Denial-of-service attack … in an image.

Hi,

Not strictly PHP but something that any web programmer might have to deal with from time to time: denial-of-service attack (DoS attack).

What is a DOS attack?

Some dirty nerd (or group of dirty rat bastard nerds) decide they want to make your site or your servers unusable or at least, much less usable. What they do is flood the server with request in attempt to overload the CPU, memory and bandwidth.

… It just happend to me here on the killersites.com/killerphp.com servers. Some jerk-store using a microsoft server out of Washington, started flooding our PHP based forum with request … millions a day in fact! We have a fairly new dedicated server with multi-core processors, so we did not go down, but the server did get noticeably slower.

How did I discover it?

Besides noticing the server was acting a little sluggish (kinda like me after a few beers,) I popped open the web stats and noticed a huge amount of traffic from one IP address – that isolated source of big traffic pretty much tells you what you need to know.

How do you fix it?

Well, a good firewall is supposed to catch these things and block them … it seems my firewall falls asleep on the job sometimes, so in this case, I had to manually go in and ban the IP address. Once banned, any request from that IP are just dropped. This is not a perfect solution since the nefarious nerds can then just switch IP’s to continue the attack … but it seems to have done the trick this time.

Check out the chart below, showing the KillerSites server traffic flow, before and after I blocked the attacker’s IP:

Thanks,

Stefan Mischook
killerphp.com