HTTP flooding Help please

[monuta]

My problem is that my server is attacked by Http flooding programs If they attack me my sites are down because my apache cannot handel 10000 requests at one time now i need a program or module that block mode requests from one IP addres but i dont know with program of module i need. Can anyone help me? post it here or email me by: [email protected]

 

[kke]

try mod_evasive
the howto is also available in the forum

 

[Soldier]

yes mod_evasive or apf plus his antidos system

 

[Phenix]

anty max connection

Hi,
Perhaps try to install:

http://www.inetbase.com/scripts/ddos/install.sh

, he is banally straight and he is cooperating with APF and/or Iptables - and is very effective

This course book is sending also notifying out email about exceeding a limit of connections and blocking the address IP but it are example:

Banned the following ip addresses on Tue Oct 31 14:13:01 CET 2006

193.xx.xx.xx with 282 connections

 

[kke]

I wrote a rule for Hsphere BFD that will monitor several services in one

ssh
proftpd
pop/imap
tcpconnection
mailqueue

And also modification to use 2 level of setting
Low: Alert via email
High: Alert and Block with ipfw on specific port of that service with auto unblock in x minutes.

Sample of Alert
The 211.105.5.113 has exceeded High:30 at 155 attemps via FTP : Administrator on [servername].

Following actions have performed:
Blocked the attacker at firewall using: /sbin/ipfw add 21340 set 2 deny ip from 211.105.5.113 to any dst-port 21
Set auto unblock of attacker at firewall using: /sbin/ipfw delete 21340
Notified admin at: [emailaddress]


Relevant Logfile Information:
Nov 3 13:39:05 [srv] proftpd[27836]: [servername] (211.105.5.113[211.105.5.113]) - USER Administrator: no such user found from 211.105.5.113 [211.105.5.113] to [serverip]:21
.....

 

[Voland]

rules

Can you post your rules?