DDOS is a family of attacks which overwhelm key systems in the datacenter including:

DDOS 是一系列攻击，它们会淹没数据中心的关键系统，包括：

• The hosting center's network connection to the internet
• The hosting center's internal network and routers
• Your firewall and load balancers
• Your web servers, application servers and database.

• 托管中心与互联网的网络连接
• 托管中心的内部网络和路由器
• 您的防火墙和负载平衡器
• 您的 Web 服务器、应用程序服务器和数据库。

Before you start on building your DDOS defence, consider what the worst-case value-at-risk is. For a non-critical, free-to-use service for a small community, the total value at risk might be peanuts. For a paid-for, public-facing, mission-critical system for an established multi-billion dollar business, the value might be the worth of the company. In this latter case, you shouldn't be using StackExchange :) Anyway, to defend against DDOS, you need a defence in-depth approach:

在开始构建 DDOS 防御之前，请考虑最坏情况下的风险价值是什么。对于小型社区的非关键、免费使用的服务，风险的总价值可能是花生。对于已建立的数十亿美元业务的付费、面向公众、任务关键型系统，其价值可能就是公司的价值。在后一种情况下，您不应该使用 StackExchange :) 无论如何，要防御 DDOS，您需要一种深度防御方法：

1. Work with your hosting centerto understand the services they offer, including IP and port filtering at their network connections to the internet and firewall services they offer. This is critical: Many sites are pulled from the internet by the hosting companyas the hosting company deals with the data center-wide disruption caused by the DDOS to one customer. Also, during an DDOS attack, you will be working very closely with the hosting center's staff, so know their emergency numbers and be on good terms with them :) They should be able to block of whole international regions, completely block specific services or network protocols and other broad-spectrum defensive measures, or alternatively allow only whitelisted IPs (depending on your business model)
2. While on the hosting center - use a Content Delivery Networkto distribute (mainly static) services close to your end users and hide your real servers from the DDOS architects. The full CDN is too big for a DDOS to take out all nodes in all countries; if the DDOS is focused on one country, at least other users are still OK.

3. Keep all your systems and software packages updated with the latest security patches- and I mean all of them:

   • Managed switches - yup these sometimes need updating
   • Routers
   • Firewalls
   • Load balancers
   • Operating systems
   • Web servers
   • Languages and their libraries

4. Ensure that you have a good firewall or security applianceset up and regularly reviewed by a qualified security expert. Strong rules on the firewall are a good defence against many simple attacks. It's also useful to be able to manage bandwidth available for each open service.

5. Have good network monitoring toolsin place - this can help you understand:

   • That you're under attack rather than simply being under heavy load
   • Where the attack is coming from (which may include countries you don't normally do business with) and
   • What the attack actually is (ports, services, protocols, IPs and packet contents)

6. The attack might simply be heavy use of legitimate web site services (eg hitting 'legal' URIs running queries or inserting/updating/deleting data) - thousands or millions of requests coming from tens to millions of different IP addresses will bring a site to its knees. Alternatively, some services might be so expensive to run that only a few requests cause a DOS - think a really expensive report. So you need good application level monitoringof what is going on:

   • Which services have been invoked and what arguments/data are sent (i.e. logging in your application)
   • Which users are doing the invoking and from which IPs (i.e. logging in your application)
   • What queries and inserts/updates/deletes the DB is performing
   • Load average, CPU utilization, disk i/o, network traffic on all computers (and VMs) in your system
   • Making sure that all this information is easily retrievable and that you can correlate logs from different computers and services (i.e. ensure all computers are time synchronized using ntp).

7. Sensible constraints and limits in your application. For example, you might:

   • Use a QoS feature in the load balancer to send all anonymous sessions to separate application servers in your cluster, while logged-on users use another set. This prevents an application-level anonymous DDOS taking out valuable customers
   • Using a strong CAPCHA to protect anonymous services
   • Session timeouts
   • Have a session-limit or rate-limit on certain types of request like reports. Ensure that you can turn off anonymous access if necessary
   • Ensure that a user has a limit to the number of concurrent sessions (to prevent a hacked account logging on a million times)
   • Have different database application users for different services (eg transactional use vs. reporting use) and use database resource management to prevent one type of web request from overwhelming all others
   • If possible make these constraints dynamic, or at least configurable. This way, while you are under attack, you can set aggressive temporary limits in place ('throttling' the attack), such as only one session per user, and no anonymous access. This is certainly not great for your customers, but a lot better than having no service at all.

