How to find pattern: Look at log. Find bad things that are similar. Then: Block bad things from reaching web server.
On Mon, Jan 11, 2021 at 6:49 PM Jason Long <hack3r...@yahoo.com.invalid> wrote: > How to find pattern? > Log show me: https://paste.ubuntu.com/p/MjjVMvRrQc/ > > > > > > > On Tuesday, January 12, 2021, 03:06:12 AM GMT+3:30, Filipe Cifali < > cifali.fil...@gmail.com> wrote: > > > > > > Yeah it's probably not going to matter if you don't know what's attacking > you before setting up the rules, you need to find the patterns, either the > attack target or the attackers origins. > > On Mon, Jan 11, 2021 at 8:26 PM Jason Long <hack3r...@yahoo.com.invalid> > wrote: > > I used a rule like: > > > > # firewall-cmd --permanent --zone="public" --add-rich-rule='rule port > port="80" protocol="tcp" accept limit value="100/s" log prefix="HttpsLimit" > level="warning" limit value="100/s"' > > > > But not matter. > > > > > > > > > > > > > > On Tuesday, January 12, 2021, 02:47:01 AM GMT+3:30, Filipe Cifali < > cifali.fil...@gmail.com> wrote: > > > > > > > > > > > > You need to investigate your logs and find common patterns there, also > there are different tools to handle small and big workloads like you could > use iptables/nftables to block based on patterns and number of requests. > > > > On Mon, Jan 11, 2021 at 8:06 PM Jason Long <hack3r...@yahoo.com.invalid> > wrote: > >> Hello, > >> On a CentOS web server with Apache, someone make a lot of request and > it make slowing server. when I disable "httpd" service then problem solve. > How can I find who made a lot of request? > >> [url]https://imgur.com/O33g3ql[/url] > >> Any idea to solve it? > >> > >> > >> Thank you. > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >> For additional commands, e-mail: users-h...@httpd.apache.org > >> > >> > > > > > > -- > > [ ]'s > > > > Filipe Cifali Stangler > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > > > -- > [ ]'s > > Filipe Cifali Stangler > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
