> On 12 Jan 2021, at 01:52, Jason Long <hack3rcon@xxxxxxxxx.INVALID> wrote: > > It show me: > > 13180 X.X.X.X > 1127 X.X.X.X > 346 X.X.X.X > 294 X.X.X.X > 241 X.X.X.X > 169 X.X.X.X > 168 X.X.X.X > 157 X.X.X.X > 155 X.X.X.X > 153 X.X.X.X Your server would not be getting bogged down by that few connections unless your hardware is very weak or you are hosting something insane. I have a very lightly used web server that gets more than 40K hits a day running on a Celeron machine with a whole 4GB of RAM and my load average is in the 1.2 range consistently. I wonder if there is not some configuration error. Also, the URLs shown in your logs starting with /tag/ followed by a long series of hex digits, do those look like valid URLs for your server? Do a dig -x on the IP that is hitting you 13,000 times and see where it is. You can try firewalling it, but if it's not some misconfigured server, the DOS will simply move to another IP. > https://paste.ubuntu.com/p/PsxM8yPXPQ/ I haven't run F2B in quite a while, but is that a list of IPs that you are whitelisiing or does [Protect] mean "Protect FROM"? But if 13,000 queries are crippling your web server, I think your real problem lies elsewhere than the 13,000 hits. (You are loading almost double the modules that I am, by the way. It seems like an lot. Do you know why each of those modules is enabled?) -- They say whisky'll kill you, but I don't think it will I'm ridin' with you to the top of the hill --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|