We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
DDoS protection on your own server how?
DDoS protection on your own server how?
Hello,
hackers managed to get 400k+ IoT devices under their control to launch massive DDoS attacks.
https://krebsonsecurity.com/2016/10/iot ... -accusers/
wonder if you guys have practical experience with OpenSource software for blocking/filtering/protecting against DDoS "on your own server".
using a rented hetzner server and i think they are doing a fine job trying to filter DDoS before it reaches their customer's servers.
the server has 1GB of RAM and 2GB of swap, which kind of should be ok?
(my last server had 512MB and worked fine... )
also running some other software on it... but MySQL usually is the most RAM hungry it seems undless there are a billion apache2 processes.
But every once and a while my server get's knocked out by a large amount of connections.
do these stats look like DDoS or is it just not possible anymore to run a webserver with only 1GB of RAM :-D ?
related links:
DRDoS -> https://en.wikipedia.org/wiki/Reflection_attack
https://javapipe.com/iptables-ddos-protection
https://www.iplocation.net/apf-bfd-ddos-rootkit
https://blog.php-dev.info/2011/10/softw ... debian-56/
https://www.cloudflare.com/ddos/
https://www.gigenet.com/ddos-attack/
wtf:
"Flashpoint found, was that while users could change the default credentials in the devices’ Web-based administration panel, the password is hardcoded into the device firmware and the tools needed to disable it aren’t present."
src: https://krebsonsecurity.com/2016/10/iot ... -accusers/
stress testing:
http://xmodulo.com/web-server-benchmark ... linux.html
https://jmeter.apache.org/download_jmeter.cgi
http://tsung.erlang-projects.org/
hackers managed to get 400k+ IoT devices under their control to launch massive DDoS attacks.
https://krebsonsecurity.com/2016/10/iot ... -accusers/
wonder if you guys have practical experience with OpenSource software for blocking/filtering/protecting against DDoS "on your own server".
using a rented hetzner server and i think they are doing a fine job trying to filter DDoS before it reaches their customer's servers.
the server has 1GB of RAM and 2GB of swap, which kind of should be ok?
(my last server had 512MB and worked fine... )
also running some other software on it... but MySQL usually is the most RAM hungry it seems undless there are a billion apache2 processes.
But every once and a while my server get's knocked out by a large amount of connections.
Code: Select all
====== reboot because total ram is :333 MByte
DATE: 2016-10-26 TIME: 06:56:13
====== RAM usage
total used free shared buffers cached
Mem: 1000 952 47 20 4 44
-/+ buffers/cache: 902 97
Swap: 2047 1763 284
1.3 0.5 14268 444208 /usr/sbin/apache2 -k start
1.4 0.6 14536 443200 /usr/sbin/apache2 -k start
1.4 0.1 14568 433144 /usr/sbin/apache2 -k start
1.4 0.7 14592 511156 /usr/sbin/apache2 -k start
1.4 0.1 14672 431164 /usr/sbin/apache2 -k start
1.4 0.5 14716 510396 /usr/sbin/apache2 -k start
