How protect from DDOS attack? [closed]

I have many requests with refferer like alexa.com google.com and etc. to main and couple another pages of site. Line from access.log

109.172.15.39 - - [11/Jan/2013:02:30:30 +0400] "GET /topic?criteria=%&x=0&y=0&pageNo=34 HTTP/1.1" 403 571 "http://www.alexa.com/" "Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.1)"

I use iptables to block ips by hand but I found script (D)DoS Deflate and added it to cron but It's gave any results. After that I add to nginx config next

if ($http_referer ~* "ask\.com") {
    return 403;
}
....

It's working and I can open site now. But I think it isn't good idea. Please advise some methods to protect from DDOS attack.


Using iptables to block a DoS attack is not a valid solution. Your firewall has to drop the packets, so doesn't that mean the traffic is going to do the damage either way? Bandwidth consumption is the real issue here.

I would suggest contacting your ISP so they can stop the attack on the backbone.

note I would consider other reasons for your site being unresponsive. With what you've provided, I don't see a reason to think that it's a large amount of traffic causing problems.