New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
how to block ddos attack on apache servers
livservers
Member
in Help
we are getting ddos to only one wordpress domain's particular link
multiple ips,,,, i have tried some .htaccess rules by googling but all are now responding with 404,,
Should i find the range of ips and block in the csf (its hitting from several ips),
i think thats the only way. Its a continues process now.
I tried this one
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.)link_of_particular_address(.)$ [NC]
RewriteRule .* - [R=403,L]
Comments
Why not use cloudflare ?
Can you post 5 requests of your Apache Access logs? (of attack)
As for shared server, how can we insist customers to use cloudflare.
This likely won't help. You're better off putting the website behind CloudFlare and setting it to "I'm under attack!" mode. Most of the common L7 attacks (GET I assume) are from many random IPs, most I've seen are random residential ISP networks and the big cloud networks.
114.236.83.81 - - [18/Mar/2018:08:02:11 +1300] "POST /tell-a-friend-about-us/ HTTP/1.1" 500 - "http://www.domain.com/contact-us" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2)"
49.83.25.162 - - [18/Mar/2018:08:02:12 +1300] "POST /tell-a-friend-about-us/ HTTP/1.1" 500 - "http://www.domain.com/contact.us" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2)"
I have now blocked almost 10 to 15 ips, i am in a mission of finding ip ranges, so that i can sort it out completely.
You know about Cloudflare right? You can try put your domain via Cloudflare, And enable "Under-Attack-Mode", it will enable a Javascript validation for all users, Will block most bots/attacks.
let me advise him,,,,,, thanks anyway
What is name of your company? Post it so we can avoid hosters who try to mitigate ddos attack with htaccess rule.
Just Google his username.
I'll do your htaccess rules for only $99.99 blocks all DDoS attacks!
iptables with recent + mask set... or... just using cloudflare...
Read also about mod_qos:
http://mod-qos.sourceforge.net/
Rather than using any software based DDos protection running on the server, I would argue that you should look into some solution that filter out the attacks upstream. Many, if not most, providers are able to offer DDoS protection for a bit extra every month.
OP is not asking about layer 4 protection. You cannot block l7 upstream...
Try using mod_ratelimit to ratelimit the amount of requests to something reasonable like 10-15/s. Or if they are hitting a login/register page then add a captcha
let me guess the infamous wordpress xmlrpc.php ddos vulnerability?
link goes to a article explaining this(digitalocean).
simple fix is to block all access to the wordpress xmlrpc functionality, yes it comes with side effects like jetpack, wordpress mobile app not working anymore according to that article but it stops the ddos attacks though
though if he was running wordpress shared hosting it would have probably been better to know about this though.