How to block strange massive traffic flooding the website

[Bidi]

Hy guys, i had a couple of problems in the last few days with some strange traffic, never seen before witch makes massive traffic to the website and eating the entire dedicated server resources.

We use CSF and some mod_security Rules we even turned on the OWASP ModSecurity Core Rule Set but still hiting the website.

Dose anyone got any ideas how to block this sort of traffic ?

 

[postcd]

The access logs (ls /home/username/access-logs/) can show You user agent of these visits. If the user agent is common, what about using mod security or other method to block such visits.
Also try to google: zbblock zaphod
it can be also effective
Third thing is to try to use Cloudflare as a front end to your site
Fourt thing is to optimise your page so it is served from cache so it do not connect mysql every visit
--
i might be wrong, just ideas

 

[cPanelMichael]

Hello,

You could also try using the advice or configuration settings offered in the following threads:

ddos protection linux cloud server..
Prevent DDOS attack by CSF firewall

There's also a third-party URL here discussing options with CSF:

Basic DoS/DDoS Mitigation with the CSF Firewall – Liquid Web Knowledge Base

Thank you.

 

[quizknows]

Yeah we need actual access logs as mentioned by @postcd . For example if all these requests to / are POST and not GET, that's quite easy to filter with a ModSecurity rule. Or like he mentioned you may get lucky with a clearly bad user agent you can block.

 

[Bidi]

Hy guys, the think is i dont understand why there is no acces_log, about user agent in cPanel was complet nothink just what you see on the picture, nu user agent, no nothink, just the ips, path /, and the 234

 

[cPanelMichael]

Hy guys, the think is i dont understand why there is no acces_log, about user agent in cPanel was complet nothink just what you see on the picture, nu user agent, no nothink, just the ips, path /, and the 234

Hello,

Do you notice the same thing when reviewing the domain access logs for the domain name under the /usr/local/apache/domlogs/ directory?

Thank you.

 

[Bidi]

Hy guys, now again, on another website



access_logs

 

[cPanelMichael]

Hy guys, now again, on another website

Could you verify if you were able to review the actual access logs referenced in the previous posts to this thread?

Thank you.

 

[Bidi]

I fix it now :D i made a protection fully worked i can see on the mod_sec getting massive traffic from proxys from aroung 500k and the website and server dosent even feel, is fully worked :D thank you

 

[cPanelMichael]

I'm happy to see you were able to address the issue. Thank you for updating us with the outcome.

 

[Taufik Rizki]

could you please provide steps for solving the problem, because i am having the same problem.

Please help, thank you

I fix it now :D i made a protection fully worked i can see on the mod_sec getting massive traffic from proxys from aroung 500k and the website and server dosent even feel, is fully worked :D thank you

could you please provide steps for solving the problem, because i am having the same problem.

Please help, thank you