Active Member
Sep 20, 2005
I don`t know how to protect my server againest DDos Attacks?may you help me?



Well-Known Member
Jul 28, 2003
cPanel Access Level
Root Administrator
Technically, you can't. Any DDoS of any worth would take your server offline no matter what precautions you put into place on the server itself. All it takes is a simple saturation of your up/downstream and your server will carry no traffic until the attack is done.
The best thing you can do is to use a datacenter that provides either a hardware firewall that can filter the attack before it enters your network, or uses an upstream filter (like Ev1's FireSlayer).
Software wise, you could look into mod_evasive, which will help to control the number of httpd connections from a single IP, or scrutinizer, which will do the same but runs at a different level. Some suggest using SYN Cookies, which requests verification of all incoming SYN packets before they are accepted. This violates a few protocols though, and will not help a bandwidth overload if someone decides to actually target you. Tweaking your server to accept low numbers of ICMP packets through a system like APF will help to keep that flooding down... I have mine set to only accept 1 ICMP packet per second, and to drop the rest automatically. Only keeping the ports open that you actually use will help to keep attacks down a bit too, as it will drop all traffic destined for the 'un-used' ports. APF will do this, as well.
Check out Chirpy's Firewall script. It works a lot like APF, but plugs directly into WHM.
Don't think that by installing loads of "DDoS Software" on your server that you are safe from it though. As I mentioned, the line to your server will only carry so much traffic, and it's easy these days to overload that line. You'll want a datacenter that can properly filter the attack before it even gets to you. If your Datacenter won't do that, then they're not a very good one to begin with.