All Questions
44 questions
0
votes
1
answer
468
views
Can't stop attack on nginx server
I'm currently struggling with my Digitalocean droplet (Ubuntu 22.10) which is under some sort of attack (maybe DDOS). The server hosts a containerized application that runs on nginx.
Every time I ...
0
votes
0
answers
26
views
How to repel an apache ddos attack [duplicate]
My nginx+apache+php server on ubuntu is under attack from a single IP address which causes apache to run as many processes as possible, which causes the server to crash. The ipi is single, and the ...
1
vote
2
answers
578
views
Ddos Protection syntax - Nginx
I am using this syntax for my Nginx configuration file /etc/nginx/nginx.conf which reads:
user www-data;
worker_processes 2;
pid /run/nginx.pid;
worker_rlimit_nofile 100000;
events {
...
- 509
4
votes
0
answers
350
views
Mitigating a DDoS attack on a TOR server
Running a political blog over TOR network with a .onion domain name
I have been getting DDoS attack, I know how to mitigate an attack on clear net where the packets coming from normal IP addresses, ...
- 341
0
votes
2
answers
257
views
huge traffic from different IPs on my ubuntu vps
I've change my vps recently, vps provider told me that he has backed up my VPS hdd from previous server and deployed it on the new server and changed just my ip, but now I have a huge traffic and ...
3
votes
1
answer
2k
views
NGINX for TCP DDOS Protection
I require a TCP reverse proxy to protect my server's IP. I need something like this which works fine https://xhosts.uk/ddosprotection or https://www.hostsavor.com/proxies
I was wondering if I could ...
- 31
1
vote
1
answer
2k
views
How can I protect against Slowloris on a NGINX server? [duplicate]
Well, I recently discovered that my site(s) were vunerable to the Slowloris attack.
A few seconds in after testing the attack on my server just to verify it was Slowloris that was causing the issue, ...
- 11
0
votes
0
answers
693
views
IIS & NGINX DDOS Protection
I have a Windows 2012 R2 server with IIS currently set up on it and I was wondering what my options were to make this DDOS Protected. I've seen Remote DDOS Protection available from various sites but ...
- 31
2
votes
3
answers
2k
views
routing single ip to multiple reverse proxies
I have multiple servers running nginx reverse proxies pointing to the same ip adress because I need to keep 100% uptime and my service relies on them to hide real ip from malicious attackers and not ...
- 21
2
votes
1
answer
409
views
Nginx - how to log an empty SSL connection with no request line
We are currently under DDoS with the following vector: Attacker is establishing TLS connection then drop off. (No request line is being sent)
This is causing serious CPU load on nginx cluser. We ...
- 135
2
votes
1
answer
2k
views
Block direct port 80 access on default IP using iptables?
I am using nginx with cloudflare in front of my sites to protect them from layer 7 attacks but now some attackers found this new way and they are daily attacking my default IP directly with layer 7 ...
- 21
1
vote
1
answer
1k
views
Nginx limit_req is killing all requests
i have a website running on node.js and express web server.
i'm using nginx to run website on domain and also use ssl certificates.
I searched google for how to protect server from ddos attacks using ...
- 33
0
votes
1
answer
520
views
Mitigating HTTP Flood and Wordpress pingback DDoS
I'm an experienced Web Developer but new to servers. I've been learning on Digital Ocean and one of my sites is being constantly hit with DDoS attacks. I've identified two attacks, one is HTTP GET ...
- 3
2
votes
2
answers
5k
views
DDoS mitigation / prevention with nginx
(To work around the "is a duplicate" issue: I don't see many requests. The number is rather small. Instead, each request downloads a lot of data.)
The server I'm talking about has 2x10 GBit/sec of ...
- 374
0
votes
1
answer
366
views
Attempting to block "wordpress" useragent is overloading CPU [duplicate]
I've had some DDoS issues - specifically the XML-RPC exploit (wordpress) wherein thousands on thousands of Wordpress instances attack my machine.
I have the following in my nginx server block:
...
