DDOS Protection on CentOS 5 32-bit

[vegas]

Hello how I disable recursive on CentOS 5 32-bit if it dont have named.conf and in general how do I configure CentOS 5 32-bit in order to be protected against DDOS attacks?
thanks B4 handed

Ok some extra info is that I dont have hosting clients inside my mashine.

 

[rowebca]

First I suggest to read this to understand what is DDos Attack,
http://en.wikipedia.org/wiki/Denial-of-service_attack

...and if it is not clear for you read this:

http://www.prolexic.com/knowledge-center-dos-and-ddos-glossary.html


Regards

 

[HostForce]

Hello,

DDOS can occur at any time, the best and effective method is quick identification whether the box is under DDOS. If yes better to identify the which service is affected and from which IP you are getting high hits. After that you can go ahead with resistance via bllocking IP in firewall or null route your server IP. During the provsion of your server , you can go ahead with a high number of proactive server hardening methods.

 

[wh-coach]

Instead of fixating on the ddos attack theory, the OP wants to disable nameserver recursion.

I'd advise you don't want to completely disable recursion because you want your server to do lookups but just not arbitrary outside parties.

allow-recursion { 127.0.0.1; };

Put that in your options. You should be good.

 

[web-project]

much better to have the hardware firewall with ddos filters, as software not always help to protect from ddos attacks.

 

[Steadfast Andy]

Selecting a host that offers active DDOS filtering is another way to go about getting yourself protected. There are a lot of hosts who partner with companies like BlackLotus, Tata Communications, and others to provide DDOS protection. As long as you are not running a super latency sensitive service (gaming or trading for example) from your server it should be just fine to use this type of service.

 

[ughosting]

A CDN which shields the www domain can also help mitigate a DDoS attack (Akamai/CoTendo etc).

A mirror service like MAXCDN cannot.

 

[hostroyal.us]

Cloudflare is pretty good for ddos attacks

 

[skywebsitehost]

i recommand the use of cloudfare premium plan for ddos protection

 

[kunnusingh]

Install Firewall like CSF,etc and configure settings.

- IP Blog If cross 300 connection or less
- Enable Flood protection
- Enable Port protection
- Block IP if x IP try to use 404 attack

 

[HostSailor]

Install Firewall like CSF,etc and configure settings.

- IP Blog If cross 300 connection or less
- Enable Flood protection
- Enable Port protection
- Block IP if x IP try to use 404 attack

Yes this is one of a good idea firewall I will add fail2ban.

 

[rowebca]

Cloudflare is pretty good for ddos attacks

Cloudflare is nothing else than politics, a real DDos atack will put down your website using Cloudflare. It is "similar" to SEO (same politics), whatever your buying is just a promise and usually politicians are not respecting promises.

Regards

 

[hostlatte]

Yes, I would like to suggest you to use CloudFlare, it will help you to stop any type of DDOS attacks on your website.

 

[24x7server]

Hi,

When its discussed about DDOS, cloudflare is the first thing that comes in their mind. However, its best practice to analyse the nature of the attack first and then decide.

Most of the attack can be dealt with software firewall. I generally tweak the firewall, checks it, see if it working as expected and if it does not, then I would suggest a 3rd party paid service to have it fixed.

 

[r9host]

CSF firewall offer some featue for DDoS protection. It has some settings using which you can limit max number of connections can be established from a single IP on each port within specified interval such as CONNLIMIT. Please CSF read me document.

http://download.configserver.com/csf/readme.txt