1.4 0.4 14780 444456 /usr/sbin/apache2 -k start
1.4 0.4 14856 510024 /usr/sbin/apache2 -k start
1.4 0.5 15228 490272 /usr/sbin/apache2 -k start
1.4 0.5 15248 444208 /usr/sbin/apache2 -k start
1.4 0.5 15296 443200 /usr/sbin/apache2 -k start
1.5 0.1 15396 431076 /usr/sbin/apache2 -k start
1.5 0.4 16188 510028 /usr/sbin/apache2 -k start
1.5 0.1 16200 501984 /usr/sbin/apache2 -k start
1.5 0.2 16240 443464 /usr/sbin/apache2 -k start
1.6 0.0 16572 414160 /usr/sbin/apache2 -k start
1.6 0.1 17336 496788 /usr/sbin/apache2 -k start
1.7 0.1 17584 501908 /usr/sbin/apache2 -k start
1.7 0.6 17740 444748 /usr/sbin/apache2 -k start
1.7 0.5 18312 443448 /usr/sbin/apache2 -k start
1.9 0.0 19660 415740 /usr/sbin/apache2 -k start
2.0 0.1 21396 501908 /usr/sbin/apache2 -k start
2.2 0.5 22540 443308 /usr/sbin/apache2 -k start
2.2 0.3 22768 861368 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-error=/var/log/mysql/error.log --open-files-limit=65535 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/run/mysqld/mysqld.sock --port=3306
2.2 0.5 22856 443960 /usr/sbin/apache2 -k start
2.2 0.1 23400 502676 /usr/sbin/apache2 -k start
2.2 0.1 23460 436260 /usr/sbin/apache2 -k start
2.4 0.1 24600 502224 /usr/sbin/apache2 -k start
2.4 0.1 24672 501908 /usr/sbin/apache2 -k start
2.4 0.1 24992 501908 /usr/sbin/apache2 -k start
2.4 0.1 25236 436260 /usr/sbin/apache2 -k start
2.4 0.1 25352 501932 /usr/sbin/apache2 -k start
2.5 0.1 25740 501908 /usr/sbin/apache2 -k start
2.5 0.1 26484 501908 /usr/sbin/apache2 -k start
2.5 0.1 26508 501928 /usr/sbin/apache2 -k start
2.6 0.1 26716 501908 /usr/sbin/apache2 -k start
2.7 0.1 28148 501908 /usr/sbin/apache2 -k start
2.7 0.1 28272 501908 /usr/sbin/apache2 -k start
2.7 0.1 28380 501908 /usr/sbin/apache2 -k start
2.9 0.3 29744 443456 /usr/sbin/apache2 -k start
====== CPU usage
USER UID COMMAND PID %CPU TT
root 0 kswapd0 26 2.0 ?
www-data 33 apache2 16433 1.5 ?
root 0 find 16922 1.1 ?
admin 1001 apache2 16432 0.7 ?
admin 1001 apache2 17488 0.7 ?
admin 1001 apache2 16588 0.6 ?
admin 1001 apache2 17483 0.6 ?
admin 1001 apache2 18088 0.6 ?
admin 1001 apache2 18163 0.6 ?
admin 1001 apache2 16434 0.5 ?
admin 1001 apache2 16435 0.5 ?
admin 1001 apache2 16547 0.5 ?
admin 1001 apache2 17473 0.5 ?
admin 1001 apache2 18084 0.5 ?
admin 1001 apache2 18149 0.5 ?
admin 1001 apache2 18150 0.5 ?
admin 1001 apache2 18158 0.5 ?
admin 1001 apache2 18162 0.5 ?
admin 1001 apache2 18173 0.5 ?
admin 1001 apache2 18174 0.5 ?
admin 1001 apache2 18176 0.5 ?
admin 1001 apache2 18177 0.5 ?
admin 1001 apache2 18180 0.5 ?
admin 1001 apache2 18193 0.5 ?
admin 1001 apache2 18067 0.4 ?
admin 1001 apache2 18069 0.4 ?
admin 1001 apache2 18070 0.4 ?
admin 1001 apache2 18073 0.4 ?
admin 1001 apache2 18074 0.4 ?
admin 1001 apache2 18075 0.4 ?
admin 1001 apache2 18076 0.4 ?
admin 1001 apache2 18082 0.4 ?
admin 1001 apache2 18085 0.4 ?
admin 1001 apache2 18086 0.4 ?
admin 1001 apache2 18087 0.4 ?
admin 1001 apache2 18136 0.4 ?
admin 1001 apache2 18141 0.4 ?
mysql 109 mysqld 1301 0.3 ?
admin 1001 apache2 18480 0.3 ?
