1

Denial of Service Attacks

Denial of service attacks are a common threat to consider when hosting a website on the internet. Although most security vulnerabilities can be prevented by avoiding dangerous coding habits/techniques, DOS protection requires a different approach.

Lazy DOS Attacks

Specifically, I am not so worried about sophisticated spammers on the net with expensive equipment (maybe superior to my own) who will accept payment to take down sites. I can't imagine anyone would pay that amount of money just to take my website down for a bit. What I am more worried about are 'lazy attacks' which would be likely to come from clever teens looking to test their destructive powers on unsuspecting sites, specifically those who have heard about my site and projects through hackathons and events.

These 'lazy attacks' are extremely cheap and easy to carry out, and can take the form of a simple browser script or flood program that sends an overwhelming amount of requests to my site servers. A powerful system (like my dedicated server) can only be taken down by a weak system (like a light-resource script) through exploiting weaknesses in the more powerful system and using it's power to work against itself.

In particular, I mean when the same user continuously makes requests to the server that require almost no effort. If the ratio of server resources used to client resources used is larger than at least the ratio of server to client resources available, then my site could be taken down very easily.

if (Server Resources : Client Resources > Server Power : Client Power)
{
    ServerDown();
}

Securing the Request-Return Policy in Apache

I am not asking how to make my Apache site DOS proof, but rather how to make it less vulnerable to cheap, lazy DOS attacks by locking down the number of requests one client can send in a set period of time before being treated as an attacker. This specifically applies to php scripts and other pages that require more resources to relay content to the client.

What is the best approach (mysql banned table, Apache settings, honeypot etc.) to securing a relatively small site against cheap DOS attacks? Originally Asked on Stack Exchange

Hackstaar
  • 111
  • 2

1 Answers1

0

mod_reqtimeout handles slowloris DoS attacks which target httpd.

It works by setting specific timeouts for sending header, body of the http message and different rate ranges.

You can use specific settings but just by loading the module you are already getting a good setup to avoid these, check the official docs about it at: http://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html

As for outburst of client connections or the likes, the best thing is to use a sane IDS/IPS + Firewall setup.

Daniel Ferradal
  • 2,415
  • 1
  • 8
  • 13