Hello,
on the server with Apache are hosted several websites. One websites login form is the target of some kind of distributed attack/bruteforce password cracking.
I see like 5000 IPs accessing that login page politely, not aggressively. I am sure these are not humans.
A few visits per IP and slowly growing.
I can firewall deny manually some subnets like 123.45.*.* etc. and i can also ban many hundred IPs directly in firewall, but i am afraid of high memory usage of the kernel because too many iptables rules. Is there any better way to prevent server overloading. Like mod security way, i am running CSF firewall too.
Thank you
2 Odpovědí
5307 Zhlédnutí