New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
mod security's pretty good at blocking out garbage
DDoS mitigation would be good too
are they coming from random ips? same ip? ips from a range?
if they're coming from a country that doesn't make you money, just drop the country's ip ranges via iptables(eg some Asian countries).
Random IP's - probably socks/http proxies from the looks of it.
If they're coming at you with a few referrer spam urls(like semalt and such), try this:
http://eclecticquill.com/2014/12/11/use-nginx-to-block-referrer-spam-from-semalt/
Cloudflare?
Don't use iptables, make your site returns 404 for pages not found and not some fancy PHP page. Turn keepalive off if it helps.
Real RUDY attack with POST requests or just a http flood?
At least post the access log and domain name.
Yes
Try these if you are not a file uploading site
client_body_timeout 5;
keepalive_timeout 30;
client_header_timeout 5;
send_timeout 5;
Is this static content only or PHP/fastcgi?
@linuxthefish php/fastcgi.
For that fake referral spam... I honestly suggest letting it happen and ignoring it. I never found any patterns that allowed me to do anything but reactively block the referral URLs for little gain because they would always change.
I mean, you don't want to block legit referrers, and there's just no decent way to judge real vs fake referrer to my knowledge, short of the human brain.
Yeah, but there are some really nasty fuckers out there.
I believe piwik auto-filters the major ones, like subdomain.darodarforum and such.
https://qwdsa.com/c/threads/nginx-ban-list-stopforumspam.63/
My nginx ban list might be able to help here. If they are using proxies they are likely blocked already.
Worth a shot!