Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OMG DDoS - Drupal lessons learned the hard way

David Stoline
July 28, 2012
Technology
3
730

OMG DDoS - Drupal lessons learned the hard way

A distributed denial of service attack can be a painful and costly thing these days. With #hacktivism on the rise who knows when and if your Drupal site could soon be a target.

This talk was given at Capital Camp July 28, 1:00 - 1:45 PM in room 310 of the Marvin Center at George Washington University.

See full video at http://www.youtube.com/watch?v=qGdtF7zvLaM

David Stoline

July 28, 2012
Tweet

More Decks by David Stoline

See All by David Stoline
Demystifying deployment workflows
dstol
0
29
Testing with Robots
dstol
0
56

Other Decks in Technology

See All in Technology
クラウドサインにおけるプロダクトマネージャーの役割と開発プロセス / 20240410_cloudsign-PdM
bengo4com
1
670
LLM とプロンプトエンジニアリング/チューターをビルドする / LLM and Prompt Engineering and Building Tutors
ks91
PRO
0
210
NLP2024 参加報告LT ~RAGの生成評価と懇親戦略~ / nlp2024_attendee_presentation_LT_masuda
taro_masuda
1
190
Hands-on / Kaname Frusawa / Cloud Compare Users Meetup 2024 at University of Tokyo on April 17
paraworld
2
470
Apple Vision Pro trial session
akkeylab
0
120
OpenTelemetry を使ったトレースエグザンプラーの活用 / otel-trace-exemplar
k6s4i53rx
2
630
マルチアカウント環境への発見的統制の導入
ch1aki
1
1.3k
The CloudCompare project by Dr. Daniel Girardeau-Montaut
kentaitakura
0
500
Tableau事例紹介 / Tableau Case Study of Eureka
kazuya_araki_tokyo
1
170
最近たまに見かけるTiDBってなんだ? - Findy
pingcap0315
2
380
少数チームで挑む: SwiftUI, TCA, KMPを用いた 新規動画配信アプリ 「ABEMA Live」の開発について
tomu28
0
520
Four keys改善の取り組み事例紹介
sansantech
PRO
2
230

Featured

See All Featured
Making the Leap to Tech Lead
cromwellryan
123
8.5k
The Art of Programming - Codeland 2020
erikaheidi
41
12k
The Cult of Friendly URLs
andyhume
73
5.7k
Building a Scalable Design System with Sketch
lauravandoore
455
32k
Art, The Web, and Tiny UX
lynnandtonic
288
19k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
Navigating Team Friction
lara
177
13k
GraphQLとの向き合い方2022年版
quramy
30
12k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
185
16k
The Brand Is Dead. Long Live the Brand.
mthomps
48
28k
How GitHub (no longer) Works
holman
304
140k
Debugging Ruby Performance
tmm1
69
11k

Transcript

  1. DDoS OMG!

  2. David Stoline @unncola

  3. How many of you have experienced a DDoS?

  4. Assholes

  5. #opmegaupload #opsomething #opsomethingelse #hashtag! #opcannabis #opdefense

  6. Source: http://www.whatwouldmarksonnabaumdo.com/

  7. QUICKLY!

  8. But ideally,

  9. BEFOREHAND!

  10. Have a plan!

  11. Can we provision N more servers? Can we afford to

    be be down? How quickly can we block them? Should we even block them? Can we find the attack on Twitter, Facebook or IRC? What type of server do we need? Can the site be down for an hour? How do you even block an attack? Is the attack just an annoyance? Lurk in their chatrooms! Who do we notify when the site is under attack? Our bosses? Police, FBI, NSA, CIA?

  12. Log analysis

  13. Splunk * uber expensive** ** worth every penny *

  14. Logstash GreyLog2 DIY Google Analytics Real-time Hadoop beta Flume Loggly

  15. “Humans are notoriously bad at recognizing patterns” --me, just now

  16. None

  17. Patterns!

  18. None

  19. Tools of their trade

  20. Low Orbit Ion Cannon

  21. Low Orbit Ion Cannon Lite

  22. High Orbit Ion Cannon

  23. ab, curl, jmeter, seige...

  24. Tools of our trade

  25. mod_security

  26. mod_evasive

  27. Splunk or similar

  28. I really wish Nginx had these tools

  29. Drupal & you!

  30. None
  31. None

  32. Narrow ‘em down hook_form_alter();

  33. Better, but why?

  34. Your CDN

  35. You have one right?

  36. Offload, offload, offload!

  37. David Stoline @unncola Thanks! Questions?