Answer the question
In order to leave comments, you need to log in
A
A
Andrey2019-02-21 15:49:22
Andrey, 2019-02-21 15:49:22
How to protect the site from this kind of ddos?
There are several sites on the server, but only one is constantly ddosed (unless, of course, it is ddos). Dedicated server, site on Nginx + PHP-FPM, nginx caching enabled. The site works in normal times perfectly, quickly. But as soon as the attack starts, the entire channel is clogged at the server, because requests go only to pictures, and requests without a referrer, which suggests ddos. The site has no attendance (100-200 people/day). I have no idea who needed to DDoS such a site, and the attacks have been going on for two weeks now, there are daytime breaks - a day is normal, a day is attacked. We have to shut down the site to make the server work properly. Tell me how you can escape from this type of DDoS (below is a piece from the logs)
217.118.90.152 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-28.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Redmi Note 3 Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36"
185.135.150.120 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/zhizn-srednego-klassa-v-raznyh-stranah-18.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Lenovo K33a42 Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.158 Mobile Safari/537.36"
46.211.71.11 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-41.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 4.4.4; SM-T116 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36"
95.153.129.233 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-32.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 5.0.1; GT-I9500 Build/LRX22C; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/45.0.2454.95 Mobile Safari/537.36"
89.169.20.253 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-10.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 8.0.0; FLA-LX1 Build/HUAWEIFLA-LX1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.158 Mobile Safari/537.36"
46.216.152.165 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-7.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 8.0.0; FIG-LX1 Build/HUAWEIFIG-LX1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36"
46.216.152.165 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-6.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 8.0.0; FIG-LX1 Build/HUAWEIFIG-LX1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36"
46.216.152.165 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-5.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 8.0.0; FIG-LX1 Build/HUAWEIFIG-LX1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36"
85.140.22.247 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/uvlekatelnye-fakty-kotorymi-mozhno-razvlech-lyubuyu-kompaniyu-4.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 5.1.1; SM-T280 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/62.0.3202.84 Safari/537.36"
176.59.193.184 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-11.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 5.0.1; GT-I9500 Build/LRX22C; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/45.0.2454.95 Mobile Safari/537.36"
31.173.101.26 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/zhizn-srednego-klassa-v-raznyh-stranah-5.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 9; Mi A2 Lite Build/PKQ1.180917.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36"
178.124.174.14 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-11.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 7.1.2; Redmi 4A Build/N2G47H; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.91 Mobile Safari/537.36"
185.135.150.120 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/zhizn-srednego-klassa-v-raznyh-stranah-19.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Lenovo K33a42 Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.158 Mobile Safari/537.36"
176.59.193.184 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-10.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 5.0.1; GT-I9500 Build/LRX22C; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/45.0.2454.95 Mobile Safari/537.36"
85.140.22.247 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/uvlekatelnye-fakty-kotorymi-mozhno-razvlech-lyubuyu-kompaniyu-5.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 5.1.1; SM-T280 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/62.0.3202.84 Safari/537.36"
185.135.150.120 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/zhizn-srednego-klassa-v-raznyh-stranah-20.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Lenovo K33a42 Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.158 Mobile Safari/537.36"
109.200.108.231 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-36.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 4.4.2; Ixion X140 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36"
46.216.152.165 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-9.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 8.0.0; FIG-LX1 Build/HUAWEIFIG-LX1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36"
176.59.193.184 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-13.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 5.0.1; GT-I9500 Build/LRX22C; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/45.0.2454.95 Mobile Safari/537.36"
217.118.90.152 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-30.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Redmi Note 3 Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36"
85.140.23.226 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-9.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 8.0.0; H4113 Build/50.1.A.10.51; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/68.0.3440.91 Mobile Safari/537.36" 3 answer(s)
@dyba
There are many options, but if it's really sad, you can use the CDN.
@opium
A
Anatoly, 2019-02-21 @dyba
Protecting images from a hotlitk
location ~ .(gif|png|jpeg|jpg|svg)$ {
valid_referers none blocked ~.google. ~.bing. ~.yahoo. ~.yandex. yourdomain.com;
if ($invalid_referer) {
return 403;
}
}There are many options, but if it's really sad, you can use the CDN.
P
Puma Thailand, 2019-02-21 @opium
Set a limit on the number of requests and connections from one ip in nginx, and prohibit opening static with an empty referrer in nginx
Similar questions
D
N
S
S
N
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question