Now this site is free from small DoS attack. I use iptables, evasive and some other techs to protect this site. Though any site with SSL and no good CPU has to suffer from RSA handshake, but iptables will kill DoS conns before it. So I think any DoS attacker with only one ip cannot do anything to it now. Cheers!