Drupal

How to protect the site and server?

Good afternoon, dear participants.

Yesterday I noticed referrals from a strange site - acunetix-referrer.com. I read that this is a website vulnerability scanner.

This service created links like

sitename/?wvstest=javascript:domxssExecutionSink(1,%22%27\%22%3E%3Cxsstag%3E()locxss%22)

after which (or maybe as a result of other attacks below) some articles were deleted from the database. There are about 500 articles on the site, of which 5 have been erased.

How were they erased?
Some rows in the database have been deleted. (randomly. In some articles, the body line (the main text, in some the icon, etc.))

Further, this morning I found the following entries in the log:

PDOException: SQLSTATE[23000]: Integrity CONSTRAINT violation: 1062 Duplicate entry 'node-110-0-0-und' FOR KEY 'PRIMARY': INSERT INTO {field_data_field_fivestar} (entity_type, entity_id, revision_id, bundle, delta, LANGUAGE, field_fivestar_rating, field_fivestar_target) VALUES (:db_insert_placeholder_0, :db_insert_placeholder_1, :db_insert_placeholder_2, :db_insert_placeholder_3, :db_insert_placeholder_4, :db_insert_placeholder_5, :db_insert_placeholder_6, :db_insert_placeholder_7); Array ( [:db_insert_placeholder_0] => node [:db_insert_placeholder_1] => 110 [:db_insert_placeholder_2] => 110 [:db_insert_placeholder_3] => service [:db_insert_placeholder_4] => 0 [:db_insert_placeholder_5] => und [:db_insert_placeholder_6] => 20 [:db_insert_placeholder_7] => ) в функции field_sql_storage_field_storage_write() (строка 514 в файле /var/www/drupal/modules/FIELD/modules/field_sql_storage/field_sql_storage.module).

PDOException: SQLSTATE[HY000]: General error: 1366 Incorrect INTEGER VALUE: '-' FOR COLUMN 'field_fivestar_rating' at ROW 1: INSERT INTO {field_data_field_fivestar} (entity_type, entity_id, revision_id, bundle, delta, LANGUAGE, field_fivestar_rating, field_fivestar_target) VALUES (:db_insert_placeholder_0, :db_insert_placeholder_1, :db_insert_placeholder_2, :db_insert_placeholder_3, :db_insert_placeholder_4, :db_insert_placeholder_5, :db_insert_placeholder_6, :db_insert_placeholder_7); Array ( [:db_insert_placeholder_0] => node [:db_insert_placeholder_1] => 110 [:db_insert_placeholder_2] => 110 [:db_insert_placeholder_3] => service [:db_insert_placeholder_4] => 0 [:db_insert_placeholder_5] => und [:db_insert_placeholder_6] => - [:db_insert_placeholder_7] => ) в функции field_sql_storage_field_storage_write() (строка 514 в файле /var/www/drupal/modules/FIELD/modules/field_sql_storage/field_sql_storage.module).

judging by the log, about 800 such attempts were made in two minutes.
The attack went from 6 am to 10 pm.
We also scanned the site.

• worker-01.sfj.corp.censys.io
  
• scan-13.shadowserver.org
  
• scan-37.security.ipip.net
  
• 196.52.43.119
  

Config:
VPS
Processor: 1 vCore
RAM: 2 GiB
Storage: 10 GiB
apache+php7+mysql
Questions:
1. Is it worth blocking dangerous vulnerability scanners?
like here https://www.nuevolab.com/blog/archives/380
2. is it worth installing mod apache mod_security in this case or is it outdated?
3. What would you do in this situation? What means of protection against various attacks: xss, sql inj, ddos, etc. are relevant in 2018?
Thank you.