====== CONNECTIONS:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58639 CLOSE_WAIT
tcp 1086 0 Debian-85-jessie-6:9001 048-041-128-083.d:25018 ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58627 CLOSE_WAIT
tcp 543 0 Debian-85-jessie-6:9001 dannenberg.toraut:28408 ESTABLISHED
tcp 0 0 Debian-85-jessie-:58817 Debian-85-jess:http-alt ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58718 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58679 CLOSE_WAIT
tcp 544 0 Debian-85-jessie-:58914 tor-relay2.flashda:http CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58809 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58812 CLOSE_WAIT
tcp 243 0 Debian-85-jessie-6:9001 rgnx.net:37876 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58644 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58811 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58813 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58740 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58808 CLOSE_WAIT
tcp 205 0 Debian-85-jessie-6:9001 chrbro.10x.es:52530 ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58649 CLOSE_WAIT
tcp 0 0 localhost.localdo:56369 localhost.locald:tproxy ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58645 CLOSE_WAIT
tcp 184 0 Debian-85-jessie-6:9001 moria.csail.mit.e:40440 ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58633 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58730 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58685 CLOSE_WAIT
tcp 543 0 Debian-85-jessie-6:9001 itl7.uaservers.ne:41806 ESTABLISHED
tcp 1086 0 Debian-85-jessie-6:9001 client.rectified.:38630 ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58670 CLOSE_WAIT
tcp 238 0 Debian-85-jessie-6:9001 despari.informati:45194 CLOSE_WAIT
tcp 543 0 Debian-85-jessie-6:9001 hermes.relay.torw:46051 ESTABLISHED
tcp 543 0 Debian-85-jessie-:37038 tor-exit-relay.tes:9001 ESTABLISHED
tcp 544 0 Debian-85-jessie-:52596 myon.dequis.org:9001 CLOSE_WAIT
tcp 543 0 Debian-85-jessie-6:9001 e82-103-140-87s.c:49433 ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58676 CLOSE_WAIT
tcp 543 0 Debian-85-jessie-6:9001 212.16.170.158:37798 ESTABLISHED
tcp 233 0 Debian-85-jessie-6:9001 ns328891.janky.so:46745 CLOSE_WAIT
tcp 127 0 Debian-85-jessie-6:9001 204.44.89.3.stati:43618 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58795 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58726 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58632 CLOSE_WAIT
tcp 543 0 Debian-85-jessie-6:9001 ehlo.4711.se:57240 ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58716 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58722 CLOSE_WAIT
tcp 1086 0 Debian-85-jessie-6:9001 tor.dizum.com:44462 ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58815 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58729 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58728 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58672 CLOSE_WAIT
tcp 543 0 Debian-85-jessie-:40381 torlesnet2.relay.c:9001 ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58715 CLOSE_WAIT
tcp 543 0 Debian-85-jessie-6:9001 108.61.99.149.vul:43731 ESTABLISHED
tcp 543 0 Debian-85-jessie-:45459 130.245.183.201:7269 ESTABLISHED
tcp 191 0 Debian-85-jessie-6:9001 visionerad.com:46169 ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58721 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58717 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58739 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58640 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58638 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58637 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58727 CLOSE_WAIT
tcp 32 0 Debian-85-jessie-6:8443 Debian-85-jessie-:57463 CLOSE_WAIT
tcp 227 0 Debian-85-jessie-6:9001 set1.safeserver.b:55191 CLOSE_WAIT
tcp 543 0 Debian-85-jessie-:42609 77.247.181.166:https ESTABLISHED
tcp 196 0 Debian-85-jessie-6:9001 customer.worldstr:50884 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58725 CLOSE_WAIT
tcp 0 0 Debian-85-jessie-:58811 Debian-85-jess:http-alt FIN_WAIT2
tcp 1 0 Debian-85-jessie-:40951 d51A55344.access.t:9001 CLOSE_WAIT
tcp 544 0 Debian-85-jessie-6:9001 195-154-252-88.re:37408 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58818 CLOSE_WAIT
tcp 289 0 Debian-85-jessie-6:9001 27.10.142.13:27767 ESTABLISHED
tcp 0 0 localhost.locald:tproxy localhost.localdo:56369 ESTABLISHED
tcp 0 0 Debian-85-jessie-6:http crawl-66-249-76-1:51604 ESTABLISHED
tcp 0 0 Debian-85-jess:http-alt Debian-85-jessie-:58775 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58647 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58683 CLOSE_WAIT
tcp 543 0 Debian-85-jessie-6:9001 tor.noreply.org:48469 ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58724 CLOSE_WAIT
tcp 0 0 Debian-85-jessie-:58815 Debian-85-jess:http-alt FIN_WAIT2
tcp 32 0 Debian-85-jessie-6:8443 Debian-85-jessie-:57537 CLOSE_WAIT
tcp 543 0 Debian-85-jessie-6:9001 beraud.org:53320 ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58814 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58641 CLOSE_WAIT
tcp 543 0 Debian-85-jessie-:41580 cry.ip-eend.nl:9003 ESTABLISHED
tcp 543 0 Debian-85-jessie-6:9001 longclaw.riseup.n:55291 ESTABLISHED
