Redirect users to ReCaptcha or static page when server is under high load / DDoS

W

websterPL

Verified User
Joined
Oct 7, 2021
Messages
96
Hello, recently there are multiple DDoS attacks on my server. So its get very quickly to full load httpd service (~7GB) - then the httpd stuck (main page is unavailable) but I can login to DA panel or CMS without any problem. I solve that situation by modify (by hand) index.php to add Google ReCaptcha when DDOS attack is active.

Is there some solid solutions for DDOS attack with DA panel ? I wonder if DA could detect DDOS attack and then redirect user to static page (or enable Google ReCaptcha) instead loading index.php (with loading all CMS framework that going to server stuck) ?

For now I set the external server monitor, when page is going down then I just turn ON ReCaptcha by hand. But this is not a good solution for long term. Maybe DA should have some build in solution for that ? With step:

1. Detection DDOS / high load
2. Automaticly activate ReCaptcha (and remember users that pass it for one day)
3. Restart httpd service to unlock site
 
websterPL said:
Is there some solid solutions for DDOS attack with DA panel ? I wonder if DA could detect DDOS attack and then redirect user to static page (or enable Google ReCaptcha) instead loading index.php (with loading all CMS framework that going to server stuck) ?
Click to expand...

No, there is not. Directadmin can only detect HTTP, SMTP, POP, IMAP, FTP, SSH brute-force attacks. It has no tools for detecting other kind of attacks.

In case you face a real DDOS then you will need to block offending IPs by yourself, and if you use hardware firewall from a server provider, it would be the best option. The server under DDOS hardly can block it, it will be badly overloaded.
 
You could use Cloudflare proxy, but that wouldn't be effective if all domains need it, plus it doesn't give you 100% effectiveness either, although it does support captcha.........

These days, most providers/data centres offer anti-dos features at router level
 
Yes, CloudFlare could probably help to mitigate certain DDOS attacks. But not all businesses want CloudFlare to be MITM and read their traffic.
 
I tried Imperva but unfortunatelly there was a problem with loading JS / CSS files but DDOS was filtered correctly.
Another question - where in DA panel I can check how big DDOS attack was ? Amount of connection, URL positions, etc ?
 
DirectAdmin does not have tools to identify DDOS attacks as well as it does not measure it. DirectAdmin can detect only certain brute-force attacks. I believe you might read the article https://www.imperva.com/learn/ddos/denial-of-service/ in order to learn what types of DDOS are there.

If we speak about HTTP-flood (a kind of DDOS) and brute-force on HTTP applications, then you can check web-server logs to identify their scale. Directadmin offers a web-interface to read webserver logs, I personally prefer using SSH console for reading the logs. You might check DirectAdmin docs on how to navigate to see webserver logs in a browser. If you use SSH, check them under /var/log/httpd/domains/ and/or /var/log/nginx/domains/

Other system logs under /var/log/ can also be analyzed for other kind of application layer attacks as well as some of network layer attacks.
 
johannes said:
Did you got any prices from them? Or just the free trial? Cant find any pricing on their website.
Click to expand...
The price is too big for me (10k $ / year), used trial account to check if its working and its works with some CSS / JS loading problems.
 
I used that like antywirus only, not DDOS protection. I think that the best DDOS protection is to have external service like Imperva or Cloudfare with domain DNS change to it.
 
Not perfect but if you know the layer 7 application level attack patterns that get logged to Apache or Nginx, you can use fail2ban and create comprehensive set of fail2ban rules to monitor your web server logs. Then fail2ban can be configured to send bad ip addresses to your server firewall like CSF Firewall or if you have Cloudflare send to Cloudflare Firewall via their API.

You'd be limited by your server's ability to handle the attack, fail2ban processing etc but still will be better than nothing. If you have Cloudflare Pro or higher plans then you also have access to Cloudflare WAF and utilise their rules + create your own
 
I think that in DA should be some global option to treashold Google Recaptcha if visits is more than X in last minute.
 
websterPL said:
I think that in DA should be some global option to treashold Google Recaptcha if visits is more than X in last minute.
Click to expand...
Why should DA do that? This is not DA's task, that's something a webdev or admin should do, maybe via custom made script.
DA has nothing to do with any kind of captcha application. It's not a control panel's task.
 
Why not make DA even better? DA has already some protection features, so why not making more useful improvements for better security?
In Roundcube its possible with an additional plugin, working for all customers serverwide.

So a serverwide automatic captcha feature for high load requests sounds good to me. In CSF you can only block or not block.
I`d recommend to post this as feature request https://feedback.directadmin.com/b/feature-requests/
 
johannes said:
DA has already some protection features, so why not making more useful improvements for better security?
Click to expand...
As said, then it must be done for all captcha's as not everybody want's to use the same or a single one. Next to that it takes additional development and DA is already behind with development of more important or at least more panel related things.

Most captcha's are hacked anyway, it's already known that captcha's isn't really the solution to things.

But yes, it's always possible ofcourse to post a feature request for it, one never knows if there are enough people interested.
 
csf firewall integration with nginx/apache can do this, More information please use google ?. but it only detected per client IP ddos.
 
You must log in or register to reply here.
Back
Top