How to block strange massive traffic flooding the website

Bidi · Feb 16, 2017

Hy guys, i had a couple of problems in the last few days with some strange traffic, never seen before witch makes massive traffic to the website and eating the entire dedicated server resources.

We use CSF and some mod_security Rules we even turned on the OWASP ModSecurity Core Rule Set but still hiting the website.

Dose anyone got any ideas how to block this sort of traffic ?

postcd · Feb 16, 2017

The access logs (ls /home/username/access-logs/) can show You user agent of these visits. If the user agent is common, what about using mod security or other method to block such visits.
Also try to google: zbblock zaphod
it can be also effective
Third thing is to try to use Cloudflare as a front end to your site
Fourt thing is to optimise your page so it is served from cache so it do not connect mysql every visit
--
i might be wrong, just ideas

cPanelMichael · Feb 16, 2017

Hello,

You could also try using the advice or configuration settings offered in the following threads:

ddos protection linux cloud server..
Prevent DDOS attack by CSF firewall

There's also a third-party URL here discussing options with CSF:

Basic DoS/DDoS Mitigation with the CSF Firewall – Liquid Web Knowledge Base

Thank you.

quizknows · Feb 16, 2017

Yeah we need actual access logs as mentioned by @postcd . For example if all these requests to / are POST and not GET, that's quite easy to filter with a ModSecurity rule. Or like he mentioned you may get lucky with a clearly bad user agent you can block.

Bidi · Feb 17, 2017

Hy guys, the think is i dont understand why there is no acces_log, about user agent in cPanel was complet nothink just what you see on the picture, nu user agent, no nothink, just the ips, path /, and the 234

cPanelMichael · Feb 17, 2017

Bidi said: ↑

Hy guys, the think is i dont understand why there is no acces_log, about user agent in cPanel was complet nothink just what you see on the picture, nu user agent, no nothink, just the ips, path /, and the 234
Click to expand...

Hello,

Do you notice the same thing when reviewing the domain access logs for the domain name under the /usr/local/apache/domlogs/ directory?

Thank you.

Bidi · Feb 18, 2017

Hy guys, now again, on another website

access_logs

cPanelMichael · Feb 20, 2017

Bidi said: ↑

Hy guys, now again, on another website
Click to expand...

Could you verify if you were able to review the actual access logs referenced in the previous posts to this thread?

Thank you.

Bidi · Feb 24, 2017

I fix it now :D i made a protection fully worked i can see on the mod_sec getting massive traffic from proxys from aroung 500k and the website and server dosent even feel, is fully worked :D thank you

cPanelMichael · Feb 24, 2017

I'm happy to see you were able to address the issue. Thank you for updating us with the outcome.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to block strange massive traffic flooding the website

Bidi Well-Known Member

Attached Files:

231231.png

postcd Well-Known Member

cPanelMichael Forums Analyst
Staff Member

quizknows Well-Known Member

Bidi Well-Known Member

cPanelMichael Forums Analyst
Staff Member

Bidi Well-Known Member

Attached Files:

21321.png

cPanelMichael Forums Analyst
Staff Member

Bidi Well-Known Member

cPanelMichael Forums Analyst
Staff Member

New Thread Same-domain impersonation increases deferred count, triggering domain-wide blocking

SpamAssassin not blocking emails with invalid SPF?

SOLVED Can't find cause of CBL blocking

Block all incoming SMTP except from ip's of my spam filter service

Use csf to block incoming hits to extra local IPs?

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to block strange massive traffic flooding the website

Bidi Well-Known Member

Attached Files:

231231.png

postcd Well-Known Member

cPanelMichael Forums Analyst Staff Member

quizknows Well-Known Member

Bidi Well-Known Member

cPanelMichael Forums Analyst Staff Member

Bidi Well-Known Member

Attached Files:

21321.png

cPanelMichael Forums Analyst Staff Member

Bidi Well-Known Member

cPanelMichael Forums Analyst Staff Member

New Thread Same-domain impersonation increases deferred count, triggering domain-wide blocking

SpamAssassin not blocking emails with invalid SPF?

SOLVED Can't find cause of CBL blocking

Block all incoming SMTP except from ip's of my spam filter service

Use csf to block incoming hits to extra local IPs?

Share This Page

cPanelMichael Forums Analyst
Staff Member

cPanelMichael Forums Analyst
Staff Member

cPanelMichael Forums Analyst
Staff Member

cPanelMichael Forums Analyst
Staff Member