Re: [tlug] DDB/CJKV-E Web Host under DDOS attack

[Curt Sampson <cjs@example.com>]

Well, I had a bunch of commments, but then I came across this:

On 2016-03-10 10:24 +1100 (Thu), Jim Breen wrote:

> A rush of requests has lead to a heap of processes (httpd, etc.) being
> spawned, a sudden runout of RAM and swap, and the system eventually
> thrashes itself to death.

That's your number one issue right there. In general, if you *ever*
allow requests to cause new processes to be spawned, you've set yourself
up to be hurt a lot more by a DDOS than you need to be.

>From your other comments (e.g., about wwjdic being in C and not using
an external DBMS) I can see that the system is rather less typical than
I'd first assumed, so any other advice before I properly understand it
(including my advice in messages before this one) is going to be kind of
hit-or-miss.

That said, I find it hard to think of a situation where, for a site like
yours, if properly written, a DDOS could run you out of CPU or disk
before bandwith on "regular" machines (by which I mean, your typical
cheap i7 things without 10GigE interfaces).

Anyway, I'm happy to kick around further ideas about this any time, but
it probably needs a chat rather than just e-mail.

cjs
-- 
Curt Sampson         <cjs@example.com>         +81 90 7737 2974

To iterate is human, to recurse divine.
    - L Peter Deutsch