I just did. Look at the logs. What doesn't seem right? On Mon, Jan 11, 2021 at 7:11 PM Jason Long <hack3r...@yahoo.com.invalid> wrote:
> Can you help me? > > > > > > > On Tuesday, January 12, 2021, 03:36:30 AM GMT+3:30, Nick Folino < > n...@folino.us> wrote: > > > > > > Concentrate on just one... > > On Mon, Jan 11, 2021 at 7:02 PM Jason Long <hack3r...@yahoo.com.invalid> > wrote: > > It is a lot of IP addresses !!! > > > > > > > > > > > > > > On Tuesday, January 12, 2021, 03:30:02 AM GMT+3:30, Nick Folino < > n...@folino.us> wrote: > > > > > > > > > > > > How to find pattern: > > Look at log. > > Find bad things that are similar. > > > > Then: > > Block bad things from reaching web server. > > > > On Mon, Jan 11, 2021 at 6:49 PM Jason Long <hack3r...@yahoo.com.invalid> > wrote: > >> How to find pattern? > >> Log show me: https://paste.ubuntu.com/p/MjjVMvRrQc/ > >> > >> > >> > >> > >> > >> > >> On Tuesday, January 12, 2021, 03:06:12 AM GMT+3:30, Filipe Cifali < > cifali.fil...@gmail.com> wrote: > >> > >> > >> > >> > >> > >> Yeah it's probably not going to matter if you don't know what's > attacking you before setting up the rules, you need to find the patterns, > either the attack target or the attackers origins. > >> > >> On Mon, Jan 11, 2021 at 8:26 PM Jason Long <hack3r...@yahoo.com.invalid> > wrote: > >>> I used a rule like: > >>> > >>> # firewall-cmd --permanent --zone="public" --add-rich-rule='rule port > port="80" protocol="tcp" accept limit value="100/s" log prefix="HttpsLimit" > level="warning" limit value="100/s"' > >>> > >>> But not matter. > >>> > >>> > >>> > >>> > >>> > >>> > >>> On Tuesday, January 12, 2021, 02:47:01 AM GMT+3:30, Filipe Cifali < > cifali.fil...@gmail.com> wrote: > >>> > >>> > >>> > >>> > >>> > >>> You need to investigate your logs and find common patterns there, also > there are different tools to handle small and big workloads like you could > use iptables/nftables to block based on patterns and number of requests. > >>> > >>> On Mon, Jan 11, 2021 at 8:06 PM Jason Long <hack3r...@yahoo.com.invalid> > wrote: > >>>> Hello, > >>>> On a CentOS web server with Apache, someone make a lot of request and > it make slowing server. when I disable "httpd" service then problem solve. > How can I find who made a lot of request? > >>>> [url]https://imgur.com/O33g3ql[/url] > >>>> Any idea to solve it? > >>>> > >>>> > >>>> Thank you. > >>>> > >>>> --------------------------------------------------------------------- > >>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >>>> For additional commands, e-mail: users-h...@httpd.apache.org > >>>> > >>>> > >>> > >>> > >>> -- > >>> [ ]'s > >>> > >>> Filipe Cifali Stangler > >>> > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >>> For additional commands, e-mail: users-h...@httpd.apache.org > >>> > >>> > >> > >> > >> -- > >> [ ]'s > >> > >> Filipe Cifali Stangler > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >> For additional commands, e-mail: users-h...@httpd.apache.org > >> > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >