Blocking by country and high connection counts hosting servers

Most of our hosting servers run Centos Linux but we have Windows servers too and a problem common to both is the occasional high volume of traffic generated by non organic growth.  I don’t mean that someones blog hits the front page of digg, rather a malicious or DDOS attack against a website.  On shared hosting this will effect all sites on the server.  There are bandwidth control tools for both operating systems but they all come at a price to CPU or wallet or both.  I have tried all I could find and none of them have been effective.

Some datacenters offer solutions which usually require traffic being filtered before it reaches your server.  This has obvious advantages but comes with one major drawback and that is you have lost control of your network and are relying on unknown parameters setup by your datacenter, and this can result in false positives which may include potential business for your customers

Liquidweb are the only datacenter I have used to date that rely on monitoring service to alert them of a problem plus a human to decide the appropriate reaction.  As they will notify you of changes made or any IP’s blocked you can recover the situation if they block access incorrectly.  This is as close to remaining in control and could be enough for your needs.

Another way is to utilise services built-in to the operating system.  In the attached autoban.zip file I have prepared bash and php files which placed into a cron monitors connections by count and rejects those who try to open too many.  You can also ban countries from accessing your website too.  Parameters allow you to choose how long the ban should be for and you can set levels so that should someone repeatedly be trying to attack the server their ban can be extended.  I find a 1 hour ban followed by a 3 hour, then 6 hour and then a 31 day ban completely eradicates Denial of Service Attacks.

autoban

You will need root access to the server, see readme.txt for instructions.