[Loki123]

Does someone still use PHP DDOS mitigation scripts today when alternatives that are much better (cloudflare) are available ?

[Aiba]

Does someone still use PHP DDOS mitigation scripts today when alternatives that are much better (cloudflare) are available ?

free cloudflare doesnt work well against layer 7 attacks, and its always handy to have some extra security

[Loki123]

free cloudflare doesnt work well against layer 7 attacks, and its always handy to have some extra security

Layer 7 attack vendors are usually if not always the developers fault or the applications fault. For example Apache and slowloris.

Most layer 7 attacks can be easily mitigated with a firewall rule and so on. Php should never be used, causes more harm than good in a situation where you are actually attacked.

[Angel Beats]

Layer 7 attack vendors are usually if not always the developers fault or the applications fault. For example Apache and slowloris.

Most layer 7 attacks can be easily mitigated with a firewall rule and so on. Php should never be used, causes more harm than good in a situation where you are actually attacked.

Erm actually most Layer 7 attacks are NOT the fault of the developers. As long as your packets look like a real users packets you will still use a lot of valuable resources.

[pvnk]

Erm actually most Layer 7 attacks are NOT the fault of the developers. As long as your packets look like a real users packets you will still use a lot of valuable resources.

This member is correct.

[Loki123]

Erm actually most Layer 7 attacks are NOT the fault of the developers. As long as your packets look like a real users packets you will still use a lot of valuable resources.

*Developers and system administrators fault.*

I assume you are talking about a Layer 7 attack where a button is pressed repeatedly and so on. Thus; Completely legitimate packet that is repeated over and over again. It is quite simple to mitigate those with a simple iptables rules set. Just limit how many connections each IP address can make to your server per X seconds, if the IP address sends say 600 requests per second (hypothetical) and your limit is 500 per second he will be banned from making further requests for the next hour or so. As soon as these packets aren't reaching the web page, it doesn't do much more harm than trying, badly, to fill up your bandwidth.

That is just one example of a mitigation that works.

[meow]

*Developers and system administrators fault.*

I assume you are talking about a Layer 7 attack where a button is pressed repeatedly and so on. Thus; Completely legitimate packet that is repeated over and over again. It is quite simple to mitigate those with a simple iptables rules set. Just limit how many connections each IP address can make to your server per X seconds, if the IP address sends say 600 requests per second (hypothetical) and your limit is 500 per second he will be banned from making further requests for the next hour or so. As soon as these packets aren't reaching the web page, it doesn't do much more harm than trying, badly, to fill up your bandwidth.

That is just one example of a mitigation that works.

You obviously have no idea how real application-layer floods work in the wild.

[Loki123]

You obviously have no idea how real application-layer floods work in the wild.

No, no, obviously I don't. Not that I have owned anything larger than a bittorrent site that currently has about 50,000 torrents, 60,000 users and the largest one ever in my country that was constantly under these type of attacks.. Nor have I applied these kind of techniques myself over the years.. Obviously I have no real experience with this.

Oh, wait, I did and I have! Fuck....

[meow]

No, no, obviously I don't. Not that I have owned anything larger than a bittorrent site that currently has about 50,000 torrents, 60,000 users and the largest one ever in my country that was constantly under these type of attacks.. Nor have I applied these kind of techniques myself over the years.. Obviously I have no real experience with this.

Oh, wait, I did and I have! Fuck....

Even if everything you said in that post was true (probably isn't, but let's say it was true for the sake of this post), it doesn't change the fact that most actual application layer floods are performed by people who know what they're doing and/or sophisticated scripts to do it for them. Your claim that mitigating layer-7 floods is easy because it's all going to be from the same IP is completely false. Even skids know that the requests in an l7 flood are (or should be, at least) sent from different IP address to avoid that kind of mitigating. Furthermore, the requests sent in the attack aren't all the same, otherwise you're right, it would be easy to mitigate. But that's just not how the world works.

If you don't believe me or still think I'm wrong, go look at some packet captures from victims of actual layer-7 floods. I hate to sound arrogant, but you'll find that I'm right.

[Loki123]

Even if everything you said in that post was true (probably isn't, but let's say it was true for the sake of this post), it doesn't change the fact that most actual application layer floods are performed by people who know what they're doing and/or sophisticated scripts to do it for them. Your claim that mitigating layer-7 floods is easy because it's all going to be from the same IP is completely false. Even skids know that the requests in an l7 flood are (or should be, at least) sent from different IP address to avoid that kind of mitigating. Furthermore, the requests sent in the attack aren't all the same, otherwise you're right, it would be easy to mitigate. But that's just not how the world works.

If you don't believe me or still think I'm wrong, go look at some packet captures from victims of actual layer-7 floods. I hate to sound arrogant, but you'll find that I'm right.

You do realize that i never said you were wrong, incorrect or anything a like. You are imagining that part. I assume you have never seen one in action because it is relatively easy to mitigate these attacks, they don't flood your connection, meaning you can alter the firewall to match the package. The ip was an example, not near always the exact match to a pattern but a pattern always exist that you use to mitigate the attack.

Again, i never said you were wrong, that part is in your head. And everything you said doesn't change the point of a php script not being the appropriate method. I've mentioned two method better which was my original point. Firewall and cloudflare.

Edit: actually, you are wrong. On the part where you said I don't know how live application layer attack is.. That part is just dumb post that holds no value in the thread either way.