Ok, I have searched, I have tried all kinds of different things but I cannot prevent a simple lil socket flood on my debian server. I installed mod-evasive, didnt work. Installed apf and enabled the dos protection didnt work, seems to block syn floods only.
I am using apache 2 and now I wish I didnt go debian because the mod config is all different.
Does anyone know how I can simply prevent a user from connection over 35 socks to my server at a time? Or know of a way to run a cron to check netstat for an ip thats on there too much and write it to iptables. I have seen the netstat cron done before but never was able to get ahold of the script.
Im not having a problem with dos now but Im doing hosting and I know I will run into it sooner or later, Please help
Thanks

Have a look at Netfilter's iptables modules like limit, hashlimit or IP sets if there's something in it for you. Note the last two probably need a kernel and iptables rebuild because of their Patch-O-Matic status.