Geek Answers Handbook

Is it possible to prevent DDos attacks using cpanel configuration and php scripts?

My site is under DDos Attacks (UDP Flooding)!

I do not have access to the Linux shell, and only cpanel is available to me !: (

Is it possible to prevent attacks using php scripts?

Is there a way to configure cpanel to reduce or redirect attacks? How?

According to the web hosting support service: The attack is from 6 to 10 Gbit / s !!!

Is the following code useful?

<?PHP if (!isset($_SESSION)) { session_start(); } // anti flood protection IF($_SESSION['last_session_request'] > time() - 2){ // users will be redirected to this page if it makes requests faster than 2 seconds header("Location: /flood.html"); exit; } $_SESSION['last_session_request'] = time(); ?>

A hardware firewall is too expensive.

+4
source share
6 answers

First, if you are attacked, session protection is ineffective.

Secondly, if you implement an anti-dos method under php, you add a process, and the DOS attack is always effective.

The web server listens on the TCP protocol, an udp attack on the server, without your site, prevents an attack on the server side, aka, of your hosting provider.

Sorry my english

+6
source

Do you want to enable mod_qos in simple apache options

You will also want to install the ConfigServer firewall. This software can help detect dos attacks and block them. The link is below.

http://configserver.com/cp/csf.html

+2
source

You have to make some kind of black hole page that will automatically ban the IP addresses that make requests on your server.

In addition, you can manually prohibit IP addresses (single or ranges) using cPanel IP Deny Manager

Edit:

In addition, given that you do not have access to your server, I will contact your host immediately for further assistance.

+1
source

IP blocking will not interfere with SYN flows and will not be effective for DDoS botnets. There is also no real DDoS software solution, and even Firewall will only work until now.

saying that I have 2 sentences:

1.) If you are looking for firewall protection and a hardware firewall outside of your price range, please know that there is a Cloud-based WAF solution available for less than $ 60 / month. I work at Incapsula, and our company actually provides all Bussines customers with a fully customizable and customizable PCI DDS Cloud WAF compliant as one of the security features. We are currently the only ones to offer a PCI DDS compatible version, but if PCI compliance not a problem, there are other solutions that you can consider.

2.) For 100% DDoS protection, you should have a sufficiently large β€œpipe”, since even the aforementioned WAF will not provide a fully functional filtering solution. To do this, you need to use the reverse proxy , which will provide you the β€œmuscles” and the flexibility necessary to handle DDoS attacks (through balancing and deflation).

I also want to point you to this discussion in security.stackexchange.com, which talks about IP blocking as a DDoS mitigation tool: https://security.stackexchange.com/questions/17632/iptables-ddos-protection-working-with -per-client-ip-address-counter-and-udp / 17634 # 17634

+1
source

You cannot protect the server from DDoS attacks using PHP. The code you provide simply stops people from requesting this page more than once every two seconds.

If you do not have access to the shell, then someone else does it. So that someone needs a fix, not you.

0
source

PHP-Scripting will not help you absolutely anything against UDP-Flooding. The only thing that helps a bit is DROP any unplanned UDP traffic using, for example, iptables. However, 10GBit / s is too much.

0
source

More articles:


All Articles