Stopping DoS and DDoS attacks?

[jtwhite]

Well,

I have a VPS now, and if this were to ever happen, does anybody know the process to stop it?

 

[galaxyAbstractor]

Block the IP for n amount of time if he visits x times in y seconds. If someone visits the page like 10 times per second, then it should be blocked.

 

[adamparkzer]

Block the IP for n amount of time if he visits x times in y seconds. If someone visits the page like 10 times per second, then it should be blocked.

Aren't these attacks usually done by multiple different IP addresses at the same time?

 

[Livewire]

Aren't these attacks usually done by multiple different IP addresses at the same time?

Yeah, which is why you'd want a plugin or some other addon to perform the check.

Kinda difficult to manually block 1000's of IP's if you're really on someone's OMG YOUR SITE MUST NO LONGER ACCEPT CONNECTIONS list.

 

[jtwhite]

Any suggestions where to look?

 

[masshuu]

the issue with that is false positives and it actually will work toward the DDos, since the system is putting up extra resources to try to block the attack.

I used to know a bot herder. 1,000 is small fry. I think his botnet size at the time i knew him was 9,000 nodes.
9,000 computers trying to load a page twice a second is about 1,000,000 page requests a minute.

as far as i can tell, theres not much you can do if someone wants your server down

 

[Smith6612]

Well, as a few people said here, you can use things such as iptables to block people from connecting to the sites. For a DDoS, you'll want the datacenter to take care of those. Even if they are unable to stop things completely, it'll at least leave the site running slow. But honestly, unless you're posting up content that people don't like (4chan and Scientology attacks last year) or you're doing something stupid, I wouldn't worry about a DDoS. DDoS attacks are geared more towards larger sites when it comes down to it.