8. Last, but not least, write a DOS Response Plandocument and get this internally reviewed by all relevant parties: Business, Management, the SW dev team, the IT team and a security expert. The process of writing the document will cause you and your team to think through the issues and help you to be prepared if the worst should happen at 3am on your day off. The document should cover (among other things):

   • What is at risk, and the cost to the business
   • Measures taken to protect the assets
   • How an attack is detected
   • The planned response and escalation procedure
   • Processes to keep the system and this document up-to-date

1. 与您的托管中心合作，了解他们提供的服务，包括他们提供的互联网连接的 IP 和端口过滤以及他们提供的防火墙服务。这很关键：托管公司将许多站点从 Internet 上撤下，因为托管公司要处理由 DDOS 对一位客户造成的数据中心范围的中断。此外，在 DDOS 攻击期间，您将与托管中心的工作人员密切合作，因此了解他们的紧急电话号码并与他们保持良好关系:) 他们应该能够阻止整个国际区域，完全阻止特定服务或网络协议和其他广谱防御措施，或者仅允许列入白名单的 IP（取决于您的商业模式）
2. 在托管中心时 - 使用内容交付网络在靠近最终用户的位置分发（主要是静态的）服务，并向 DDOS 架构师隐藏您的真实服务器。完整的 CDN 太大，DDOS 无法删除所有国家/地区的所有节点；如果 DDOS 集中在一个国家，至少其他用户还可以。

3. 使用最新的安全补丁更新您的所有系统和软件包- 我的意思是所有这些：

   • 托管交换机 - 是的，这些有时需要更新
   • 路由器
   • 防火墙
   • 负载均衡器
   • 操作系统
   • 网络服务器
   • 语言及其库

4. 确保你有一个好的防火墙或安全设备设置，并定期由合格的安全专家。防火墙上的强规则可以很好地防御许多简单的攻击。能够管理每个开放服务的可用带宽也很有用。

5. 拥有良好的网络监控工具- 这可以帮助您了解：

   • 你受到攻击而不是简单地承受沉重的负担
   • 攻击来自何处（可能包括您通常不与之开展业务的国家/地区）和
   • 攻击实际上是什么（端口、服务、协议、IP 和数据包内容）

6. 攻击可能只是大量使用合法的网站服务（例如，运行查询或插入/更新/删除数据的“合法”URI）——来自数千万到数百万个不同 IP 地址的数千或数百万个请求会将站点带到其膝盖。或者，某些服务的运行成本可能非常高，以至于只有少数请求会导致 DOS - 想想一个非常昂贵的报告。因此，您需要对正在发生的事情进行良好的应用程序级别监控：

   • 调用了哪些服务以及发送了哪些参数/数据（即登录您的应用程序）
   • 哪些用户正在执行调用以及来自哪些 IP（即登录您的应用程序）
   • 数据库正在执行哪些查询和插入/更新/删除操作
   • 系统中所有计算机（和 VM）上的平均负载、CPU 利用率、磁盘 I/O、网络流量
   • 确保所有这些信息都可以轻松检索，并且您可以关联来自不同计算机和服务的日志（即确保所有计算机都使用 ntp 进行时间同步）。

7. 应用程序中的合理约束和限制。例如，您可能会：

   • 使用负载均衡器中的 QoS 功能将所有匿名会话发送到集群中单独的应用程序服务器，而登录用户使用另一组。这可以防止应用程序级别的匿名 DDOS 带走有价值的客户
   • 使用强大的 CAPCHA 保护匿名服务
   • 会话超时
   • 对某些类型的请求（如报告）设置会话限制或速率限制。确保您可以在必要时关闭匿名访问
   • 确保用户对并发会话数有限制（防止被黑账户登录百万次）
   • 为不同的服务（例如事务使用与报告使用）设置不同的数据库应用程序用户，并使用数据库资源管理来防止一种类型的 Web 请求压倒所有其他类型的请求
   • 如果可能，使这些约束成为动态的，或者至少是可配置的。这样，当您受到攻击时，您可以设置激进的临时限制（“限制”攻击），例如每个用户只有一个会话，并且没有匿名访问。这对您的客户来说当然不是很好，但比根本没有服务要好得多。

8. 最后，但并非最不重要的是，编写一份DOS 响应计划文档，并让所有相关方进行内部：业务、管理、软件开发团队、IT 团队和安全专家。编写文档的过程将使您和您的团队仔细考虑问题，并帮助您做好准备，以防最坏的情况发生在您休息日的凌晨 3 点。该文件应包括（除其他外）：

   • 有什么风险，以及企业的成本
   • 为保护资产而采取的措施
   • 如何检测攻击
   • 计划的响应和升级程序
   • 使系统和本文档保持最新的流程

So, preamble aside, here are some specific answers:

所以，除了序言，这里有一些具体的答案：

DDOS are generally blocked on a server level, right?

