Tips on How to Stop or Slow Down a DDoS Attack
Lighten your pages
The most obvious thing to do is to make your site's pages lighter, if you have some heavy pictures displayed & other content that is not vital for the site (in your sidebars maybe), it's better to remove them temporarily.
Remove, change the targeted page or direct users from it
Note: This & the following tips rely on data you gather from your server logs or a visitors tracker installed on your pages like StatCounter.
The DDoSer will probably use 1000s of Botnets to access your homepage & load it like crazy.
In this case the best way to bypass the attack is to direct the bots from the struck page to a 1 pixel image or a very light page containing some short message for the real visitors with a link to a valid page. It may be annoying to sacrifice a key page on the site, but it's better than to have all the site down or very hard to access. If your main page is a PHP file (most likely index.php) you can add the following line (highlighted with red) to it after putting the original lines between /* & */ to deactivate them
header( 'Location: http://somesite.com/redirected.htm' ) ;
usual content of the file
If possible you could also keep the targeted page but remove all unnecessary texts, scripts & images.
Ban IE6 browser users!
It seems Internet Explorer is the most homey environment for Botnets, especially IE6. In my experience I noticed that +50% of the evil bots run on IE6, which means that by just redirecting its users you'd evacuate half of the DDoS strength!
Of course some of your real visitors may use IE6 (probably 20%?) but remember that this is an emergency solution. Personally I'd prefer to even direct IE7 & IE8 users to a page inviting them to download Firefox! Below is the PHP code to redirect IE6 browser (the red part)
if (strpos($ua,'MSIE') != false && strpos($ua,'Opera') === false)
if (strpos($ua,'Windows NT 5.2') != false)
if(strpos($ua,'.NET CLR') === false) return;
if (substr($ua,strpos($ua,'MSIE')+5,1) < 7)
any remaining codes
More about the code above Here.
Ban some IPs / Countries
Check your logs to see what IPs are attacking you, check also the countries they belong to. It's difficult to ban them all, but you can ban ranges of IPs. If you see a lot of them coming from a country that doesn't send you much visitors usually & that probably doesn't even speak your site's language, you could ban that whole country (temporarily of course).
Your .htaccess file allows you to ban IPs. You'd have it in the root of your website, create it if you don't. In the end of it add lines like these:
deny from 172.16.160.15
deny from 172.16.209.
allow from all
deny from 172.16.160.15 will deny only one IP.
deny from 172.16.209. will deny a range of IPs, all those starting with 172.16.209.
To ban more IPs & ranges add more lines before the allow from all line. (Banning ranges should be with moderation, it can be worse than the DDoS!)