you can find who is flooding site in apache access.log and block them in firewall.
ex to find the IP: cat /var/log/apache2/access.log |cut -d' ' -f1 |sort |uniq -c|sort -gr On Fri, Nov 25, 2016 at 8:42 AM, Jaaz Portal <jaazpor...@gmail.com> wrote: > hi, > we are from some weeks struggling with some Polish hackers that are > bringing our server down. After updating apache to latest version (2.4.23) > and tomcat (8.0.38) available for debian systems we still cannot secure our > server. > > Today it has stopped to respond again and we needed to restart tomcat > process to get it back alive. > > There is no too much clues in the logs. The apache error.log gives just > this line: > > [Fri Nov 25 13:08:00.647835 2016] [mpm_event:error] [pid 13385:tid > 1397934896385 > 92] AH00484: server reached MaxRequestWorkers setting, consider raising the > MaxR > equestWorkers setting > > seems that somehow tomcat, mod-jk2 or even apache is vulnerable to some new > exploit, as we certainly does not have such traffic that would block our > server otherwise > > for now we have increased MaxRequestWorkers and we have limited number of > connections from one client to 5 by mod_bw and limited number of > simultaneous connections from one ip by iptables but does not know if this > will help > > best regards, > artur > -- *Thanks* *Niranjan*