DDOS 通常在服务器级别被阻止，对吗？

Not really - most of the worst DDOS attacks are low-level (at the IP packet level) and are handled by routing rules, firewalls, and security devices developed to handle DDOS attacks.

并非如此 - 大多数最严重的 DDOS 攻击都是低级别的（在 IP 数据包级别），并且由路由规则、防火墙和为处理 DDOS 攻击而开发的安全设备处理。

Is there a way to block it on a PHP level, or at least reduce it?

有没有办法在 PHP 级别阻止它，或者至少减少它？

Some DDOS attacks are aimed at the application itself, sending valid URIs and HTTP requests. When the rate of requests goes up, your server(s) begin to struggle and you will have an SLA outage. In this case, there are things you can do at the PHP level:

一些 DDOS 攻击针对应用程序本身，发送有效的 URI 和 HTTP 请求。当请求率上升时，您的服务器开始出现问题，您将遇到 SLA 中断。在这种情况下，您可以在 PHP 级别执行以下操作：

• Application level monitoring: Ensure each service/page logs requests in a way that you can see what is going on (so you can take actions to mitigate the attack). Some ideas:

  • Have a log format that you can easily load into a log tool (or Excel or similar), and parse with command-line tools (grep, sed, awk). Remember that a DDOS will generate millions of lines of log. You will likely need to slice'n'dice your logs (especially with respect to URI, time, IP and user) to work out what is going on, and need to generate data such as:

    • What URIs are being accessed
    • What URIs are failing at a high rate (a likely indicator of the specific URIs the attackers are attacking)
    • Which users are accessing the service
    • How many IPs are each user accessing the service from
    • What URIs are anonymous users accessing
    • What arguments are being used for a given service
    • Audit a specific users actions

  • Log the IP address of each request. DON'T reverse DNS this - ironically the cost of doing this makes a DDOS easier for the attackers

  • Log the whole URI and HTTP method, eg "GET http://example.com/path/to/service?arg1=ddos"
  • Log the User ID if present
  • Log important HTTP arguments

• Sensible rate limits: You might implement limits on how many requests a given IP or User can make in a given time period. Could a legitimate customer make more than 10 requests per second? Can anonymous users access expensive reports at all?

• CAPTCHA for anonymous access: Implement a CAPTCHA for all anonymous requests to verify that the user is a person, not a DDOS bot.

• 应用程序级监控：确保每个服务/页面以一种您可以看到发生了什么的方式记录请求（以便您可以采取措施减轻攻击）。一些想法：

  • 拥有可以轻松加载到日志工具（或 Excel 或类似工具）中的日志格式，并使用命令行工具（grep、sed、awk）进行解析。请记住，DDOS 将生成数百万行日志。您可能需要对您的日志进行切片（尤其是关于 URI、时间、IP 和用户）以了解正在发生的事情，并且需要生成如下数据：

    • 正在访问哪些 URI
    • 哪些 URI 失败率很高（攻击者正在攻击的特定 URI 的可能指标）
    • 哪些用户正在访问该服务
    • 每个用户从多少个 IP 访问服务
    • 匿名用户访问哪些 URI
    • 给定服务使用了哪些参数
    • 审核特定用户操作

  • 记录每个请求的 IP 地址。不要反向 DNS - 具有讽刺意味的是，这样做的成本使攻击者更容易进行 DDOS

  • 记录整个 URI 和 HTTP 方法，例如“GET http://example.com/path/to/service?arg1=ddos”
  • 记录用户 ID（如果存在）
  • 记录重要的 HTTP 参数

• 合理的速率限制：您可以对给定 IP 或用户在给定时间段内可以发出的请求数量实施限制。合法客户每秒可以发出 10 个以上的请求吗？匿名用户可以访问昂贵的报告吗？

• 用于匿名访问的 CAPTCHA：为所有匿名请求实施 CAPTCHA，以验证用户是个人，而不是 DDOS 机器人。

What's the fastest and most common way to stop DDOS attacks?

