Tips on How to Stop or Slow Down a DDoS Attack

Visual DDoS AttackSome DDoS attacks are so strong that they just take down your server. The only way you have then to try & get rid of it is to contact your hosting provider to find some solution for you (or pay for DDoS protection). But sometimes the server manages to keep running although under attack, in this case you may be able to do somethings to at least reduce the impact of the DDoS & loads on server while working on a permanent solution. Let’s review some I could figure out from a personal experience..

Lighten your pages

The most obvious thing to do is to make your site’s pages lighter, if you have some heavy pictures displayed & other content that is not vital for the site (in your sidebars maybe), it’s better to remove them temporarily.

Remove, change the targeted page or direct users from it

Note: This & the following tips rely on data you gather from your server logs or a visitors tracker installed on your pages like StatCounter.

The DDoSer will probably use 1000s of Botnets to access your homepage & load it like crazy.

In this case the best way to bypass the attack is to direct the bots from the struck page to a 1 pixel image or a very light page containing some short message for the real visitors with a link to a valid page. It may be annoying to sacrifice a key page on the site, but it’s better than to have all the site down or very hard to access. If your main page is a PHP file (most likely index.php) you can add the following line (highlighted with red) to it after putting the original lines between /* & */ to deactivate them

<?php
header( 'Location: http://somesite.com/redirected.htm' ) ;
/*
usual content of the file
*/

?>

If possible you could also keep the targeted page but remove all unnecessary texts, scripts & images.

Ban IE6 browser users!

It seems Internet Explorer is the most homey environment for Botnets, especially IE6. In my experience I noticed that +50% of the evil bots run on IE6, which means that by just redirecting its users you’d evacuate half of the DDoS strength!

Of course some of your real visitors may use IE6 (probably 20%?) but remember that this is an emergency solution. Personally I’d prefer to even direct IE7 & IE8 users to a page inviting them to download Firefox! Below is the PHP code to redirect IE6 browser (the red part)

<?php
if (strpos($ua,'MSIE') != false && strpos($ua,'Opera') === false)
{
if (strpos($ua,'Windows NT 5.2') != false)
{
if(strpos($ua,'.NET CLR') === false) return;
}
if (substr($ua,strpos($ua,'MSIE')+5,1) < 7)
{
header('Location: http://somesite.com/redirected.htm');
}
}

any remaining codes
?>

More about the code above Here.

Ban some IPs / Countries

Check your logs to see what IPs are attacking you, check also the countries they belong to. It’s difficult to ban them all, but you can ban ranges of IPs. If you see a lot of them coming from a country that doesn’t send you much visitors usually & that probably doesn’t even speak your site’s language, you could ban that whole country (temporarily of course).

Your .htaccess file allows you to ban IPs. You’d have it in the root of your website, create it if you don’t. In the end of it add lines like these:

order allow,deny
deny from 172.16.160.15
deny from 172.16.209.

allow from all

deny from 172.16.160.15 will deny only one IP.
deny from 172.16.209. will deny a range of IPs, all those starting with 172.16.209.

To ban more IPs & ranges add more lines before the allow from all line. (Banning ranges should be with moderation, it can be worse than the DDoS!)

For more ways on banning bots & folks using .htaccess read Here.

2 Responses to “Tips on How to Stop or Slow Down a DDoS Attack”

  1. seeAREpea Says:

    Thanks. As for banning IE6, is there a way to that without php
    and
    so that users who have bookmarked an internal page would also be prevented from using IE6 to do so?

  2. MuMu Says:

    Hello, I’m not sure about that .. but you could add the code above manually to any php page on your server.

Leave a Reply