Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

About DDos Attacks

Discussion in 'General Discussion' started by 4402734, Jun 22, 2006.

  1. 4402734

    4402734 Active Member

    Sep 20, 2005
    Likes Received:
    Trophy Points:
    I don`t know how to protect my server againest DDos Attacks?may you help me?

  2. NightStorm

    NightStorm Well-Known Member

    Jul 28, 2003
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Technically, you can't. Any DDoS of any worth would take your server offline no matter what precautions you put into place on the server itself. All it takes is a simple saturation of your up/downstream and your server will carry no traffic until the attack is done.
    The best thing you can do is to use a datacenter that provides either a hardware firewall that can filter the attack before it enters your network, or uses an upstream filter (like Ev1's FireSlayer).
    Software wise, you could look into mod_evasive, which will help to control the number of httpd connections from a single IP, or scrutinizer, which will do the same but runs at a different level. Some suggest using SYN Cookies, which requests verification of all incoming SYN packets before they are accepted. This violates a few protocols though, and will not help a bandwidth overload if someone decides to actually target you. Tweaking your server to accept low numbers of ICMP packets through a system like APF will help to keep that flooding down... I have mine set to only accept 1 ICMP packet per second, and to drop the rest automatically. Only keeping the ports open that you actually use will help to keep attacks down a bit too, as it will drop all traffic destined for the 'un-used' ports. APF will do this, as well.
    Check out Chirpy's Firewall script. It works a lot like APF, but plugs directly into WHM.
    Don't think that by installing loads of "DDoS Software" on your server that you are safe from it though. As I mentioned, the line to your server will only carry so much traffic, and it's easy these days to overload that line. You'll want a datacenter that can properly filter the attack before it even gets to you. If your Datacenter won't do that, then they're not a very good one to begin with.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice