Short bio: Computer Scientist, FOSS supporter (read more)
Tux Machines (TM)-specific
Well first off this will only stop http or connect floods if you are having a real ddos problem you should be on a protected network otherwise there isnt much you can do server level if the attacks are pretty big. Using this method in combination with a protected network is the best way to go if you are having dos problems or host sites that do.
If you dont have CSF you can get it at www.configserver.com
This is real handy if your server is lagging badly, In some cases you have to tune down the connection limit to around 30 or less, depends how many ips hitting, etc; What this does is it kills apache, lowers the connection limit in csf.conf and restarts everything. When it does and lfd daemon runs again it will ban all of the ips with so many connections.
cp /etc/csf/csf.conf /etc/csf/csf.conf2
nano -w /etc/csf/csf.conf2
ctrl+w search for tracking, will be the second result. Turn your connection level to where you want it to be. Usually 30 gets the job done. You can always change it to suit the situation
nano -w /usr/bin/dos
killall httpd ; cp -R /etc/csf/csf.conf /etc/csf/csf.conf1 ; cp -R /etc/csf/csf.conf2 /etc/csf/csf.conf ; csf -r ; service httpd restart
here is shortcut script to turn your connection limit back to normal
nano -w /usr/bin/dosoff
cp -R /etc/csf/csf.conf1 /etc/csf/csf.conf ; csf -r
chmod 700 /usr/bin/dos /usr/bin/dosoff
Now you can go in your server and quickly fight it.
Just enter dos in your terminal to start it. And dosoff to set back to normal. Hope this can help someone