Mitigate DoS attack against web site?


Dec 31, 2004
Hi all, I hope you can help with a customer's site that is being, potentially, DoS attacked.

What's happening is that the image galleries on the site are being continually hit by a single IP (this has happened a couple of times) to the point where their site goes down due to making it exceed its bandwidth limit. The latest attempt has resulted in 60,000+ hits to the galleries within a day. The server and site handles the requests OK, it's just the amount of data being transferred. It's a fairly limited interest dancing holiday to Cuba web site with snapshots from previous holidays in the galleries, so there's no real reason for this (other than a disgruntled competitor, or something).

Anyway, I have blocked the IP addresses on a server wide basis in the firewall (CSF) to prevent further access from those IPs.

But what would be ideal would be to block the IP automatically for that one site after say, the galleries had been accessed 1000 in 24 hours (as an example). I believe I may be able to do something like this in mod_security (or even mod_evasive?), but I am struggling to find out how.

I would appreciate suggestions on how best to deal with this.

An example line from the logfile:

************.***.***.*** - - [05/Apr/2014:10:49:02 +0100] "GET /index.php?option=com_igallery&task=image.addHit&format=raw&id=196 HTTP/1.1" 200 1 "http://www.******" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36"


Staff member
Apr 11, 2011
Hello :)

You may also want to check to see if there are any settings or addons you can implement with the script in-use that can help prevent these types of attacks.

Thank you.