阻止 DDOS 攻击的最快和最常见的方法是什么？

The fastest is probably to give in to the blackmail, although this might not be desirable.

最快的可能是向勒索让步，尽管这可能是不可取的。

Otherwise, the first thing you to do is contact your hosting and/or CDN provider and work with them (if they haven't contacted you already asking what the hell is going on...). When a DDOS occurs, it will likely collaterally affect other customers of the hosting provider, and the provider may be under considerable pressure to shut down your site simply to protect their resources. Be prepared to share your logs (any and all information) with the provider; these logs, combined with their network monitors, may together provide enough information to block/mitigate the attack.

否则，您要做的第一件事就是联系您的托管和/或 CDN 提供商并与他们合作（如果他们还没有联系您，已经询问到底发生了什么......）。当发生 DDOS 时，它可能会附带影响托管服务提供商的其他客户，并且提供商可能会承受相当大的压力，只是为了保护他们的资源而关闭您的站点。准备好与提供商共享您的日志（任何和所有信息）；这些日志与其网络监视器相结合，可以提供足够的信息来阻止/减轻攻击。

If you are expecting a DDOS, it's a very good idea to qualify your hosting provider on the level of protection they can provide. They should have DDOS experience and tools to mitigate it - understand their tools, processes and escalation procedures. Also ask about what support the hosting provider has from theirupstream providers. These services might mean more up-front or monthly cost, but treat this as an insurance policy.

如果您期待 DDOS，最好根据您的托管服务提供商可以提供的保护级别对其进行认证。他们应该拥有 DDOS 经验和缓解它的工具——了解他们的工具、流程和升级程序。还要询问托管服务提供商从其上游提供商那里获得了哪些支持。这些服务可能意味着更多的预付费用或每月费用，但请将其视为保险单。

While under attack, you will need to grab your logs and mine them - try and work out the pattern of the attack. You should consider switching off anonymous access and throttling the services under attack (i.e. decrease the application's rate limit for the service).

在受到攻击时，您需要获取日志并挖掘它们 - 尝试找出攻击模式。您应该考虑关闭匿名访问并限制受到攻击的服务（即降低应用程序对服务的速率限制）。

If lucky and you have a small, fixed customer-base, you might be able to determine your valid customers IP addresses. If this is the case, you might switch to a white-list approach for a short while. Make sure all your customers know this is going on so they can call if they need to access from a new IP :)

如果幸运，并且您有一个固定的小客户群，您也许能够确定您的有效客户 IP 地址。如果是这种情况，您可能会暂时切换到白名单方法。确保您的所有客户都知道这是怎么回事，这样他们就可以在需要从新 IP 访问时致电 :)

Doug McCleanhas some great advice at: https://stackoverflow.com/a/1029613/1395668

Doug McClean有一些很好的建议：https: //stackoverflow.com/a/1029613/1395668

According the PHP part of the question;

根据问题的PHP部分；

Although I don't rely on PHP for this, it could be implemented but needs to consider all these possiblities or more;

虽然我不依赖 PHP，但它可以实现但需要考虑所有这些可能性或更多；

1. Attacker may change IP for each request
2. Attacker may pass parameter(s) to URI that target site doesn't care these parameter(s)
3. Attacker may restart the session before expiry ...

1. 攻击者可能会为每个请求更改 IP
2. 攻击者可能将参数传递给目标站点不关心这些参数的 URI
3. 攻击者可能会在会话到期前重新启动...

Simple pseudo;

简单的伪；

<?php
// Assuming session is already started
$uri = md5($_SERVER['REQUEST_URI']);
$exp = 3; // 3 seconds
$hash = $uri .'|'. time();
if (!isset($_SESSION['ddos'])) {
    $_SESSION['ddos'] = $hash;
}

list($_uri, $_exp) = explode('|', $_SESSION['ddos']);
if ($_uri == $uri && time() - $_exp < $exp) {
    header('HTTP/1.1 503 Service Unavailable');
    // die('Easy!');
    die;
}

// Save last request
$_SESSION['ddos'] = $hash;
?>

The php level is too late in the request chain.

php 级别在请求链中为时已晚。

Putting your apache server behind an open source appliance may be a good option for you.

将您的 apache 服务器置于开源设备之后可能是您的一个不错选择。

http://tengine.taobao.org/has some documentation and source code more modules aimed at DDOS prevention. It is a expansion of nginx, so you can easily set it up as a reverse proxy for your apache instance.

http://tengine.taobao.org/有一些文档和源代码更多的模块旨在防止 DDOS。它是 nginx 的扩展，因此您可以轻松地将其设置为 apache 实例的反向代理。

See: http://blog.zhuzhaoyuan.com/2012/01/a-mechanism-to-help-write-web-application-firewalls-for-nginx/for how to fight collision has DoS attacks.

