Is it possible to prevent DDos Attack by cpanel configuration and php scripting?
https://stackoverflow.com/questions/11729092
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
My site is under DDos Attacks (UDP Flooding)!
I have no access to linux shell and only cpanel is available for me! :(
Is it possible to prevent this attacks by php scripting?
Is there a way to configure cpanel to reduce or redirect attacks? How?
According to web hosting help desk: Attack is between 6 to 10 Gbit/s !!!
Is the following code useful?
<?PHP
if (!isset($_SESSION)) { session_start(); }
// anti flood protection
IF($_SESSION['last_session_request'] > time() - 2){
// users will be redirected to this page if it makes requests faster than 2 seconds
header("Location: /flood.html");
exit; }
$_SESSION['last_session_request'] = time();
?>
Hardware firewall is too expensive.
Solution
First, if you are under attack, protect by sessions is not effective.
Second, if you implements an anti-dos method under php, you are adding process, and the DOS attack is ever effective.
The web server listen on TCP protocol, a udp attack is to the server, no your site, prevent the attack is on side of the server, a.k.a, your hosting provider.
Sorry my english
OTHER TIPS
You will want to enable mod_qos in easy apache's exhaustive options
You will also want to install ConfigServer Firewall. That software can help detect dos attacks and block them. Link Below.
Banning IP will not prevent SYN-floods and will not be effective for botnet DDoS either. There is also no real code solution for DDoS and even Firewall will only go so far.
having said that I got 2 suggestion:
1.) If you are looking for Firewall protection, and Hardware Firewall is out of your price range, please know that there are Cloud Based WAF solution that are available for under 60$/month. I work for Incapsula and our company actually provide all Bussines plan client with a fully configured and customizable PCI DDS compliant Cloud WAF as one of the security features. Currently we are the only ones to offer a PCI DDS compliant version, but - if PCI compliance is not an issue - there are also other solutions you can consider.
2.) For 100% DDoS protection you must have a large enough "pipe" as even the above mentioned WAF will not provide a full-proof filtering solution. For this you will need to use a reverse proxy that will supply you with the "muscle" and flexibility needed to handle DDoS attacks (by balancing and deflation).
I also want to point you to this discussion in security.stackexchange.com that talks about IP blockage as a means for DDoS Mitigation: https://security.stackexchange.com/questions/17632/iptables-ddos-protection-working-with-per-client-ip-address-counter-and-udp/17634#17634
You should make some sort of black hole page that will automatically ban the IP addresses that are making the requests on your server.
Also, you can manually ban IP addresses (single or ranges) using cPanel's IP Deny Manager
Edit:
Also, considering you do not have shell access to your server, I would contact your host immediately for further help.
You can't protect a server from DDoS attacks using PHP. The code you provided simply stops people from requesting that page more than once every two seconds.
If you don't have access to shell, then somebody else does. That somebody needs to fix the problem, not you.
PHP-Scripting will help you absolutely nothing against UDP-Flooding. Only thing that helps a bit is to DROP any unplanned UDP-traffic using e.g. iptables. Still, 10GBit/s is way too much.
