Anti Ddos configuration on a centos server

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Anti Ddos configuration on a centos server

    Well, DDos (Denial Of Service) Attacks are distributed hits to your server, coming from multiple sources at the same time.
    Unlike an attack from a single location, where the source IP address can be blocked on the firewall level, denial of service attacks are very difficult to stop.

    When the attack comes in, you'll be able to switch the ip address until the storm calms down.

    1.Disable Ping-flood attacks

    Add this to your /etc/sysctl.conf:
    Code:
    nano /etc/sysctl.conf
            net.inet.icmp.bmcastecho=1
            net.inet.icmp.icmplim=1
    And run this on the shell to apply the changes immediately:
    Code:
    sysctl net.inet.icmp.icmplim=1
             sysctl net.inet.icmp.bmcastecho=1
    2. Use obscure ports for anything other than HTTP

    3. Change your MySQL (/etc/my.cnf port=1234), FastCGI and all other daemons to run on unique port numbers.

    4. Install all the latest security patches

    5. Use private ip addresses for inter-server communications

    6. If you have more than one machine on the same LAN, use the LAN private ip addresses to communicate between the machines.

    This is particularly helpful when your data-center decides to null-route the public-facing ip address of your database server (why is it open in the first place?) and you want to allow the web server to continue communicating with the database uninterrupted.

    7. Using private LAN ip addresses is more efficient and ensures no interruptions in case your public-facing ip address gets null-routed.

    8. Use a Firewall

    These two software firewalls are great for brute force detection and advanced policies that can detect anomalies common to DDoS attacks: APF and BFD. Both are from R-FX Networks

    WWW.9XHOST.NET

    #2
    I recommend to buy a cisco firewall to get the real protection, hense its a bit costly u could go for csf as firewall & a ddos_deflate.

    Comment


      #3
      Yeah that for large ddos also need to pay a lot more bucks for it.

      WWW.9XHOST.NET

      Comment

      Working...
      X