参见：http: //blog.zhuzhaoyuan.com/2012/01/a-mechanism-to-help-write-web-application-firewalls-for-nginx/如何对抗碰撞有 DoS 攻击。

Totally forgot too, http://www.cloudflare.comis one the top free web application firewall, they have free and paid plans and will save your ass from DDOS we use it for alot of our high traffic sites just for its caching capabilities. It is awsome!

也完全忘记了，http://www.cloudflare.com是顶级免费 Web 应用程序防火墙之一，他们有免费和付费计划，可以从 DDOS 中拯救您的屁股，我们将它用于我们的许多高流量站点，只是因为它的缓存功能. 真棒！

You can not do this in PHP level. DDOS is a kind of attack that send too many requests to your webserver. Your webserver will reject request before it call your PHP script.

您不能在 PHP 级别执行此操作。DDOS 是一种向您的网络服务器发送过多请求的攻击。您的网络服务器将在调用您的 PHP 脚本之前拒绝请求。

If you are using Apache, here is some tips from Apache: http://httpd.apache.org/docs/trunk/misc/security_tips.html

如果您使用的是 Apache，这里有一些来自 Apache 的提示：http: //httpd.apache.org/docs/trunk/misc/security_tips.html

DDoS is best handled by very expensive, purpose-built network appliances. Hosts are generally not good at doing DDoS protection because they are subject to relatively low performance, state exhaustion, limited bandwidth, etc. Use of iptables, apache mods, and similar services can help in some situations if you have no access to DDoS mitigation hardware or a DDoS mitigation service, but it is far from ideal and still leaves you at risk of attack.

DDoS 最好由非常昂贵的专用网络设备来处理。主机通常不擅长做 DDoS 保护，因为它们会受到性能相对较低、状态耗尽、带宽有限等的影响。 如果您无法访问 DDoS 缓解硬件，则在某些情况下使用 iptables、apache mods 和类似服务会有所帮助或 DDoS 缓解服务，但它远非理想，仍然让您面临被攻击的风险。

How about something like this on PHP side:

在 PHP 方面这样的事情怎么样：

//if user does not change IP, then ban the IP when more than 10 requests per second are detected in 1 second
$limitps = 10;
if (!isset($_SESSION['first_request'])){
    $_SESSION['requests'] = 0;
    $_SESSION['first_request'] = $_SERVER['REQUEST_TIME'];
}
$_SESSION['requests']++;
if ($_SESSION['requests']>=10 && strtotime($_SERVER['REQUEST_TIME'])-strtotime($_SESSION['first_request'])<=1){
    //write the IP to a banned_ips.log file and configure your server to retrieve the banned ips from there - now you will be handling this IP outside of PHP
    $_SESSION['banip']==1;
}elseif(strtotime($_SERVER['REQUEST_TIME'])-strtotime($_SESSION['first_request']) > 2){
    $_SESSION['requests'] = 0;
    $_SESSION['first_request'] = $_SERVER['REQUEST_TIME'];
}

if ($_SESSION['banip']==1) {
    header('HTTP/1.1 503 Service Unavailable');
    die;
}

There are plugins you can use in apache for ddos/dos. Good start here http://www.debianadmin.com/how-to-protect-apache-against-dosddos-or-brute-force-attacks.html

您可以在 apache 中为 ddos​​/dos 使用插件。好的开始 http://www.debianadmin.com/how-to-protect-apache-against-dosddos-or-brute-force-attacks.html

If you're on LEMP, you can check here. http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html

如果你在 LEMP，你可以在这里查看。 http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html

These are good inexpensive starting points.

这些都是很好的廉价起点。

Do NOTuse PHP-based protection, it's horrible and will hardly have an impact at all! Configure your webserver to rate-limit requests, for example in Nginx using the limit_req module (http://nginx.org/en/docs/http/ngx_http_limit_req_module.html)

千万不要使用基于PHP的保护，这是可怕的，几乎不会有根本影响！将您的网络服务器配置为对请求进行速率限制，例如在 Nginx 中使用 limit_req 模块 ( http://nginx.org/en/docs/http/ngx_http_limit_req_module.html)

Although, I would recommend using CloudFlare to combat layer-4 - however not layer-7 based attacks unless you're willing to pay.

