[AusNOG] DDOS mitigation
Joseph Goldman
joe at apcs.com.au
Sun May 12 17:39:45 EST 2013
Going heavily off-topic here, however I'd like to chime in.
I agree that PHP has its many pitfalls, hell I use it every day and
experience them. However, like any tool, it can be used properly and
have a high measure of success. It supports modern OOP syntax/structure,
and is quick to develop on when working with web applications.
It does definitely have it's limitations. Once a project is big enough
I would prefer to work in something a bit more robust such as a .net
application (however I hate windows servers), or even Java web apps (JSP
for UI + compiled EJB's for business logic) or even perhaps something
like HipHop or a solid C++ based business logic interface and only use
simple language like PHP for frontend. Setting these up tend to slow
development a bit further and cost a bit more in time managing
glassfish/JBoss/Tomcat over Apache in my previous experience, hence PHP
being the easier choice at the beginning.
As for pre-made CMS' and the like, I find most of which cause you
headaches are poorly formed or written plugins built by someone who
barely hacked it together to get functionality.
/2c
On 12/05/13 15:51, Heinz N wrote:
> That is a very good question. Sorry, I wish there was a practical
> solution. There will HAVE to be a solution at some stage as DCs cannot
> continue to wear the ludicrous CPU demands of PHP forever, and the
> network traffic of all those BOTs will clog everything up.
>
> To mitigate the completely ridiculous CPU needed, I have been
> searching for a PHP compiler, but have had no such luck as yet. PHP is
> NOT a serious programming or even scripting language as the syntax
> changes from version to version! It is some stupid toy that was free
> way-back-when and everyone now supports it.
>
> For larger database clients I have developed a general purpose C++
> based middleware engine that understands WWW, SQL, security, low
> network bandwidth and how to marry all of that together and is also
> very fast. However, as there is no provisioning tool (it is currently
> done manually), it is a pain to set up. So, I suppose I have done the
> "design it yourself" thing as there hasn't been anything decent around
> for the last 13 years with security designed right into the base of it
> right from the start.
>
> Regards,
> Heinz N
>
> On Sun, 12 May 2013, James Hodgkinson wrote:
>
>> On this topic, is there a good non-PHP alternative that I can hand to
>> people
>> that Just Works? Every time I've asked this question I've been told
>> Jekyll/build-your-own-in-django etc, which is not a solution.
>> James
>>
>>
>> On 12 May 2013 13:29, Heinz N <ausnog at equisoft.com.au> wrote:
>> +1
>>
>> I have LOTS of attempts on the Mambo, Joomla & Wordpress sites
>> that I host. They spray the Administrator pages with login
>> attempts. It is damn annoying as it fills the logs up too!
>> Please, please everyone set a directory password on all
>> administrator directories (as well a secure admin login
>> password).
>> See :
>> http://www.thesitewizard.com/apache/password-protect-directory.shtml
>> to set a directory password. It is easy to do! I HATE PHP with a
>> vengence!!! It is 10X slower than a compiled application: it is
>> easy to see if they are trying to exploit you, just look at the
>> massive spike in CPU on the servers!. It seems that I am reading
>> about a new PHP exploit every few weeks. It is so easy to
>> mis-configure the stupid thing as well. </rant>
>>
>> Regards,
>> Heinz N
>>
>>
>> On Sun, 12 May 2013, Zone Networks - Joel wrote:
>>
>> Its all those damn Joomla/Wordpress websites that
>> have been compromised and
>> I don't see it stopping either, since they are
>> millions of these websites
>> that wont get patched/upgraded until its exploited.
>>
>> -----Original Message-----
>> From: ausnog-bounces at lists.ausnog.net
>> [mailto:ausnog-bounces at lists.ausnog.net] On Behalf
>> Of Dobbins, Roland
>> Sent: Sunday, 12 May 2013 12:58 PM
>> To: ausnog at lists.ausnog.net
>> Subject: Re: [AusNOG] DDOS mitigation
>>
>>
>> On May 12, 2013, at 7:15 AM, Joshua D'Alton wrote:
>>
>> and this is why it falls back on the
>> originating networks to fix their
>>
>> problems ie udp spoof so that they arent sending so
>> much traffic in the
>> first place.
>>
>> FYI, the ongoing attack campaign against US
>> financial institutions regularly
>> hits ~35gb/sec - ~70gb/sec, non-spoofed.
>>
>> -----------------------------------------------------------------------
>> Roland Dobbins <rdobbins at arbor.net> //
>> <http://www.arbornetworks.com>
>>
>> Luck is the residue of opportunity and
>> design.
>>
>> -- John Milton
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>
>>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130512/837d505b/attachment.html>
More information about the AusNOG
mailing list