--001636b2b034458a9004756c8d6d
Content-Type: text/plain; charset=ISO-8859-1
Hi everybody!
I want to get some tips about how avoid a attack of Denial of service. May
be somebody can about your experience with Php o some configuration of
apache, o other software that help in these case.
Thanks in advance.
--
Gerardo Benitez
--001636b2b034458a9004756c8d6d--
--0016368e26deb10d6a04756d07f1
Content-Type: text/plain; charset=ISO-8859-1
Not sure what exactly you are looking for.
Anyways, some common practice are request for API key, username / password
tokens before providing access to a service.
Thanks,
Gaurav Kumar
On Thu, Oct 8, 2009 at 7:06 PM, Gerardo Benitez
> Hi everybody!
>
>
> I want to get some tips about how avoid a attack of Denial of service. May
> be somebody can about your experience with Php o some configuration of
> apache, o other software that help in these case.
>
>
> Thanks in advance.
>
>
> --
> Gerardo Benitez
>
--0016368e26deb10d6a04756d07f1--
--=-ALLrnNqHyLoQbExES4uP
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
On Thu, 2009-10-08 at 19:40 +0530, Gaurav Kumar wrote:
> Not sure what exactly you are looking for.
>
> Anyways, some common practice are request for API key, username / password
> tokens before providing access to a service.
>
> Thanks,
>
> Gaurav Kumar
>
>
> On Thu, Oct 8, 2009 at 7:06 PM, Gerardo Benitez
>
> > Hi everybody!
> >
> >
> > I want to get some tips about how avoid a attack of Denial of service. May
> > be somebody can about your experience with Php o some configuration of
> > apache, o other software that help in these case.
> >
> >
> > Thanks in advance.
> >
> >
> > --
> > Gerardo Benitez
> >
If you are using Apache there are a bunch of different DoS modules that
you can use:
http://www.google.co.uk/search?q=apache
+dos&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&c lient=firefox-a
Also, if you are in full control of the server, you may be able to
configure firewalls for this sort of thing.
It gets more complex when you're attacked with a DDoS (Distributed
Denial of Service) as there's no real hard-and-fast way to prevent them,
as they could genuinely be legitimate requests to your server and not
attacks. As a distributed attack comes from many sources, you can't
reliably differentiate the valid requests from the malicious ones.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--=-ALLrnNqHyLoQbExES4uP--
Gerardo Benitez wrote:
> Hi everybody!
>
>
> I want to get some tips about how avoid a attack of Denial of service. May
> be somebody can about your experience with Php o some configuration of
> apache, o other software that help in these case.
>
>
> Thanks in advance.
>
>
Unplug the network cable :)
--
Peter Ford phone: 01580 893333
Developer fax: 01580 893399
Justcroft International Ltd., Staplehurst, Kent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--_000_E2C046087E10D943811A0BD0A4E8316D1B57CD13B8ankaraanado lu_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
UEhQIGlzIG5vdCB0aGUgcmlnaHQgcGxhY2UgdG8gZmluZCBhbnN3ZXIgdG8g YXZvaWQgRERvUyBh
dHRhY2suIFlvdXIgc2VydmVyIGNvbmZpZ3VyYXRpb24gYW5kIGZpcmV3YWxs IHNvZnR3YXJlL2hh
cmR3YXJlIHNob3VsZCB0cnkgYXZvaWRpbmcgaXQgKGlmIHRoZXkgY2FuKQ0K DQoNCi0tLS0tT3Jp
Z2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBQZXRlciBGb3JkIFttYWlsdG86 cGV0ZUBqdXN0Y3Jv
ZnQuY29tXQ0KU2VudDogRnJpZGF5LCBPY3RvYmVyIDA5LCAyMDA5IDExOjA4 IEFNDQpUbzogcGhw
LWdlbmVyYWxAbGlzdHMucGhwLm5ldA0KU3ViamVjdDogW1BIUF0gUmU6IGF2 b2lkIERlbmlhbCBv
ZiBTZXJ2aWNlDQoNCkdlcmFyZG8gQmVuaXRleiB3cm90ZToNCj4gSGkgZXZl cnlib2R5IQ0KPg0K
Pg0KPiBJIHdhbnQgdG8gZ2V0IHNvbWUgdGlwcyBhYm91dCBob3cgYXZvaWQg YSBhdHRhY2sgb2Yg
RGVuaWFsIG9mIHNlcnZpY2UuICBNYXkNCj4gYmUgc29tZWJvZHkgY2FuIGFi b3V0IHlvdXIgZXhw
ZXJpZW5jZSB3aXRoIFBocCBvIHNvbWUgY29uZmlndXJhdGlvbiBvZg0KPiBh cGFjaGUsIG8gb3Ro
