[CentOS] DoS Attack

[Chris Mauritz]

John Hinton wrote:

> Yesterday, I had a DoS attack on a php/mysql webpage which uses a lot 
> of resources. I have learned today, as a for instance, in the last 
> hour, about 3000 requests for that page were made by 610 different 
> servers, mostly from 'odd' places... China, Russia, Poland, Turkey... 
> the usual suspects from my experience.
>
> The bottom line is this... I hit server loads of 142 yesterday!!! And 
> the server never crashed! Yeah, it might as well have been dead, but 
> it wasn't. Yes, some things shut down temporarily... but the machine 
> never went down. This is a remote server, about an hour away.. It took 
> about 20 minutes for my mysqld stop command to execute, but with time 
> it did respond! I'm extremely impressed by this and just wanted to 
> pass this 'trivia' along. EL rocks!


Back in the "good 'ol days" we could just add a page full of /16's, 
flushing all traffic from naughty places, to the iptables deny list and 
call it a day.  Now, my company has customers in some of these 
"troublesome" countries so we can't drop all their packets on the 
floor.  8-(

That's good news about your server staying up.  What does its hardware 
config look like?

Cheers,