tcp 543 0 Debian-85-jessie-6:9001 208.36.2.3.ptr.us:57843 ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58801 CLOSE_WAIT
tcp 0 0 Debian-85-jessie-:58814 Debian-85-jess:http-alt FIN_WAIT2
tcp 1087 0 Debian-85-jessie-:57374 185.100.87.82:9001 CLOSE_WAIT
tcp 544 0 Debian-85-jessie-6:9001 bomboloni.mit.edu:55908 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58675 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58805 CLOSE_WAIT
tcp 0 0 Debian-85-jessie-:58818 Debian-85-jess:http-alt FIN_WAIT2
tcp 0 0 Debian-85-jess:http-alt Debian-85-jessie-:58817 ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58642 CLOSE_WAIT
tcp 544 0 Debian-85-jessie-6:9001 moria.csail.mit.e:44080 CLOSE_WAIT
tcp 1086 0 Debian-85-jessie-6:9001 triton732.startde:42821 ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58628 CLOSE_WAIT
tcp 225 0 Debian-85-jessie-6:9001 0x3d.lu:39946 ESTABLISHED
tcp 1 0 Debian-85-jessie-:44401 178.74.21.143:9001 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58706 CLOSE_WAIT
tcp 543 0 Debian-85-jessie-:33273 dylan.exit.torworl:9001 ESTABLISHED
tcp 127 0 Debian-85-jessie-6:9001 50.7.161.218:35461 CLOSE_WAIT
tcp 543 0 Debian-85-jessie-6:9001 ppp91-122-31-175.:20467 ESTABLISHED
tcp 0 0 Debian-85-jessie-:58816 Debian-85-jess:http-alt FIN_WAIT2
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58731 CLOSE_WAIT
tcp 544 0 Debian-85-jessie-6:9001 198.199.64.217:56644 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58677 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58735 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58634 CLOSE_WAIT
tcp 0 0 Debian-85-jessie-6:http crawl-66-249-76-5:48871 ESTABLISHED
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58643 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58723 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58693 CLOSE_WAIT
tcp 1 0 Debian-85-jess:http-alt Debian-85-jessie-:58816 CLOSE_WAIT
tcp 543 0 Debian-85-jessie-6:9001 198.55.105.151.st:53270 ESTABLISHED
Ip:
112765 total packets received
6 with invalid addresses
0 forwarded
0 incoming packets discarded
111846 incoming packets delivered
112920 requests sent out
120 dropped because of missing route
Icmp:
2 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 2
204 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 204
IcmpMsg:
InType3: 2
OutType3: 204
Tcp:
[b] 2491 active connections openings
4130 passive connection openings[/b]
49 failed connection attempts
338 connection resets received
34 connections established
110900 segments received
162548 segments send out
3136 segments retransmited
0 bad segments received.
334 resets sent
Udp:
1772 packets received
0 packets to unknown port received.
0 packet receive errors
1774 packets sent
UdpLite:
TcpExt:
34 invalid SYN cookies received
14 resets received for embryonic SYN_RECV sockets
2832 TCP sockets finished time wait in fast timer
21 packets rejects in established connections because of timestamp
1284 delayed acks sent
Quick ack mode was activated 203 times
1 SYNs to LISTEN sockets dropped
132 packets directly queued to recvmsg prequeue.
2896 bytes directly in process context from backlog
50088 bytes directly received in process context from prequeue
23359 packet headers predicted
72 packets header predicted and directly queued to user
45965 acknowledgments not containing data payload received
12804 predicted acknowledgments
499 times recovered from packet loss by selective acknowledgements
Detected reordering 2 times using SACK
Detected reordering 8 times using time stamp
24 congestion windows fully recovered without slow start
20 congestion windows partially recovered using Hoe heuristic
3 congestion windows recovered without slow start by DSACK
144 congestion windows recovered without slow start after partial ack
TCPLostRetransmit: 84
111 timeouts after SACK recovery
106 timeouts in loss state
1265 fast retransmits
123 forward retransmits
569 retransmits in slow start
416 other TCP timeouts
TCPLossProbes: 270
TCPLossProbeRecovery: 35
139 SACK retransmits failed
212 DSACKs sent for old packets
177 DSACKs received
2 DSACKs for out of order packets received
36 connections reset due to unexpected data
106 connections reset due to early user close
13 connections aborted due to timeout
TCPDSACKIgnoredNoUndo: 96
TCPSpuriousRTOs: 131
TCPSackShifted: 564
TCPSackMerged: 2052
TCPSackShiftFallback: 2541
TCPDeferAcceptDrop: 1760
IPReversePathFilter: 2
TCPRcvCoalesce: 14528
TCPOFOQueue: 71
TCPChallengeACK: 2
TCPSynRetrans: 362
TCPOrigDataSent: 119833
IpExt:
InMcastPkts: 21
OutMcastPkts: 23
InOctets: 118106762
OutOctets: 231754400
InMcastOctets: 3546
OutMcastOctets: 3626
InNoECTPkts: 112455
InECT0Pkts: 309
InCEPkts: 1
related links:
DRDoS -> https://en.wikipedia.org/wiki/Reflection_attack
https://javapipe.com/iptables-ddos-protection
https://www.iplocation.net/apf-bfd-ddos-rootkit
https://blog.php-dev.info/2011/10/softw ... debian-56/
https://www.cloudflare.com/ddos/
https://www.gigenet.com/ddos-attack/
wtf:
"Flashpoint found, was that while users could change the default credentials in the devices’ Web-based administration panel, the password is hardcoded into the device firmware and the tools needed to disable it aren’t present."
