Fórum Root.cz

Hlavní témata => Server => Téma založeno: - - 28. 06. 2016, 22:31:49

Název: Many IPs browsing login page/maybe bruteforce attack, what to do?
Přispěvatel: - - 28. 06. 2016, 22:31:49

Hello,
on the server with Apache are hosted several websites. One websites login form is the target of some kind of distributed attack/bruteforce password cracking.

I see like 5000 IPs accessing that login page politely, not aggressively. I am sure these are not humans.
A few visits per IP and slowly growing.

I can firewall deny manually some subnets like 123.45.*.* etc. and i can also ban many hundred IPs directly in firewall, but i am afraid of high memory usage of the kernel because too many iptables rules. Is there any better way to prevent server overloading. Like mod security way, i am running CSF firewall too.

Thank you

Název: Re:Many IPs browsing login page/maybe bruteforce attack, what to do?
Přispěvatel: Lol Phirae 28. 06. 2016, 22:57:44

https://www.digitalocean.com/community/tutorials/how-to-protect-against-dos-and-ddos-with-mod_evasive-for-apache-on-centos-7

Název: Re:Many IPs browsing login page/maybe bruteforce attack, what to do?
Přispěvatel: boo 29. 06. 2016, 17:40:40

Change login url :)