The last week we had some downtimes due to a distributed denial-of-service attack. I’m not sure if it was directly related to our Kamibu projects because there is a bug in the current lighttpd version. An attack can cause a bufferoverflow of Lighttpd with a DDoS. So at all someone tried to get our sites down.
Our solution is very easy. We created a little script fetching all connections by using netstat, counting the number of connections per IP and if there are more than x connections from a certain IP it will add the IP to our firewall. Very simple but helpfull. We execute the script periodically to stop a possible DDoS.