and all of the sudden, i get hit with some sort of (seems like) an attack (seems like someone just hummer site) where my vm died, i even installed supercache wp plugin there, didnt help all that much

how can i

a) protect that kind of attack from the future b) make my server/site to be able to stand those attacks

Tom O'Connor
  • 27,440
  • 10
  • 72
  • 148
alexus
  • 12,342
  • 27
  • 115
  • 173

4 Answers4

3

You need some sort of firewall that will drop connections if they come in to fast. Hammering the site is generally called a DoS ( Denial of Service Attack). See this link for an ideas on how to prevent certain attacks using iptables.

Really though, if you don't have a system administrator you might want to look into managed hosting.

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
  • I guess what I'm really looking for is for some sort of solution on Apache/PHP (Wordpress) level rather then on firewall. firewall is sort of last resort here... – alexus Jul 29 '09 at 13:46
  • 1
    A firewall should never be a last restort, it's a first line of defense. – MDMarra Sep 02 '09 at 02:57
0

This question has been asked here numerous times. Just do a search for Apache and DOS or DDOS. You'll see suggestions for everything from modules for Apache to changes to your firewall. Here's a couple of local links to get you started.

what-are-the-best-techniques-for-preventing-denial-of-service-attacks

how-to-best-defend-against-a-slowloris-dos-attack-against-an-apache-web-server

Don't forget to check out the Apache Users mailing list also, there will be lots of info there too.

You really should try and stop this type of thing at your network perimeter instead of letting get to your servers though.

Community
  • 1
David
  • 3,519
  • 21
  • 17
0

the problem turns out not to be so much DDOS or anything like that, someone force some sort of attack and server sort of died, after checking in logs server gets most of hits by bots, which isn't all that much, but you can imagine after what load server already dying... so it has something to do with something else other then DDOS

alexus
  • 12,342
  • 27
  • 115
  • 173
0

You might want to look at putting Varnish in front of your apache server, but you'll probably need to do some configuration, because it doesn't cache pages with cookies out of the box. It will however prevent the apache server(s) taking too much load when lots of requests come in.

Tom O'Connor
  • 27,440
  • 10
  • 72
  • 148