How to protect yourself from scanning/DDoS on shared hosting?

D

dmitryfx2021-12-30 05:28:16

DDoS Protection

dmitryfx, 2021-12-30 05:28:16

Maybe it's not even quite ddos, I don't know a better term.
On one of my sites, a couple of machines with the same ip brute force search for files with database backups, archives of the site itself, etc. We made about 4k requests in a few days, and the site is already sick.
Banned these ip via .htaccess, didn't help.

Requests like this:

[Thu Dec 30 03:28:00.633958 2021] [access_compat:error] [pid 32716] [client 194.26.29.143:0] AH01797: client denied by server configuration: /home/users/r/___/domains /___.ru/upload.zip~

194.26.29.143 - - [30/Dec/2021:04:46:45 +0300] "GET /mysql.tar.gz~ HTTP/1.0" 403

640 do? Maybe change some Apache settings via ssh?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dr. Bacon, 2021-12-30
@bacon

We made about 4k requests in a few days, and the site is already sick.

4k is really a trifle, if the site "fell bad" from this, you need to spend time not on "ephemeral" protection from this, but on optimizing your code