There are some protections that can and should be added to any php code to protect your site. Lets face it if your running a tracker you will piss someone off and they will throw a tiny ddos at you. One of the reason I am out of trackers is the petty little wars that go with them.
Lets face it the entire tracker system would be a lot further advanced if we didn't have to sit around trying to make our code secure from some ass hat that thinks he is God's gift to code because he watched a youtube video on how to hack tbdev to pieces.
The simple fact is that unless your on a dedicated box, you should simply demand from your provider a firewall. Be cause if you don't piss someone off its a safe bet that someone on the same box your sharing with will. And if your hosting a tracker because they allow it, then really you have to ask yourself how many other trackers are on that same box, and who have they pissed off recently to deal with a ddos, even if its not aimed at you if they can manage to put together a crude botnet the box will go down and you with it even if its not aimed at you. These are the simple facts that rule this world. Now for added fun lets not forget that a lot of private and even public trackers run an irc along side of their site and we all know that irc never gets attacked...yea right and Obama is going to save us all.
Plain and simple if you don't have a firewall in your code add it, there is a pretty good one listed in these forums with instructions on how to add it to the site. I have tested it, it works for the lighter stuff aimed at your site. If the n00b on the box with you isn't protected and pisses someone off then the whole box will go down, plain and simple. For that reason if your hosting company is not providing any protection then either your the first tracker they ever hosted, or they live in a dream world where we all pick flowers and watch puppies and butterflies.
Anyhow the link for the firewall for your site is
http://www.php-firewall.info/
I have used it on tsse it works and even held up to a 5 botnet attack for simple ddos, also prevented sql injection attempts, as I may have mentioned if you don't got it, then get it, its free it works and its way cheap insurance for a tracker. As far as host not providing firewalls, they shouldd not only provide software protection for their box, but should have hardware firewalls as well. There are other steps you can take as well for software firewalls, but to be honest with you if the host isn't willing to protect his ass you know he cares less then crap about yours.
Since I have gotten away from trackers I still install a software that not only protects my sites, but it emails me the attempts and automatically blocks the ip, so far since these children don't have the stones to use there real ip, they have to hide behind proxies beccause they think that a 25 hop ddos from Mom's laptop is going to take out a site because they got their mate 2 blocks away doing the same thing. But do not fool yourself I have seen some botnet attacks in my day that would take any site down, and it is the natural progression for site woners to become server host, hosting companies and in many cases server owners....now think of the attack they can mount. I am not trying to alarm anyone but simply put this whole tracker torrent world is made up of coders, hackers, and people with more bandwidth then respect. SO you do what you have to to protect your self, because you never know when someone will flip out over a bad ratio from his H&R's and try to take you out.