View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions DDOS or bad robot problem
Log in to Ask a Question

DDOS or bad robot problem

networking

Hello my friends

I have a DDOS problem, the attack occurs by sending a series of requests - for a long time,

That takes all of my VPS resources

so its deny the server from serving any users/visitors.

all requests logs in access_log of Apache, and its normal requests

-first time I do Firewall the range of IPs that used to make this attack

-but after a while (2weeks) the attack comes back with new range of IPs (all IPS used were static and some of them are in blacklist)

-I installed modevasive and modsecurity of apache,

but they can not stop this type of attach as well.

please help to solve this problem…

thanks and regards

7 Replies

what kind of requests? web? or just packets?

does it bring your vps down because of the bandwidth or processing time of the request?

what do you have… apache? mysql?

if apache, have you looked into mod_cband?

~~[http://www.howtoforge.com/modcbandapache2bandwidthquotathrottling" target="blank">](http://www.howtoforge.com/mod_cband_apa … throttling">http://www.howtoforge.com/modcbandapache2bandwidthquota_throttling](

Dear 'sob' Thank you very much for help and

> what kind of requests? web? or just packets?

its a web requests, ie urls

> does it bring your vps down because of the bandwidth or processing time of the request?

I get my 4 CPUs in 100% usage

and get all allowed Apache MaxSpareServer ( 8 ) works

> what do you have… apache? mysql?

Apache, mysql, and php, all serve Drupal CMS

and about mod_cband, I have not used it, because thinking that its CPU/process problem

and I will left this VPS for 1 website

Thank you very much for help

regards

the excessive CPU consumption comes from too many requests, so you need to be able to limit the amount of request per IP (again, look at modthrottle/modcband to do that, I'm not an expert on either but I'm sure that would help)

how many IPs are attacking you at the same time?

if you're facing DDOS where the number of IPs initiating the attack is large, then it's a much harder problem

If you weren't using Drupal I would tell you to add some PHP code to handle excess requests from one IP (prohibiting a call to a page from the same IP withing 1s for example).

But as you're using Drupal, it may not be that easy (I'm not familiar with Drupal). Maybe there are Drupal modules (or whatever they're called) to enforce such limitations?

Dear 'sob' Thank you very much for your help

> the excessive CPU consumption comes from too many requests

yes That's exactly what I see using "htop" to monitor CPU and "tail -f acces_log" to see requests

so I will install modthrottle/modcband and hope that help,

but are there a suitable configurations can I set them up to those modules?

> how many IPs are attacking you at the same time?

them were not much ie. the first attack was using the range

"–src-range 196.219.224.1-196.219.224.254"

and I firewall it

and will looking for drupal module can adjustment IP-limitation functions

Thank you very much and regards

you need to read the doc on modthrottle and modbandwidth and adjust the configuration to your needs

it's not only a matter of "installing and hoping it helps" unfortunately ;)

I will try and Thank you very much for you help :)

best regards

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct