Today suddenly one of my servers started to alarm from nothing, the database went down and Apache started to fork like crazy. All was chaos in minutes! After looking at what was happening I found that there was a DDoS against one of my websites hosted on that server.
The problem was that Joomla was configured to show the default web page if a 404 answer was sent. This is a good technique if you are looking forward to enhancing the user experience, but in this case, it fired back. Each time the default page was shown, Joomla generated the subsequent SQL queries. And in a massive load, this drives to run out of memory.
In this case, this DDoS was trying to look for the administrator logging in a blindly way. It was adding /administrator/ to all URLs. I figure out a solution by editing my .htaccess file. Here is how I did it.
Edit your .htaccess file and add the following lines:
RewriteCond %{REQUEST_URI} .+/administrator/
RewriteCond %{REQUEST_URI} !^/administrator/
RewriteRule .* index.php [F]
This will tell Apache to send a 403 (forbidden) answer to all URLs that end with /administrator/ but the correct one. You can modify these lines to fit other needs.
Enjoy!