You should look at adding the %D and %T format strings to your httpd access log configuration so that you can capture the amount of time spent in delivery of a resource. > Date: Thursday, January 14, 2021 11:48:55 +0000 > From: Jason Long <hack3rcon@xxxxxxxxx.INVALID> > > Server have 4 CPU cores and 6GB of RAM. > I pasted Apache configuration. In your opinion, which parts of > servers must be examine? > > > On Wednesday, January 13, 2021, 08:30:58 PM GMT+3:30, @lbutlr > <kremels@xxxxxxxxx> wrote: > > >> On 12 Jan 2021, at 01:52, Jason Long <hack3rcon@xxxxxxxxx.INVALID> >> wrote: >> >> It show me: >> >> 13180 X.X.X.X >> 1127 X.X.X.X >> 346 X.X.X.X >> 294 X.X.X.X >> 241 X.X.X.X >> 169 X.X.X.X >> 168 X.X.X.X >> 157 X.X.X.X >> 155 X.X.X.X >> 153 X.X.X.X > > Your server would not be getting bogged down by that few > connections unless your hardware is very weak or you are hosting > something insane. > > I have a very lightly used web server that gets more than 40K hits > a day running on a Celeron machine with a whole 4GB of RAM and my > load average is in the 1.2 range consistently. > > I wonder if there is not some configuration error. > > Also, the URLs shown in your logs starting with /tag/ followed by a > long series of hex digits, do those look like valid URLs for your > server? > > Do a dig -x on the IP that is hitting you 13,000 times and see > where it is. You can try firewalling it, but if it's not some > misconfigured server, the DOS will simply move to another IP. > >> https://paste.ubuntu.com/p/PsxM8yPXPQ/ > > I haven't run F2B in quite a while, but is that a list of IPs that > you are whitelisiing or does [Protect] mean "Protect FROM"? > > But if 13,000 queries are crippling your web server, I think your > real problem lies elsewhere than the 13,000 hits. > > (You are loading almost double the modules that I am, by the way. > It seems like an lot. Do you know why each of those modules is > enabled?) ------------ End Original Message ------------ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx