you need to read the doc on mod_throttle and mod_bandwidth and adjust the configuration to your needs
it's not only a matter of "installing and hoping it helps" unfortunately
| Linode Forum https://forum.linode.com/ |
|
| DDOS or bad robot problem https://forum.linode.com/viewtopic.php?f=19&t=7072 |
Page 1 of 1 |
| Author: | math [ Thu May 05, 2011 10:57 am ] |
| Post subject: | DDOS or bad robot problem |
Hello my friends I have a DDOS problem, the attack occurs by sending a series of requests - for a long time, That takes all of my VPS resources so its deny the server from serving any users/visitors. all requests logs in access_log of Apache, and its normal requests -first time I do Firewall the range of IPs that used to make this attack -but after a while (2weeks) the attack comes back with new range of IPs (all IPS used were static and some of them are in blacklist) -I installed mod_evasive and mod_security of apache, but they can not stop this type of attach as well. please help to solve this problem... thanks and regards |
|
| Author: | sob [ Thu May 05, 2011 11:01 am ] |
| Post subject: | |
what kind of requests? web? or just packets? does it bring your vps down because of the bandwidth or processing time of the request? what do you have... apache? mysql? if apache, have you looked into mod_cband? http://www.howtoforge.com/mod_cband_apache2_bandwidth_quota_throttling |
|
| Author: | math [ Thu May 05, 2011 11:13 am ] |
| Post subject: | |
Dear 'sob' Thank you very much for help and Quote: what kind of requests? web? or just packets? its a web requests, ie urls Quote: does it bring your vps down because of the bandwidth or processing time of the request? I get my 4 CPUs in 100% usage and get all allowed Apache MaxSpareServer ( 8 ) works Quote: what do you have... apache? mysql?
Apache, mysql, and php, all serve Drupal CMS and about mod_cband, I have not used it, because thinking that its CPU/process problem and I will left this VPS for 1 website Thank you very much for help regards |
|
| Author: | sob [ Thu May 05, 2011 11:22 am ] |
| Post subject: | |
the excessive CPU consumption comes from too many requests, so you need to be able to limit the amount of request per IP (again, look at mod_throttle/mod_cband to do that, I'm not an expert on either but I'm sure that would help) how many IPs are attacking you at the same time? if you're facing DDOS where the number of IPs initiating the attack is large, then it's a much harder problem |
|
| Author: | sob [ Thu May 05, 2011 11:28 am ] |
| Post subject: | |
If you weren't using Drupal I would tell you to add some PHP code to handle excess requests from one IP (prohibiting a call to a page from the same IP withing 1s for example). But as you're using Drupal, it may not be that easy (I'm not familiar with Drupal). Maybe there are Drupal modules (or whatever they're called) to enforce such limitations? |
|
| Author: | math [ Thu May 05, 2011 11:52 am ] |
| Post subject: | |
Dear 'sob' Thank you very much for your help Quote: the excessive CPU consumption comes from too many requests yes That's exactly what I see using "htop" to monitor CPU and "tail -f acces_log" to see requests so I will install mod_throttle/mod_cband and hope that help, but are there a suitable configurations can I set them up to those modules? Quote: how many IPs are attacking you at the same time?
them were not much ie. the first attack was using the range "--src-range 196.219.224.1-196.219.224.254" and I firewall it and will looking for drupal module can adjustment IP-limitation functions Thank you very much and regards |
|
| Author: | sob [ Thu May 05, 2011 12:02 pm ] |
| Post subject: | |
you need to read the doc on mod_throttle and mod_bandwidth and adjust the configuration to your needs it's not only a matter of "installing and hoping it helps" unfortunately
|
|
| Author: | math [ Thu May 05, 2011 12:12 pm ] |
| Post subject: | |
I will try and Thank you very much for you help 
best regards |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|