Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OMG DDoS - Drupal lessons learned the hard way

OMG DDoS - Drupal lessons learned the hard way

A distributed denial of service attack can be a painful and costly thing these days. With #hacktivism on the rise who knows when and if your Drupal site could soon be a target.

This talk was given at Capital Camp July 28, 1:00 - 1:45 PM in room 310 of the Marvin Center at George Washington University.

See full video at http://www.youtube.com/watch?v=qGdtF7zvLaM

2abdbe3d907c53df73ca40c46baa2f85?s=128

David Stoline

July 28, 2012
Tweet

Transcript

  1. DDoS OMG!

  2. David Stoline @unncola

  3. How many of you have experienced a DDoS?

  4. Assholes

  5. #opmegaupload #opsomething #opsomethingelse #hashtag! #opcannabis #opdefense

  6. Source: http://www.whatwouldmarksonnabaumdo.com/

  7. QUICKLY!

  8. But ideally,

  9. BEFOREHAND!

  10. Have a plan!

  11. Can we provision N more servers? Can we afford to

    be be down? How quickly can we block them? Should we even block them? Can we find the attack on Twitter, Facebook or IRC? What type of server do we need? Can the site be down for an hour? How do you even block an attack? Is the attack just an annoyance? Lurk in their chatrooms! Who do we notify when the site is under attack? Our bosses? Police, FBI, NSA, CIA?
  12. Log analysis

  13. Splunk * uber expensive** ** worth every penny *

  14. Logstash GreyLog2 DIY Google Analytics Real-time Hadoop beta Flume Loggly

  15. “Humans are notoriously bad at recognizing patterns” --me, just now

  16. None
  17. Patterns!

  18. None
  19. Tools of their trade

  20. Low Orbit Ion Cannon

  21. Low Orbit Ion Cannon Lite

  22. High Orbit Ion Cannon

  23. ab, curl, jmeter, seige...

  24. Tools of our trade

  25. mod_security

  26. mod_evasive

  27. Splunk or similar

  28. I really wish Nginx had these tools

  29. Drupal & you!

  30. None
  31. None
  32. Narrow ‘em down hook_form_alter();

  33. Better, but why?

  34. Your CDN

  35. You have one right?

  36. Offload, offload, offload!

  37. David Stoline @unncola Thanks! Questions?