How do you mitigate Apache DDoS on one domain index page?

postcd

• October 29, 2016 07:38

Hello, many IPs visitting one hosted domain index page (/) So it is ddos to bring down Apache i think. It seems to be too many subnets from all around the world, from random ports. Without ipset i may block something. But what do you do when you have this kind of attack? When i suspended account, load went from 190.00 to 2.40 which is 1.00 above average. There was still around 5000 connections on port 80. So which steps to do to unsuspend target cpanel and be able to handle attack? suspend: /scripts/suspendacct cpanelusername unsuspend: /scripts/unsuspendacct cpanelusername To get possible bad IPs, i did: cat /usr/local/apache/domlogs/TARGETCPUSER/TARGETDOMAIN.TLD|awk '{print $1}' | sort -nk1 | uniq -c | sort -nk1 > /home/MYCPANEL/www/ips.txt (first row are number of occurrences in access log, second is IP) PS: is there any command or tool that i can use to gather undeniable proof of the DDoS needed for IP owners to suspend services on that IP/s?

• 

  cPanelMichael

  • October 31, 2016 19:35

  Hello, Do you use CSF? If so, you could try using the advice or configuration settings offered in the following threads: ddos protection linux cloud server.. Prevent DDOS attack by CSF firewall There's also a third-party URL here discussing options with CSF: Basic DoS/DDoS Mitigation with the CSF Firewall " Liquid Web Knowledge Base Thank you.

  0

Please sign in to leave a comment.