A
A
AnGel2016-12-01 14:06:37
Nginx
AnGel, 2016-12-01 14:06:37

How to repel a complex DDoS attack?

Good day to all, I have encountered a very complex DDoS attack. The logs show that bots with different User Agents (hereinafter referred to as UA) are attacking. They attack all forum pages, not just the main one.
The following decisions were made:
1. Ban at the nginx level by UA. Gives you control over the situation, but does not give 100% protection. Slightly changed UA and goodbye web server. Now they use already valid UA from browsers, it's terrible. I'm blocking already clean traffic.
2. Ban iptables+ipset+tcpdump. I singled out the most active bots and banned them using the /24 mask. Doesn't save. After 1k banned, 2k come and change the strategy. They send 5-10 requests each and wait. The server cannot cope with such an onslaught of small requests in the number of 2k+ bots.
3. Ban at the nginx level - GeoIP. Didn't bring results. In general, I missed everything that should not have been missed.
I ask for help, I have no strength.
Hardware:
CPU: Intel(R) Xeon(R) CPU E5-2620 v3 @ 2.40GHz - 4 cores, I think upgraded to 10 already
RAM: 12GB
Channel: 100
Server: nginx+php-fpm

Answer the question

In order to leave comments, you need to log in

4 answer(s)
F
Fixid, 2016-12-01
@Fixid

Contact cloudflare

A
Alexey, 2016-12-01
@alsopub

I don’t know if it will help, but look - https://habrahabr.ru/post/139931/

P
Puma Thailand, 2016-12-01
@opium

Hire an experienced admin

E
Eugene, 2016-12-01
@Nc_Soft

nginx.org/ru/docs/http/ngx_http_limit_req_module.html

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question