mowsen wrote:
Hej volks!
I'm experiencing some DDOS attacks against my wordpress blog wich runs
on a PIII/600 MHz/256 MB Ram/100 MBit machine lately. The attacker
commands approx. 500 different IPs to my blog that all request the same
post. I tuned apache to only accept 20 concurrent clients but that still
renders my server un-respondable. I turned KeepAlive Off and set the
TimeOut directive to 10 seconds... Still, while testing it myself
(building only 200 connections) my server seems not to be able to handle
the load and won't respond anymore... I'm using pf and tried around with
|max-src-conn 10, max-src-conn-rate 20/30 etc.. to no avail as all the
IPs seem legit and only request one time. I installed a caching plugin,
but still, same thing.
Anyone an idea what else i could do? Or am I just hoplessly lost in this
case because my hardware is so thin?
Could you provide more information.
Is the requested post a proper one?
Is there any reason to suspect a smart attack?
Or is this a simpleminded attack?
Sometimes simple defenses are best for simple attacks.
Sounds like you need to keep the site up so limiting access to good IPs
is a no-no.
If the attack is against a single post only, then you can redirect that
to a simple form which could easily fool a simple script attack
--
A human being should be able to change a diaper, plan an invasion,
butcher a hog, conn a ship, design a building, write a sonnet, balance
accounts, build a wall, set a bone, comfort the dying, take orders,
give orders, cooperate, act alone, solve equations, analyze a new
problem, pitch manure, program a computer, cook a tasty meal, fight
efficiently, die gallantly. Specialization is for insects.
-- Robert Heinlein
