I'm experiencing some DDOS attacks against my wordpress blog wich
runs on a PIII/600 MHz/256 MB Ram/100 MBit machine lately. The
attacker commands approx. 500 different IPs to my blog that all
request the same post. I tuned apache to only accept 20 concurrent
clients but that still renders my server un-respondable. I turned
KeepAlive Off and set the TimeOut directive to 10 seconds... Still,
while testing it myself (building only 200 connections) my server
seems not to be able to handle the load and won't respond anymore...
I'm using pf and tried around with |max-src-conn 10,
max-src-conn-rate 20/30 etc.. to no avail as all the IPs seem legit
and only request one time. I installed a caching plugin, but still,
same thing.
Anyone an idea what else i could do? Or am I just hoplessly lost in
this case because my hardware is so thin?
Could you provide more information.
Is the requested post a proper one?
yes, the requests are perfectly fine. just as if a normal browser/user
would request the site. so i can't differentiate them from a valid user.
Is there any reason to suspect a smart attack?
Or is this a simpleminded attack?
i'd say it's simpleminded. probably he rented a botnet for a few hours
and that's it.. i just want to be prepared for next time so i can at
least ssh to the box and block the suspicious ips...
Sometimes simple defenses are best for simple attacks.
Sounds like you need to keep the site up so limiting access to good
IPs is a no-no.
If the attack is against a single post only, then you can redirect
that to a simple form which could easily fool a simple script attack
what do you mean with that. can you explain in detail? i of course want
my other legitimate visitors to see the original post...
i thought about the possibility that if the request count suddenly rises
above usual, i'll record all ips and block them out. that might involve
some few legit users also but will block out the whole botnet and
benefit the other legit users that come later. what do you think? and
how could that be accomplished?
thanks alot!
