?
Solved

Http apache denial of service

Posted on 2007-07-31
7
Medium Priority
?
598 Views
Last Modified: 2008-01-09
I have recently been getting attacked by a Denial of Service on my linux web server.  The person doing this is opening a lot of http connections to my web server which runs my cpu up to 90% - 100%.  

My question is:  How can I prevent this besides waiting for it to happen and blocking the IP in iptables?

and #2: What DoS tool can I download to simulate this attack so that I can further analyze it to help prevent it?
0
Comment
Question by:dprundle
  • 4
  • 2
7 Comments
 
LVL 15

Expert Comment

by:m1tk4
ID: 19601261
#1: iptables line would look similar to this one:

iptables -I FORWARD -d (your server) -p tcp --syn -m state --state NEW
-m limit --limit 50/s --limit-burst 100 -j ACCEPT

Also, a good number of tips on DOS-attacks is at: http://httpd.apache.org/docs/trunk/misc/security_tips.html

#2: you can simulate that attack using ab (Apache Benchmark), setting the -c (concurrency) parameter to the number of connections you want to establish. This utility is part of Apache package on many linux distro's.
0
 

Author Comment

by:dprundle
ID: 19601747
what does that iptables actually mean?  
0
 
LVL 15

Expert Comment

by:m1tk4
ID: 19602509
I think you would be better off with using something like http://blog.medialayer.com/projects-ddos-deflate/ than hacking iptables yourself.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:m1tk4
ID: 19602524
the download page is at : http://www.inetbase.com/scripts/ddos/
0
 

Author Comment

by:dprundle
ID: 19603237
I know how to configure IPTABLEs I was just uncertain of what that iptables command did.
0
 
LVL 27

Expert Comment

by:Nopius
ID: 19606157
> I have recently been getting attacked by a Denial of Service on my linux web server.  The person doing this is opening a lot of http connections to my web server which runs my cpu up to 90% - 100%.  

That's not necessary a DoS attack. That may be a web crawler bot from yahoo, google or other indexing service. If you turn on Referer and User-agent logging, you may analyze your access_log and see is it a robot or a person. For robots you may restrict access with robots.txt file. Hi CPU load may a result of poor written dynamic applications (PHP, perl or whatever you use).

> I know how to configure IPTABLEs I was just uncertain of what that iptables command did.

man iptables, search --limit-burst
0
 
LVL 15

Accepted Solution

by:
m1tk4 earned 2000 total points
ID: 19606194
I didn't mean to imply you did not. Unfortunately, you can't solve the problem by using iptables only since it would limit the traffic from ALL users, versus singling out the attacker. The solution is a combination of a cron job that watches for a number of simultaneous connections from a single IP (or subnet) and then automatically blocks the attacker using iptables. This is exactly what ddos-deflate does.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If I have to fix slow responding website my first thoughts are server side optimizations: the database may not be optimized or caching is not enabled, or things like that. We often overlook another major part of our web application: the client. We o…
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
This video teaches users how to migrate an existing Wordpress website to a new domain.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month15 days, 3 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question