I'm having big problems with flooding/DDOS attacks against Apache. It's a big hassle and a big problem. I don't want to watch the logs all day and pick out nasty IP addresses for iptables to block. So what kind of protection can I get? Thanks
Although I have no experience with DDoS attacks, could you not write a script which runs through your logs and adds any that make x number of requests in n minutes, then run it as a cron job? I never understood why somebody doesn't make a program to block anybody who requests more than say 100 resources in 1 minute, for say 5 minutes. Then run as a cron job every 5 minutes. This seems like it would mitigate a lot of damage caused by DDoS attacks.
There already are such programs such as this . The company in the link has a very advanced Linux-based DDoS protection solution.
You can try this tutorial http://longvnit.com/blog/?p=604 or http://www.webhostingtalk.com/showthread.php?t=355411
