Continue – 2 years later. Sorry for the delay.
Yes. this is a very interesting topic that might even deserves its own post.
Among other things you need to restrict number of simultaneous sessions for MySQL. This can be done by adding lines to your httpd.conf. That way, if you are under denial-of-service attack, your MySQL server will sit tight, limit new sessions and do not crash.
<IfModule mpm_prefork_module>
ServerLimit xxx
StartServers xxx
MinSpareServers xxx
MaxSpareServers xxx
MaxClients xxx
MaxRequestsPerChild xxx
</IfModule>At the same time, you need to enable SWAP file to extend your virtual memory. You can use recently updated documentation from Amazon:
SWAP to a separate partition:
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-memory-partition-hard-drive/
SWAP to a root file:
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-memory-swap-file/
A word of advise
BLOCK size
When creating a SWAP file, create a lot of blocks of small size (512, 1024 or 2048). That way a lot of attackers and legitimate web sessions can get their small chunk of memory.
SWAP size
Also, set the SWAP size conservatively. If you only doing SWAP to accommodate spammers, let them sit and wait. Another matter, when your legitimate customers can’t get through. In that case, you need a whole different set of measures to prevent too many connections from a single IP address.