DDOS attack - How to prevent [duplicate]
Fundamentally, such denial of service attacks involve sending the server more requests than it can handle. It can be a large number of bots sending simple requests (though it does not require billions to bring down a single server - a few thousand tops) or a handful of bots sending requests that are notoriously long to execute.
The second attack type is the most vicious, because a single bot could conceivably bring down a server. For instance, MySQL's LIMIT N OFFSET M
is notoriously slow when M
becomes large, so a simple attack would be to request pages 200-300 out of 500 in quick succession, clogging all the MySQL worker threads. On an unprotected server, this can be done with firebug. The only solution is to identify costly operations and then either optimize the hell out of them, make them sequential (so that clogging that part of the site does not bring down the rest of the site), or detect IPs that ask for costly operations and refuse to perform that operation unless a certain wait interval is respected.
The first attack type is harder to pull off, because you need many bots. On the other hand, it's also harder to stop from the server: if you have thousands of bots sending you data as fast as they can, your bandwidth will be eaten up by the flood and there's nothing the server can do about it (even if it flat out refuses 99% of those requests), so a router with flood prevention is a good bet if you think you might be a target.