I'm finishing up a PHP app that could be a target for DoS/DDoS attacks and spam. Having never dealt too much with that kind of thing on a practical level, I just wanted to throw an idea out there. At the very beginning of my
script I do a check of the user's IP (using $_SERVER['REMOTE_ADDR'] - I'm aware that this could be a proxy's IP) and compare it with a database of IP-tally pairings. If an IP logs in, the tally gets set to -1 and stays there.
Otherwise, every hit of the page from that IP increases their tally. When they reach a threshold (say, 10), the script just die()'s and doesn't go any further. I plan to do an automatic reset of that table maybe twice a day..
Do you think this will do any good against a DDoS attack? I did some searching around on how to protect a site against them, and it seems that most of the tips are related to network infrastructure - the highest level tip
was for server config settings. I didn't see anything about having low-bandwidth pages or cut-off mechanisms like this..