Level 1
Really no one?
Not even any good ideas how to improve for example admin loginpages?
Jun 12, 2015
10
Level 1
Question & Request: Security (DDoS Protection + How to detect attacks)
I have a question and video request at the same time :-)
The question is: What are good ways to protect my Laravel/Lumen website against DDoS attacks?
And what can I do to detect them? I mean, do you apply any sort of logging for you loginforms?
It would be great if you could help me with this topic or even a small series from Jeffrey would be cool, I bet he has implemented some cool security features for laracasts.
Level 65
If I saw this post earlier I would of replied.
For DDoS protection I use OVH https://www.ovh.co.uk/anti-ddos but for any thing form/spam based, you will have to handle that on a firewall extra or configure something yourself. Those are called Layer 4 and Layer 7 attacks. You can limit login amounts to stop it hitting your database as much (depending how you do it) but it's a big subject to discuss without knowing what types.
Level 14
I've no idea if this fits your requirements but CloudFlare offer some level of DDoS protection. https://www.cloudflare.com/ddos
3 likes
Level 65
@robgeorgeuk Ah forgot to mention that as well, I use it on all my domains and it's great! Free CDN, SSL and cache settings + much more :)
Level 2
As above, The first rule of DDoS is avoid DDoS and secondly do nothing to attract a DDoS ;-) Basically it's a 'wrecking ball' and best avoided. This is not a Laravel or app specific issue per se. Vectors on DDoS are classified in succinct categories. If you look to a Google search on the keywords 'DDoS Mitigation' this should give you some scope on the issue. Yep, I can recommend CloudFlare.
Level 65
Layer 4 and 7 are the hardest to stop. CloudFlare has a JS cookie thing that does some checks on the browser used etc before passing the request to your server. Thus disallowing bots from visiting (Google etc not affected)
1 like
Level 2
@bashy Aye, Layer 7 that is indeed tricky sir. I usually duck and batten down the hatches ;-)
Level 2
I have a Laravel application under a DDoS/Brute Force attack (organized against my company) right now. DDoS can be protected against with a third party name server, such as Cloudflare. I've been using it for a few months now, and it works perfectly. It has a free option, but I've been liking it so much I might look into one of their paid options.
Level 65
@Kirkland Pretty good year bump with no extra info :+1:
Level 1
DDoS botnets can send 200+ gigs a second. The only thing that can stop that is more bandwidth.
For general IP security, make sure you have something like iptables or firewalld running on your server and properly setup. Fail2ban works great and will automatically blacklist IP addresses doing bad stuff. Monitor your server's cpu/network/disk usage.
Please or to participate in this conversation.