Answer the question
In order to leave comments, you need to log in
How to protect yourself from a botnet? and botnet?
There is a site for a client on a server 8 nuclear with 32 gigs of RAM. Recently, someone has been tormenting him, as I understand it from the botnet. I deduced the tablet of online memory in literally 30-40 seconds, 30-35k online appears. wrote toko ip (did not guess to write the user agent, whether cookies are enabled, etc., etc.).
The most interesting thing is that all IPs are different and at the same time the server does not fall, but access to it ssh connect error stupidly falls. It turns out he clogs the Internet channel and he does not take out? Is it a botnet? how can you protect yourself from this?
> Direction IN
> Internal xxx.xxx.xxx.xx
> Threshold Flows 150 flows/s
> Sum 46.587 flows/300s (155 flows/s), 46.623.000 packets/300s (155.410 packets/s), 1,743 GByte/300s (47 MBit/s)
> External 162.217.133.111, 3 flows/300s (0 flows/s), 3.000 packets/300s (10 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 213.94.72.212, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 207.166.50.162, 2 flows/300s (0 flows/s), 3.000 packets/300s (10 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 211.237.128.254, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 218.124.17.229, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 107.202.101.90, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 136.31.72.44, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 174.125.255.7, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 222.147.198.88, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 204.205.28.226, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 109.18.146.205, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 107.75.44.127, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 121.150.202.177, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 91.178.12.116, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 103.113.194.170, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 201.210.13.2, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 175.221.156.143, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 55.16.143.210, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 47.45.154.3, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 125.244.134.30, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 241.223.61.46, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 86.64.98.26, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 234.224.111.207, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 207.62.51.87, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 106.247.41.182, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 47.236.161.128, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 140.115.236.238, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 45.56.89.135, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 219.67.204.44, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 252.10.92.105, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 240.114.41.234, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 80.63.183.10, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 208.16.36.195, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 197.107.172.13, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 231.87.144.188, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 159.234.19.161, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 12.254.210.102, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 56.198.15.60, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 177.51.146.147, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 80.186.190.31, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 158.231.81.249, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 102.48.234.8, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 109.210.25.195, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 190.175.181.164, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 168.29.148.95, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 20.5.30.38, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 225.91.156.238, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 141.196.50.148, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 1.228.206.46, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
> External 237.65.5.34, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
>
Answer the question
In order to leave comments, you need to log in
In the case of the nonbotnet, the recommendation is:
1. Find the most frequently downloaded URLs (including URLs for static files);
2. Order a Linux virtual machine on the side (you can also use a dedicated server, but it is much more expensive), put nginx on it, upload statics to it in the Web directory and modify the code on the main server so that the statics are downloaded from the virtual machine. Naturally, the virtual machine must periodically synchronize its files with the directory on the main server, but clients should not request statics from the main server. A powerful virtual machine is not needed for statics - as long as the traffic is unlimited and the channel is sufficient. A couple of cores, in our experience, is enough to pull out a hundred or two requests per second without much straining. If one is not enough, you can take a certain amount (it is better in other data centers so that the channels to the network are different) and dynamically enter static URLs there (at least in random order).
3. The most visited URLs should also be converted to static and brought to third-party powers.
Then it all depends on the reasons for attendance. If it is seasonal or, for example, associated with an advertising campaign / affiliate program, then you can return everything back, leaving developments for the future.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question