How to block strange massive traffic flooding the website
Hy guys, i had a couple of problems in the last few days with some strange traffic, never seen before witch makes massive traffic to the website and eating the entire dedicated server resources.
We use CSF and some mod_security Rules we even turned on the OWASP ModSecurity Core Rule Set but still hiting the website.
Dose anyone got any ideas how to block this sort of traffic ?
-
The access logs (ls /home/username/access-logs/) can show You user agent of these visits. If the user agent is common, what about using mod security or other method to block such visits. Also try to google: zbblock zaphod it can be also effective Third thing is to try to use Cloudflare as a front end to your site Fourt thing is to optimise your page so it is served from cache so it do not connect mysql every visit -- i might be wrong, just ideas 0 -
Hello, You could also try using the advice or configuration settings offered in the following threads: ddos protection linux cloud server.. Prevent DDOS attack by CSF firewall There's also a third-party URL here discussing options with CSF: Basic DoS/DDoS Mitigation with the CSF Firewall " Liquid Web Knowledge Base Thank you. 0 -
Yeah we need actual access logs as mentioned by @postcd . For example if all these requests to / are POST and not GET, that's quite easy to filter with a ModSecurity rule. Or like he mentioned you may get lucky with a clearly bad user agent you can block. 0 -
Hy guys, the think is i dont understand why there is no acces_log, about user agent in cPanel was complet nothink just what you see on the picture, nu user agent, no nothink, just the ips, path /, and the 234 0 -
Hy guys, the think is i dont understand why there is no acces_log, about user agent in cPanel was complet nothink just what you see on the picture, nu user agent, no nothink, just the ips, path /, and the 234
Hello, Do you notice the same thing when reviewing the domain access logs for the domain name under the /usr/local/apache/domlogs/ directory? Thank you.0 -
Hy guys, now again, on another website access_logs 0 -
Hy guys, now again, on another website
Could you verify if you were able to review the actual access logs referenced in the previous posts to this thread? Thank you.0 -
I fix it now :D i made a protection fully worked i can see on the mod_sec getting massive traffic from proxys from aroung 500k and the website and server dosent even feel, is fully worked :D thank you 0 -
I'm happy to see you were able to address the issue. Thank you for updating us with the outcome. 0 -
could you please provide steps for solving the problem, because i am having the same problem. Please help, thank you I fix it now :D i made a protection fully worked i can see on the mod_sec getting massive traffic from proxys from aroung 500k and the website and server dosent even feel, is fully worked :D thank you
could you please provide steps for solving the problem, because i am having the same problem. Please help, thank you0
Please sign in to leave a comment.
Comments
10 comments