RU EN ES

Domain and IP whois

Domains HostingHosting VPS HostingVPS / VDS SSLCertificates Company Company

VPS / VDS hosting >  Web server protection against Flood attacks

Description of settings 

Configuring web server services to protect against small attacks, floods, password guessing attacks. This type of attack is designed to increase the load on the web service, consuming server resources and denial of service due to exhaustion and lack of resources. This guide allows you to configure your server for basic protection against various types of attacks at the server level. In our configuration examples, we used the Centos 7 operating system. 

What is the difference from protection against DDOS attacks?

The Protection against DDOS attacks service is provided in the form of a secure ip address, the traffic for which passes through special equipment and protects against medium and large attacks that are more designed to disable network equipment. But it will not protect the service from small flooding, which can also be harmful, as it simply does not recognize it in view of the small number of bots that access the web server. In the case of a correct approach to server protection, both rules apply, flood protection and protection against ddos ​​attacks. Here we describe how to configure your web server to protect it from flooding. 

Web services

Depending on your chosen web server, there are different methods and types of settings. We have listed the most popular web services in the list and describe the settings for each.

Protection against BruteForce attacks

This type of attack greatly increases the load on the web service. An attacker points to a link to the login form in the admin panel of the site and runs on several bots that start to pick up passwords using the get and post methods. In the logs you will see hundreds, thousands of calls from the same ip addresses. They can create a significant load and disable the web service. For protection, we will use the Fail2Ban service which, in case of exceeding the limit of calls to the same link for 10 minutes, will block the IP address for a certain time. From our experience and observations with this type of attack, the service is able to block about 5000 ip addresses in a short period of time without creating a load on the server. 

Protection against SYN Flood attacks

This type of attack emulates a request from a regular visitor to the site, but unlike a real client, the bot does not wait for a response from the server and sends a new request to the web service, when there are several thousand requests, the service freezes and stops responding. This type of attack is very popular because it does not require large resources to disable an insecure server. The ddos deflate service perfectly reflects this type of attack.

Setting connection limits

Here we will talk about the rules of the firewall, you need to set a limit on the number of connections from one IP address for all services. This rule will help to avoid stack overflow, the limit of which is set in the kernel settings. We will configure in iptables on Centos.

Protection against overload and growth of Load Average

One way or another, there is a different type of attack, and if the security services did not manage to work out or not all filters were set, the load on the server during the attack will increase and ultimately you will lose access to the server, it will stop responding. In order not to lose access when attacking the server, we recommend setting up a script that, in case of high load, will restart the necessary services and perform other actions. 

Conclusion

This type of configuration will reflect most of the small ddos ​​attacks without loss of performance, and also save the site from possible password guessing. This setting must be done 1 time. After some time, you should check the log files, make sure that logrotate is working and the files occupy no more than 5-10 megabytes. In the case of a large size, the Fail2Ban service may not work correctly due to the large amount of data. With this setting, even a server with a small amount of processor and memory resources will work stably. You will also receive notifications by e-mail and you will always be aware of which ip addresses and when it was blocked.

Client Area

Log in

Forgot Password


Sign Up


Check mail:

Mail:
Pass.:

VPS Application catalog

Additional services

Knowledge base

VPS hosting

We were chosen by leading media companies with large volumes of data and high load

Calculate tariff

Domain transfer