Advanced Optimization Guide for DDoS Protection

Protection Against DDoS Attacks

DDoS (Distributed Denial of Service) attacks can render your servers inaccessible by overwhelming them with traffic. These attacks typically occur when multiple systems target the same server simultaneously. In this article, we will discuss advanced optimization techniques to provide DDoS protection.

1. Understanding the Source of the Problem

DDoS attacks are generally classified into two main categories:

• Volume-Based Attacks: These attacks target bandwidth and consume server resources excessively.
• Protocol Attacks: These attacks exploit vulnerabilities in the TCP/IP protocols of the server.

Various methods and optimizations can be applied to prevent these attacks.

2. Basic Configuration via SSH

First, you need to configure necessary firewall and security settings on your server. Follow the steps below:

Step 1: Firewall Configuration

You can configure your firewall with iptables or ufw using the following commands:

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -j DROP

These rules allow traffic to specific ports and block all other traffic.

Step 2: Rate Limiting Configuration

Rate limiting restricts the number of requests from a specific IP address within a certain timeframe. Configure this using the following command:

sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m recent --set
sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 10 --hitcount 20 -j DROP

3. Web Server Optimization

To provide DDoS protection in web servers like LiteSpeed or Nginx, you should apply the following optimizations.

LiteSpeed Settings

If you are using LiteSpeed, adjust your httpd.conf file as follows:

ServerLimit 256
MaxClients 200
KeepAlive On
KeepAliveTimeout 5
Timeout 30

Nginx Settings

If you are using Nginx, update your nginx.conf file as follows:

http {
    limit_req_zone $binary_remote_addr zone=mylimit:10m rate=1r/s;
}
server {
    location / {
        limit_req zone=mylimit burst=5;
    }
}

4. MySQL Optimization

To make your MySQL database resilient against DDoS attacks, optimize your my.cnf file:

[mysqld]
max_connections = 200
wait_timeout = 600
interactive_timeout = 600

5. Final Checks

After updating your configurations, test and monitor your system. Use the following commands to check the status of your server:

sudo netstat -an | grep ':80' | wc -l
sudo netstat -an | grep ':443' | wc -l
sudo iptables -L -n -v

These commands will show open connections on your server and the firewall rules.

Conclusion

DDoS protection is critical for your server security. By following the steps outlined above, you can make your system more resilient and protect against attacks.