How to block strange massive traffic flooding the website

Bidi

Well-Known Member
Oct 3, 2012
100
6
68
Romania, Transilvania
cPanel Access Level
DataCenter Provider
Hy guys, i had a couple of problems in the last few days with some strange traffic, never seen before witch makes massive traffic to the website and eating the entire dedicated server resources.

We use CSF and some mod_security Rules we even turned on the OWASP ModSecurity Core Rule Set but still hiting the website.

Dose anyone got any ideas how to block this sort of traffic ?
 

Attachments

postcd

Well-Known Member
Oct 22, 2010
717
19
68
The access logs (ls /home/username/access-logs/) can show You user agent of these visits. If the user agent is common, what about using mod security or other method to block such visits.
Also try to google: zbblock zaphod
it can be also effective
Third thing is to try to use Cloudflare as a front end to your site
Fourt thing is to optimise your page so it is served from cache so it do not connect mysql every visit
--
i might be wrong, just ideas
 
  • Like
Reactions: quizknows

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
Yeah we need actual access logs as mentioned by @postcd . For example if all these requests to / are POST and not GET, that's quite easy to filter with a ModSecurity rule. Or like he mentioned you may get lucky with a clearly bad user agent you can block.
 

Bidi

Well-Known Member
Oct 3, 2012
100
6
68
Romania, Transilvania
cPanel Access Level
DataCenter Provider
Hy guys, the think is i dont understand why there is no acces_log, about user agent in cPanel was complet nothink just what you see on the picture, nu user agent, no nothink, just the ips, path /, and the 234
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hy guys, the think is i dont understand why there is no acces_log, about user agent in cPanel was complet nothink just what you see on the picture, nu user agent, no nothink, just the ips, path /, and the 234
Hello,

Do you notice the same thing when reviewing the domain access logs for the domain name under the /usr/local/apache/domlogs/ directory?

Thank you.
 

Bidi

Well-Known Member
Oct 3, 2012
100
6
68
Romania, Transilvania
cPanel Access Level
DataCenter Provider
I fix it now :D i made a protection fully worked i can see on the mod_sec getting massive traffic from proxys from aroung 500k and the website and server dosent even feel, is fully worked :D thank you
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
I'm happy to see you were able to address the issue. Thank you for updating us with the outcome.
 

Taufik Rizki

Member
Jun 22, 2020
11
0
1
Depok
cPanel Access Level
Root Administrator
could you please provide steps for solving the problem, because i am having the same problem.

Please help, thank you
I fix it now :D i made a protection fully worked i can see on the mod_sec getting massive traffic from proxys from aroung 500k and the website and server dosent even feel, is fully worked :D thank you
could you please provide steps for solving the problem, because i am having the same problem.

Please help, thank you