+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Webmaster Support (https://www.supportforums.net/forumdisplay.php?fid=36)
+---- Forum: Web Hosting (https://www.supportforums.net/forumdisplay.php?fid=40)
+---- Thread: DDoS protection (/showthread.php?tid=16242)
DDoS protection - PaperBag - 02-17-2011
Hello all,
I'm currently working on a project where DDoS protection is something essential, every second of downtime is a loss of members and funds.
The project I'm working on is game content hosting for Garry's Mod.
As you may have seen garrysmod.org is most of the time slow/down, this is caused by poor DDoS protection and continued DDoS attempts, I don't want this to happen to my host.
I was wondering if anyone could give me hints on how to protect my CentOS powered server against DDoS attacks. I'd really appreciate it.
Thanks,
Arco
RE: DDoS protection - Omniscient - 02-17-2011
Do you have server root? If you do install and run a kernel based firewall. A popular one is iptables.
http://wiki.centos.org/HowTos/Network/IPTables
You want to create a ruleset that's very strict.
Are you running Apache? If so run mod_geoip which will allow you to htaccess block by country. It's very handy as many countries are just more trouble than they are worth.
Security is multi-layered. There is the 3 S's. Server, Services, and Site. You want a layer of protection at each level.
RE: DDoS protection - PaperBag - 02-17-2011
(02-17-2011, 01:39 PM)Omniscient Wrote: Do you have server root? If you do install and run a kernel based firewall. A popular one is iptables.
http://wiki.centos.org/HowTos/Network/IPTables
You want to create a ruleset that's very strict.
Are you running Apache? If so run mod_geoip which will allow you to htaccess block by country. It's very handy as many countries are just more trouble than they are worth.
Security is multi-layered. There is the 3 S's. Server, Services, and Site. You want a layer of protection at each level.
That was very helpful to me, thanks a lot!
Edit:
What iptables ruleset do you recommend?
RE: DDoS protection - Grizzly - 02-17-2011
Are you going to be running a Dedicated Server right off the bat? Or will you be using Shared/VPS?
RE: DDoS protection - PaperBag - 02-18-2011
(02-17-2011, 04:15 PM)Grizzly Wrote: Are you going to be running a Dedicated Server right off the bat? Or will you be using Shared/VPS?
I'm currently running a dedicated server.