src: https://krebsonsecurity.com/2016/10/iot ... -accusers/
stress testing:
http://xmodulo.com/web-server-benchmark ... linux.html
https://jmeter.apache.org/download_jmeter.cgi
http://tsung.erlang-projects.org/
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: DDoS protection on your own server how?
You have no idea what a real DDos attack is... you can't protect yourself from a real one without your provider's infra support.
Secondly... the Apache overage that you see can be because of a synflood or too many unsolicited visitors on your site due to bad SEO, or abuse on your VPS. You need to investigate in great depth and learn a bit.
Thirdly, if you are running Wordpress or other DB intensive apps, please consider upgrading to atleast 2 GB RAM for a gracefull operation. When you are short of memory, the performance degrades as the system needs to flush it frequently for other apps/processes.
Fourth, optimize MySQL using MySQLTuner and making Nginx as rev proxy (if not yet) or ditch Apache entirely and go Nginx + PHP-FPM
... My 2 Cents
Secondly... the Apache overage that you see can be because of a synflood or too many unsolicited visitors on your site due to bad SEO, or abuse on your VPS. You need to investigate in great depth and learn a bit.
Thirdly, if you are running Wordpress or other DB intensive apps, please consider upgrading to atleast 2 GB RAM for a gracefull operation. When you are short of memory, the performance degrades as the system needs to flush it frequently for other apps/processes.
Fourth, optimize MySQL using MySQLTuner and making Nginx as rev proxy (if not yet) or ditch Apache entirely and go Nginx + PHP-FPM
... My 2 Cents
Re: DDoS protection on your own server how?
yeah whatever.
Re: DDoS protection on your own server how?
Sorry, but what's wrong with you?! You asked a question and got a detailed and professional answer on it. The only thing you wrote is "yeah whatever" because it is not the answer which you wanted?canoodle wrote:yeah whatever.
Re: DDoS protection on your own server how?
yeah thanks for that info.
so that's all we can do.
tune our MySQL.
even this forum seems under DDoS attack. "brave new world".
ain't there any Open Source solutions for that problem? ... just guessing and wishful thinking?
https://en.wikipedia.org/wiki/Squid_(software)
"The LAMP (software bundle) with Squid as web cache. A high performance and high-availability solution for a hostile environment"
so that's all we can do.
tune our MySQL.
even this forum seems under DDoS attack. "brave new world".
ain't there any Open Source solutions for that problem? ... just guessing and wishful thinking?
https://en.wikipedia.org/wiki/Squid_(software)
"The LAMP (software bundle) with Squid as web cache. A high performance and high-availability solution for a hostile environment"
Re: DDoS protection on your own server how?
Believe me, if you are not sure whether you have been DDoSed they you weren't. When/if you are, you will know it for sure :)
Re: DDoS protection on your own server how?
People told you.
There is NO protection from REAL DDoS attack without assistence of your ISP.
Because attack must be stopped BEFORE it reach your server.
Because your uplink is not too much big to receive such large volume of traffic.
Consider Cloudflare.com as possible 'gateway'.
There is NO protection from REAL DDoS attack without assistence of your ISP.
Because attack must be stopped BEFORE it reach your server.
Because your uplink is not too much big to receive such large volume of traffic.
Consider Cloudflare.com as possible 'gateway'.