Securing against DDoS [duplicate]

None of those will really protect from DDoS attacks. The point of a DDoS is to use up so much of the targets bandwidth that no legitimate traffic can get through.

Having a captcha or something will protect from bots, but thats about it.

The only way to mitigate (but not solve) the risk of DDoS attacks is to get more bandwidth and failover agreements with other hosting providers.

There is nothing to prevent DDoS attacks, there is no single tool to mitigate them, you can only raise the bar, having a good firewall and some thresholds (automatic rejects, even banning) for accessing the different services/pages if you know the average use of the site

Squid can help with slashdotting. It will help your system handle large volumes of identical requests without pounding the hardware so hard. http://en.wikipedia.org/wiki/Squid_(software)

This guy has a way to help with application code. Not sure if it works for your language of choice, but the idea is good. Nothing is capable of stopping all attacks, but you can try to make it difficult for them =)

You can install mod_evasive if you are using Apache - a short description can be found here: http://www.think-security.com/protect-your-apache-web-server-with-mod_evasive/

A good relationship with your bandwidth provider is about the only thing that can help you mitigate a DDoS attack. The reason being that once the traffic hits your wire, it is effectively taking up bandwidth, so there's nothing you can put on your side that will help. Being able to work with your ISP to filter out DDoS traffic before it comes down the wire at you is both the only way to keep the traffic off of your circuit as well as the best way to escalate the issue (the ISP will likely try to filter the traffic coming into their network as well). Your ISP will be considerably more effective if other ISPs need to be contacted to shut down bot hosts...