Saturday, 12 January 2013

Mitigating the DDOS attack in cPanel server

Recently I came across a situation of DDOS attack in which a particular domain of a cPanel server was under attack. Simply, we can suspend the domain which is under attack to solve the issue.

But there is a way of mitigating the attack, that is to limit the number of connections to the domain under attack.

If you have compiled Apache with mod_bw, then you will be able to limit the connections to that domain.

Run the following command in shell:
===
/scripts/setbwlimit --domain=domain.com --limit=256000
====
 
This will create the necessary mod_bw config file and limit throughput of the domain 
to 256kb.
 
Next edit the following file
====
/usr/local/apache/conf/userdata/std/2/username/domain.com/cp_bw_all_limit.conf 
====
 
The file looks as below:
====
<IfModule mod_bw.c>
  MaxConnection all 1
  ForceBandWidthModule On
  BandWidthModule On
  BandWidth all 256000
</IfModule>
<IfModule mod_bandwidth.c>
  MaxConnection all 1
  ForceBandWidthModule On
  BandWidthModule On
  BandWidth all 256000
</IfModule>
====
 
This will allow only one connection to the domain at a time.
 
Restart apache 
===
/etc/init.d/httpd graceful
===
 
After the attack is over just comment the lines in the above mentioned file and 
restart apache. 

No comments:

Post a comment

Note: only a member of this blog may post a comment.