Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


how to block ddos attack on apache servers
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

how to block ddos attack on apache servers

we are getting ddos to only one wordpress domain's particular link

multiple ips,,,, i have tried some .htaccess rules by googling but all are now responding with 404,,

Should i find the range of ips and block in the csf (its hitting from several ips),

i think thats the only way. Its a continues process now.

I tried this one

RewriteEngine On

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.)link_of_particular_address(.)$ [NC]
RewriteRule .* - [R=403,L]

Comments

  • Why not use cloudflare ?

    Thanked by 1Dormeo
  • Can you post 5 requests of your Apache Access logs? (of attack)

  • @starwalker said:
    Why not use cloudflare ?

    As for shared server, how can we insist customers to use cloudflare.

  • MikeAMikeA Member, Patron Provider

    @livservers said:
    Should i find the range of ips and block in the csf (its hitting from several ips),

    This likely won't help. You're better off putting the website behind CloudFlare and setting it to "I'm under attack!" mode. Most of the common L7 attacks (GET I assume) are from many random IPs, most I've seen are random residential ISP networks and the big cloud networks.

  • @AlemalakraIT said:
    Can you post 5 requests of your Apache Access logs? (of attack)

    114.236.83.81 - - [18/Mar/2018:08:02:11 +1300] "POST /tell-a-friend-about-us/ HTTP/1.1" 500 - "http://www.domain.com/contact-us" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2)"
    49.83.25.162 - - [18/Mar/2018:08:02:12 +1300] "POST /tell-a-friend-about-us/ HTTP/1.1" 500 - "http://www.domain.com/contact.us" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2)"

    I have now blocked almost 10 to 15 ips, i am in a mission of finding ip ranges, so that i can sort it out completely.

  • You know about Cloudflare right? You can try put your domain via Cloudflare, And enable "Under-Attack-Mode", it will enable a Javascript validation for all users, Will block most bots/attacks.

    Thanked by 1livservers
  • @AlemalakraIT said:
    You know about Cloudflare right? You can try put your domain via Cloudflare, And enable "Under-Attack-Mode", it will enable a Javascript validation for all users, Will block most bots/attacks.

    let me advise him,,,,,, thanks anyway

  • CdoeCdoe Member

    @livservers said:

    @starwalker said:
    Why not use cloudflare ?

    As for shared server, how can we insist customers to use cloudflare.

    What is name of your company? Post it so we can avoid hosters who try to mitigate ddos attack with htaccess rule.

  • @Cdoe said:
    What is name of your company? Post it so we can avoid hosters who try to mitigate ddos attack with htaccess rule.

    Just Google his username.

  • GodsGods Member

    I'll do your htaccess rules for only $99.99 blocks all DDoS attacks!

  • bapbap Member

    iptables with recent + mask set... or... just using cloudflare...

  • Read also about mod_qos:
    http://mod-qos.sourceforge.net/

  • Rather than using any software based DDos protection running on the server, I would argue that you should look into some solution that filter out the attacks upstream. Many, if not most, providers are able to offer DDoS protection for a bit extra every month.

  • @Prime404 said:
    Rather than using any software based DDos protection running on the server, I would argue that you should look into some solution that filter out the attacks upstream. Many, if not most, providers are able to offer DDoS protection for a bit extra every month.

    OP is not asking about layer 4 protection. You cannot block l7 upstream...
    Try using mod_ratelimit to ratelimit the amount of requests to something reasonable like 10-15/s. Or if they are hitting a login/register page then add a captcha

  • cubedatacubedata Member, Patron Provider
    edited March 2018

    let me guess the infamous wordpress xmlrpc.php ddos vulnerability?

    link goes to a article explaining this(digitalocean).

    simple fix is to block all access to the wordpress xmlrpc functionality, yes it comes with side effects like jetpack, wordpress mobile app not working anymore according to that article but it stops the ddos attacks though :)

    though if he was running wordpress shared hosting it would have probably been better to know about this though.

Sign In or Register to comment.