- 9
1
vote
0
answers
40
views
netstats shows my own server is hitting a server its not supposed to know about
On AWS I have a few dedicated servers that do image processing, and they seem to get high traffic and fail.
When running
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
I ...
- 1,521
1
vote
0
answers
427
views
nginx stub status SPIKES "writing" for a few seconds, causing 504 error. Why?! Bad VPS neighbour?
I am using Apache and nginx as reverse proxy, with php5-fpm. The latest week we've been receiving the following error in nginx's error.log:
upstream timed out (110 connection timed out) while reading ...
0
votes
2
answers
2k
views
prevent from ddos attacks with nginx and apache (and haproxy?) [duplicate]
Sometimes i have ddos attacks on my server. I'm trying to prevent from this. I'm using Nginx to serve static content and as a reverse proxy and Apache to serve php applications.
When the attack ...
- 1
0
votes
1
answer
2k
views
NGINX not responding during DDoS attacks
I'm going to get straight to the point, NGINX doesn't seem to handle any HTTP requests during a DDoS attack using XML-RPC.
The server only uses about 1% of the CPU during an XML-RPC DDoS attack.
The ...
1
vote
1
answer
1k
views
Nginx limit_conn inheritance
I am trying to protect Drupal running on Nginx from simple DDoS with limit_conn and limit_req. But I encountered some strange behavior with inheritance of limit_conn directive which I cannot explain.
...
- 121
1
vote
2
answers
2k
views
High inbound and outbound network traffic
Over the last day or so, one of instances has had a large amount of bandwidth consumed. This means that we have nearly exceeded our allowance (roughly the same amount inbound and outbound).
Looking ...
- 153
0
votes
0
answers
2k
views
limit_req on nginx not working
Iam using Ubuntu server 14.04 with apache + nginx proxy over it.
I tried to set up limit_req in
/etc/nginx-sp/nginx-sp.conf
as this:
http {
limit_req_zone $binary_remote_addr zone=one:1m rate=...
- 101
-1
votes
1
answer
766
views
Too large 127.0.0.1 connections with nginx - apache2 [duplicate]
I use nginx as proxy-server apache2 and I have a problem with netstat output:
$ netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
5 109.195.36.169
6 109.195.33.205
8 194....
- 3
0
votes
0
answers
798
views
Make NGINX Block All Requests To Direct Server IP - Stop XML-RPC Attacks
Essentially, my website is being attacked by a layer 7 XML-RPC attack and is currently offline and has been offline so I am in need of desperate help.
Any assistance would be greatly appreciated :)!
...
- 1
0
votes
1
answer
3k
views
How to redirect to an other link when excess request (limit_req) with Nginx
I have been trying to limit the requests coming from a single IP address successful with module limit_req in Nginx. But now I want to redirect to an other web-page for showing some messages.How could ...
1
vote
3
answers
3k
views
My webserver is getting flooded with invalid requests
My webserver (nginx) keeps getting requests like this:
23.244.104.206 - - [15/Jun/2014:21:21:47 -0400] "GET http://ib.adnxs.com/ttj?id=2947236&size=300x250&cb={CACHEBUSTER}&referrer={...
- 15
-3
votes
1
answer
56
views
Is there a way on the server side to punish evil visitor? [closed]
For example an admin page that should not be visited unless with special cookie or query string token. The point being that anyone who tried and failed would likely be with bad intention. Or when the ...
- 151
2
votes
2
answers
2k
views
Protection against scrapping with nginx
This morning we had a crawler going nuts on our server hitting our site almost 100 times per second.
We'd like to add a protection for this.
I guess I'' have to use HttpLimitReqModule but I don't ...
- 151
5
votes
3
answers
567
views
Correct way to handle security threats to web server on budget [closed]
During our annual security review I was reminded of an incident earlier this year where we received a threat to our organizations web server. It was over a organization policy and threatened to DDoS ...
- 183
0
votes
1
answer
1k
views
How to protect Nginx from HULK DoS tool
There is a tool called HULK (Http Unbearable Load King). It's a web server denial of service tool. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching ...
