Portal Home > Knowledgebase > Articles Database > Anti-DDoS
Anti-DDoS
| Posted by wirefusemedia, 08-14-2009, 07:43 PM |
| I've been playing around with DDoS protection trying to expand into this, and I've been reading. I got a server at SoftLayer (10TB actually) and so far it stands up against UDP attacks pretty damn well for the most part. They also said they have a switch that they will put me on for free for additional filtering.
Now for SYN / TCP-IP attacks, I wanted to get a new web server software considering Apache has a harder time dealing with the bs connections. What do you recommend? I know of LiteSpeedTech, but that will cost a lot a month, I have a quad core, 6 gigs of ram.
It needs to be compatible with cPanel.
Thank you!
|
| Posted by Thomas Manning, 08-14-2009, 08:41 PM |
| nginx will be a good choice.
|
| Posted by wirefusemedia, 08-14-2009, 08:44 PM |
| Alright, set it up as a proxy like I've been reading? Or can Apache 2.2.x handle connections just as well if setup properly?
|
| Posted by HD Fanatic, 08-15-2009, 01:22 AM |
| nginx is not compatible with Cpanel.
You don't need the type of license to match the number of cpus. If it's mostly dynamic content, 1 or 2 cpu license should suffice. However, more cpu is better for static content. I've seen some hosts using a 2 cpu license on a 8 core machine and they run just fine.
|
| Posted by khunj, 08-15-2009, 02:15 PM |
| Regarding SYN flood, it's a kernel problem not a HTTP server problem. So it just doesn't matter which HTTP server you are using.
About HTTP DDoS, due to the way LiteSpeed works, it will block an IP quicker than Apache will. It is also easier to setup than Apache . On the other hand, Apache mod_security has many more options/rules/actions than LiteSpeed and reading the source code can help to understand how it works and how to tweak it well.
|
| Posted by zacharooni, 08-15-2009, 04:07 PM |
| If you're looking for high-availability service, I would definitely recommend placing Squid in front of cPanel's Apache. Squid was designed to handle a large amount of connections at one time. Keep in mind though, this is only to thwart HTTP-GET DoS, not a synflood to port 80. Here's a thread I came across that might help you get set up:
http://www.webhostingtalk.com/showthread.php?t=726942
|
| Posted by PeakVPN-KH, 08-15-2009, 04:13 PM |
| I would say that if you're wanting to offer DDoS protection:
1) You're in the wrong datacenter.
2) I simply hate Litespeed but if you have issues spending that fee monthly then you're in for a rude awakening.
Offering real DDoS protection is ridiculously expensive and requires extensive expertise. Otherwise, it's your customers that pay for you to guess how to help them when things go bad.
It isn't something you roll out of bed and say, "Today I will start offering specialized DDoS protected hosting."
Unfortunately it is far too common that providers sell false hope simply because they've never experienced a real attack. When an attack hits and half the datacenter is affected, or your server ends up null-routed, etc. It's your customers who will suffer.
Also, you may let the datacenter know what you're offering from their DC. The issue is that offering DDoS protected hosting, attracts high-risk customers. Therefore, you're attracting abuse onto their network. When the attacks hit all of their customers could be affected. Not to mention the cost to the datacenter. Bandwidth isn't cheap.
Anyway, good luck.
Last edited by PeakVPN-KH; 08-15-2009 at 04:20 PM.
|
Add to Favourites 
Print this Article
Also Read
Shared Hosting
Shared Hosting