ZXIgc29mdHdhcmUgdGhhdCBoZWxwIGluIHRoZXNlIGNhc2UuDQo+DQo+DQo+ IFRoYW5rcyBpbiBh
ZHZhbmNlLg0KPg0KPg0KDQpVbnBsdWcgdGhlIG5ldHdvcmsgY2FibGUgOikN Cg0KLS0NClBldGVy
IEZvcmQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwaG9uZTogMDE1 ODAgODkzMzMzDQpE
ZXZlbG9wZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmF4OiAg IDAxNTgwIDg5MzM5
OQ0KSnVzdGNyb2Z0IEludGVybmF0aW9uYWwgTHRkLiwgU3RhcGxlaHVyc3Qs IEtlbnQNCg0KLS0N
ClBIUCBHZW5lcmFsIE1haWxpbmcgTGlzdCAoaHR0cDovL3d3dy5waHAubmV0 LykNClRvIHVuc3Vi
c2NyaWJlLCB2aXNpdDogaHR0cDovL3d3dy5waHAubmV0L3Vuc3ViLnBocA0K DQoNCg0KICBfX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KQnUgbWVzYWogdmUgZWts ZXJpLCBtZXNhamRh
IGfDtm5kZXJpbGRpxJ9pIGJlbGlydGlsZW4ga2nFn2kva2nFn2lsZXJlIMO2 emVsZGlyIHZlIGdp
emxpZGlyLiBTaXplIHlhbmzEscWfbMSxa2xhIHVsYcWfbcSxxZ9zYSBsw7x0 ZmVuIGfDtm5kZXJl
biBraXNpeWkgYmlsZ2lsZW5kaXJpbml6IHZlIG1lc2FqxLEgc2lzdGVtaW5p emRlbiBzaWxpbml6
LiBNZXNhaiB2ZSBla2xlcmluaW4gacOnZXJpxJ9pIGlsZSBpbGdpbGkgb2xh cmFrIMWfaXJrZXRp
bWl6aW4gaGVyaGFuZ2kgYmlyIGh1a3VraSBzb3J1bWx1bHXEn3UgYnVsdW5t YW1ha3RhZMSxci4g
xZ5pcmtldGltaXogbWVzYWrEsW4gdmUgYmlsZ2lsZXJpbmluIHNpemUgZGXE n2nFn2lrbGnEn2Ug
dcSfcmF5YXJhayB2ZXlhIGdlw6cgdWxhxZ9tYXPEsW5kYW4sIGLDvHTDvG5s w7zEn8O8bsO8biB2
ZSBnaXpsaWxpxJ9pbmluIGtvcnVuYW1hbWFzxLFuZGFuLCB2aXLDvHMgacOn ZXJtZXNpbmRlbiB2
ZSBiaWxnaXNheWFyIHNpc3RlbWluaXplIHZlcmViaWxlY2XEn2kgaGVyaGFu Z2kgYmlyIHphcmFy
ZGFuIHNvcnVtbHUgdHV0dWxhbWF6Lg0KDQpUaGlzIG1lc3NhZ2UgYW5kIGF0 dGFjaG1lbnRzIGFy
ZSBjb25maWRlbnRpYWwgYW5kIGludGVuZGVkIGZvciB0aGUgaW5kaXZpZHVh bChzKSBzdGF0ZWQg
aW4gdGhpcyBtZXNzYWdlLiBJZiB5b3UgcmVjZWl2ZWQgdGhpcyBtZXNzYWdl IGluIGVycm9yLCBw
bGVhc2UgaW1tZWRpYXRlbHkgbm90aWZ5IHRoZSBzZW5kZXIgYW5kIGRlbGV0 ZSBpdCBmcm9tIHlv
dXIgc3lzdGVtLiBPdXIgY29tcGFueSBoYXMgbm8gbGVnYWwgcmVzcG9uc2li aWxpdHkgZm9yIHRo
ZSBjb250ZW50cyBvZiB0aGUgbWVzc2FnZSBhbmQgaXRzIGF0dGFjaG1lbnRz LiBPdXIgY29tcGFu
eSBzaGFsbCBoYXZlIG5vIGxpYWJpbGl0eSBmb3IgYW55IGNoYW5nZXMgb3Ig bGF0ZSByZWNlaXZp
bmcsIGxvc3Mgb2YgaW50ZWdyaXR5IGFuZCBjb25maWRlbnRpYWxpdHksIHZp cnVzZXMgYW5kIGFu
eSBkYW1hZ2VzIGNhdXNlZCBpbiBhbnl3YXkgdG8geW91ciBjb21wdXRlciBz eXN0ZW0uDQo=
--_000_E2C046087E10D943811A0BD0A4E8316D1B57CD13B8ankaraanado lu_--
-----Original Message-----
From: Ashley Sheridan [mailto:ash@ashleysheridan.co.uk]
Sent: 08 October 2009 04:20 PM
To: Gaurav Kumar
Cc: Gerardo Benitez; php-general@lists.php.net
Subject: Re: [PHP] avoid Denial of Service
On Thu, 2009-10-08 at 19:40 +0530, Gaurav Kumar wrote:
> Not sure what exactly you are looking for.
>
> Anyways, some common practice are request for API key, username / password
> tokens before providing access to a service.
>
> Thanks,
>
> Gaurav Kumar
>
>
> On Thu, Oct 8, 2009 at 7:06 PM, Gerardo Benitez
>
> > Hi everybody!
> >
> >
> > I want to get some tips about how avoid a attack of Denial of service.
May
> > be somebody can about your experience with Php o some configuration of
> > apache, o other software that help in these case.
> >
> >
> > Thanks in advance.
> >
> >
> > --
> > Gerardo Benitez
> >
If you are using Apache there are a bunch of different DoS modules that
you can use:
http://www.google.co.uk/search?q=apache
+dos&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&c lient=firefox-a
Also, if you are in full control of the server, you may be able to
configure firewalls for this sort of thing.
It gets more complex when you're attacked with a DDoS (Distributed
Denial of Service) as there's no real hard-and-fast way to prevent them,
as they could genuinely be legitimate requests to your server and not
attacks. As a distributed attack comes from many sources, you can't
reliably differentiate the valid requests from the malicious ones.
And then you don't want to block the legitimate requests as you would be
denying visitors your service...
Angelo
http://www.elemental.co.za
http://www.wapit.co.za
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php