- 39
3
votes
1
answer
3k
views
Nginx - Redirect request by GET parameters pattern
One of my servers was attacked by DDoS a couple of days ago and it lasted for 4 days. Below are the logs snippet of the request:
36.224.180.253 - - [14/May/2013:03:11:46 +0800] "GET //?f5b2fd2f860dc=...
- 39
2
votes
1
answer
3k
views
How do I drop "empty" HTTP packets using iptables? [duplicate]
I have a 1GB-VPS-hosted site running on Ubuntu 10.04 LTS. I am using nginx as the web server. The site has been running in a relatively stable configuration for three years, and handles about 4 ...
- 73
2
votes
3
answers
3k
views
Nginx and php-fpm fails with high load: "Possible SYN flooding on port 80" and "104: Connection reset by peer"
I have quite heavy loaded web server using:
Ubuntu server
nginx
php-fpm + apc
Yesterday something wierd happened with my server. It crashed and stopped responding and after I rebooted it, web pages ...
- 1,127
1
vote
1
answer
3k
views
Nginx: block requests to external URLs [closed]
I'm running a couple of web hosting servers with Directadmin. I'm running Apache as main web server with Nginx working as a proxy in front of it.
In order to keep Nginx "invisible" to Directadmin, I ...
- 983
-2
votes
2
answers
328
views
Nginx massive error.log, am I being DDOSed?
So I just opened up my Nginx error log as all my pages are throwing error code 500.
It's enormous, my site is still in development and their are well over 100k errors for resources Nginx was unable ...
- 683
1
vote
2
answers
3k
views
Varnish and Connection Flood (DoS - DDoS) [duplicate]
I've been playing around with the Varnish cache server and I got my webpage up lightning fast, it gets 97 Points in Google's Pagespeed and 100 @ Pingdom's. I used Varnish (proxies to nginx), NGINX (...
- 11
3
votes
2
answers
673
views
Ubuntu scalable nginx mongodb mongdb memcached server configuration [duplicate]
I have been building a PHP web application using the following techniques in the past 2 months:
PHP 5.3.4
MongoDB
MySql
I just got my dedicated server running Ubuntu 10.4 LTS x64 with the following ...
0
votes
1
answer
2k
views
Why is nginx taking so long to reply? [duplicate]
I'm under a DDOS attack right now, and the attacker has his zombies sending POST requests to one of my pages. At first, nginx replies in only a few seconds, but after a while it starts building up; ...
- 2,503
0
votes
2
answers
469
views
Locating Source of Inbound DDOS [duplicate]
Our web server (Nginx, MySQL, PHP) is presently being attacked by DDOS.
Outgoing traffic is normal (avg 563 kb/sec) but incoming traffic is what is eating up our 1gbit port (avg 800Mb/sec).
In the ...
- 239
2
votes
1
answer
38k
views
How to find the connection time-out value in linux?
I am setting up a nginx webserver with php-fpm and (d)dos deflate to ban attacks.
Now currently there is no traffic to my server at all, as i'm testing things.
With this command i can see who is ...
- 1,481
0
votes
1
answer
354
views
Very often database PostgreSQL for my webapp fails
I have web application like
Nginx (proxy) + Tomcat (backend) + PostgreSQL (database).
This web application is located on amazon free tier instance (http://aws.amazon.com/free/) and very often from 2 ...
- 103
0
votes
4
answers
879
views
How to set up notifications about server overload? [duplicate]
Possible Duplicate:
What tool do you use to monitor your servers?
How to get notified (preferably by email) when my webserver reaches certain amount of incoming requests? This way I'll be able to ...
- 1,319
2
votes
2
answers
854
views
DoS attack requesting single file on server, best way to overcome?
My server's currently being pounded by a large DoS, had to move away from Apache and push everything onto Nginx (rewrites are a nightmare!).
Sample from the access log:
186.92.86.149 - - [30/Nov/...
- 35
1
vote
2
answers
178
views
Visits from an ISP have 3x in two days, am I being DDoS?
My Google Analytics shows a very high increase of traffic from one ISP, being all unique visits coming from the same ISP and all of them using IE9/8/7/6. I'm getting 32% new (unique) visits, but now ...
- 135