[AusNOG] DDOS mitigation

Joseph Goldman joe at apcs.com.au
Sun May 12 17:39:45 EST 2013


Going heavily off-topic here, however I'd like to chime in.

  I agree that PHP has its many pitfalls, hell I use it every day and 
experience them. However, like any tool, it can be used properly and 
have a high measure of success. It supports modern OOP syntax/structure, 
and is quick to develop on when working with web applications.

  It does definitely have it's limitations. Once a project is big enough 
I would prefer to work in something a bit more robust such as a .net 
application (however I hate windows servers), or even Java web apps (JSP 
for UI + compiled EJB's for business logic) or even perhaps something 
like HipHop or a solid C++ based business logic interface and only use 
simple language like PHP for frontend. Setting these up tend to slow 
development a bit further and cost a bit more in time managing 
glassfish/JBoss/Tomcat over Apache in my previous experience, hence PHP 
being the easier choice at the beginning.

  As for pre-made CMS' and the like, I find most of which cause you 
headaches are poorly formed or written plugins built by someone who 
barely hacked it together to get functionality.

/2c


On 12/05/13 15:51, Heinz N wrote:
> That is a very good question. Sorry, I wish there was a practical 
> solution. There will HAVE to be a solution at some stage as DCs cannot 
> continue to wear the ludicrous CPU demands of PHP forever, and the 
> network traffic of all those BOTs will clog everything up.
>
> To mitigate the completely ridiculous CPU needed, I have been 
> searching for a PHP compiler, but have had no such luck as yet. PHP is 
> NOT a serious programming or even scripting language as the syntax 
> changes from version to version! It is some stupid toy that was free 
> way-back-when and everyone now supports it.
>
> For larger database clients I have developed a general purpose C++ 
> based middleware engine that understands WWW, SQL, security, low 
> network bandwidth and how to marry all of that together and is also 
> very fast. However, as there is no provisioning tool (it is currently 
> done manually), it is a pain to set up. So, I suppose I have done the 
> "design it yourself" thing as there hasn't been anything decent around 
> for the last 13 years with security designed right into the base of it 
> right from the start.
>
> Regards,
> Heinz N
>
> On Sun, 12 May 2013, James Hodgkinson wrote:
>
>> On this topic, is there a good non-PHP alternative that I can hand to 
>> people
>> that Just Works? Every time I've asked this question I've been told
>> Jekyll/build-your-own-in-django etc, which is not a solution.
>> James
>>
>>
>> On 12 May 2013 13:29, Heinz N <ausnog at equisoft.com.au> wrote:
>>       +1
>>
>>       I have LOTS of attempts on the Mambo, Joomla & Wordpress sites
>>       that I host. They spray the Administrator pages with login
>>       attempts. It is damn annoying as it fills the logs up too!
>>       Please, please everyone set a directory password on all
>>       administrator directories (as well a secure admin login
>>       password).
>>       See :
>> http://www.thesitewizard.com/apache/password-protect-directory.shtml
>>       to set a directory password. It is easy to do! I HATE PHP with a
>>       vengence!!! It is 10X slower than a compiled application: it is
>>       easy to see if they are trying to exploit you, just look at the
>>       massive spike in CPU on the servers!. It seems that I am reading
>>       about a new PHP exploit every few weeks. It is so easy to
>>       mis-configure the stupid thing as well. </rant>
>>
>>       Regards,
>>       Heinz N
>>
>>
>>       On Sun, 12 May 2013, Zone Networks - Joel wrote:
>>
>>             Its all those damn Joomla/Wordpress websites that
>>             have been compromised and
>>             I don't see it stopping either, since they are
>>             millions of these websites
>>             that wont get patched/upgraded until its exploited.
>>
>>             -----Original Message-----
>>             From: ausnog-bounces at lists.ausnog.net
>>             [mailto:ausnog-bounces at lists.ausnog.net] On Behalf
>>             Of Dobbins, Roland
>>             Sent: Sunday, 12 May 2013 12:58 PM
>>             To: ausnog at lists.ausnog.net
>>             Subject: Re: [AusNOG] DDOS mitigation
>>
>>
>>             On May 12, 2013, at 7:15 AM, Joshua D'Alton wrote:
>>
>>                   and this is why it falls back on the
>>                   originating networks to fix their
>>
>>             problems ie udp spoof so that they arent sending so
>>             much traffic in the
>>             first place.
>>
>>             FYI, the ongoing attack campaign against US
>>             financial institutions regularly
>>             hits ~35gb/sec - ~70gb/sec, non-spoofed.
>>
>> -----------------------------------------------------------------------
>>             Roland Dobbins <rdobbins at arbor.net> //
>>             <http://www.arbornetworks.com>
>>
>>                       Luck is the residue of opportunity and
>>             design.
>>
>>                                    -- John Milton
>>
>>             _______________________________________________
>>             AusNOG mailing list
>>             AusNOG at lists.ausnog.net
>>             http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>             _______________________________________________
>>             AusNOG mailing list
>>             AusNOG at lists.ausnog.net
>>             http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>       _______________________________________________
>>       AusNOG mailing list
>>       AusNOG at lists.ausnog.net
>>       http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>
>>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130512/837d505b/attachment.html>


More information about the AusNOG mailing list