虽然，我会建议使用 CloudFlare 来对抗第 4 层 - 但除非您愿意付费，否则不要使用基于第 7 层的攻击。

DDOS are generally blocked on a server level, Please enable DDOS protection in your Server Level. Please check the below notes for DDOS protections.

DDOS 通常在服务器级别被阻止，请在您的服务器级别启用 DDOS 保护。请查看以下 DDOS 保护的注意事项。

Apache HTTP Server configuration settings that can help prevent DDOS problems:

有助于防止 DDOS 问题的 Apache HTTP Server 配置设置：

The RequestReadTimeout directive allows to limit the time a client may take to send the request.

RequestReadTimeout 指令允许限制客户端发送请求所需的时间。

Allow 10 seconds to receive the request including the headers and 30 seconds for receiving the request body:

允许 10 秒接收包含标头的请求和 30 秒接收请求正文：

RequestReadTimeout header=10 body=30

Allow at least 10 seconds to receive the request body. If the client sends data, increase the timeout by 1 second for every 1000 bytes received, with no upper limit for the timeout (except for the limit given indirectly by LimitRequestBody):

等待至少 10 秒来接收请求正文。如果客户端发送数据，则每接收 1000 个字节将超时增加 1 秒，超时没有上限（除了 LimitRequestBody 间接给出的限制）：

RequestReadTimeout body=10,MinRate=1000

RequestReadTimeout header=10-30,MinRate=500
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500

The KeepAliveTimeout directive may be also lowered on sites that are subject to DoS attacks. Some sites even turn off the keepalives completely via KeepAlive, which has of course other drawbacks on performance. The values of various timeout-related directives provided by other modules should be checked.

在遭受 DoS 攻击的站点上，KeepAliveTimeout 指令也可能会降低。一些站点甚至通过 KeepAlive 完全关闭 keepalive，这当然在性能上还有其他缺点。应检查其他模块提供的各种与超时相关的指令的值。

The directives LimitRequestBody, LimitRequestFields, LimitRequestFieldSize, LimitRequestLine, and LimitXMLRequestBody should be carefully configured to limit resource consumption triggered by client input. Tune the MaxRequestWorkers directive to allow the server to handle the maximum number of simultaneous connections without running out of resources.

应仔细配置指令 LimitRequestBody、LimitRequestFields、LimitRequestFieldSize、LimitRequestLine 和 LimitXMLRequestBody，以限制由客户端输入触发的资源消耗。调整 MaxRequestWorkers 指令以允许服务器在不耗尽资源的情况下处理最大数量的同时连接。

Anti DDOSsteps:

防DDOS步骤：

• The very first important thing is to identify the ddos attack first. Identifying the ddos attack more early means more better for your server .
• Getting better bandwidth available for your server. Always keep more than enough bandwidth which is required to for your server. This won't prevent DDOS attack but it will take longer time. By which you will get some extra time to act.
• If you own your own web server then you can defend at network parameter by rate limit your router, add filters to drop packets to different sources of attacks, time out half opened connections more aggressively. Also set lower SYN, ICMP and UDP flood drop thresholds.
• If you don't have much idea about these things, then go and contact your hosting providers quickly. They can try their best prevent the DDOS attacks.
• There are also Special DDOS mitigation service provided by Cloudflareand many other companies. By which they can help you to prevent the DDOS attacks. Also many companies offer cheap ddos protectionand dos protection.

• 第一件重要的事情是首先识别 ddos​​ 攻击。更早地识别 ddos​​ 攻击意味着对您的服务器更好。
• 为您的服务器获得更好的带宽。始终保持服务器所需的足够带宽。这不会阻止 DDOS 攻击，但需要更长的时间。通过它，您将获得一些额外的时间来采取行动。
• 如果您拥有自己的 Web 服务器，那么您可以通过限制路由器的速率来保护网络参数，添加过滤器以将数据包丢弃到不同的攻击源，更积极地超时一半打开的连接。还要设置较低的 SYN、ICMP 和 UDP 洪泛丢弃阈值。
• 如果您对这些事情不太了解，那么请尽快联系您的托管服务提供商。他们可以尽最大努力阻止 DDOS 攻击。
• 还有Cloudflare和许多其他公司提供的特殊 DDOS 缓解服务。他们可以帮助您防止 DDOS 攻击。许多公司也提供廉价的ddos 保护和dos 保护。