Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
cpu from 13% to 100% in one minute Question Question
Why are snapshots so slow Question Question

Question

How to prevent bot attack?

Posted July 8, 2015 14.9k views
UbuntuApacheServer OptimizationSecurityDigitalOceanFirewallLogging

Hi,

My server encounter serious problem now.
I don’t know how they get my server ip address, but there are many bots that attacking my server by requesting page that i dont have it.

This causing my storage full 100% by apache logs (error.log and access.log), and making my server not responding.

I already set rotatelog on apache, but still after a few days i have to remove it manually to prevent storage full.

This droplet is for our internal dev server, we don’t publish the ip address anywhere.
The droplet has just been created for 1 month ago, and a few days after the droplet is up, the bots started attacking it

I’m guessing that my server using a “used” ip address by another droplet (that been drop / deleted). So when my server up, they started attacking it again.

So anyone know how to prevent this? Especialy from DigitalOcean.
I don’t want to use script to automatic delete the log files. Because this bots also slowing down the server. Sometimes apache reached maxrequest, while noone of us accessing it.

I’m thinking of removing this droptlet and create new one. And hoping that i will get “new” ip address that bots doesn’t know it yet.

Regards

Add a comment
vandai
By:
vandai

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
cpu from 13% to 100% in one minute Question Question
Why are snapshots so slow Question Question
Add a comment
3 comments
  • webdevguru July 8, 2015
    Reply Report

    If you re-deploy in the same region, you most likely will get the same IP again

  • micalm July 8, 2015
    Reply Report

    Changing IPs won’t do anything - those attacks are targeting whole networks or randomize. The best you can do is block their IPs on your firewall or filter requests with specific (e.g. empty) user agents.

  • jba July 16, 2015
    Reply Report

    The first two comments address your IP question… the bots are probably targeting the entire network.

    A new company I have seen around named webiron (webiron.com) looks like they have an automated security solution for you. I saw them posting bot info on twitter (@webironbots) and they seem to be right up your alley.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
jonaharagon July 17, 2015

If this hasn’t been solved yet: You could try using Cloudflare. Cloudflare will block lots of spam such as DoS/DDoS attacks. It also has a Firewall you can set manually, so if you know the IP addresses of the bot(s) you can just block them without them even touching your servers.

You can set up firewall applications on your server as well, but using Cloudflare will let their servers take the brunt of the attack, so it never even reaches you.

If you’re set on the IP changing, you need to switch regions to do that (even just switching from NYC3 to NYC2, for example), or else you’ll just get the same IP under normal circumstances. Read: https://www.digitalocean.com/community/tutorials/how-to-migrate-digitalocean-snapshots-between-regions

Reply Report
sajeer5037edce7 May 22, 2017

Hi you can block the bots From Apache2 /etc/apache2/sites-available/default
Below I mentioned 

<Directory /var/www/html>
        #Header set Access-Control-Allow-Origin "*"
        BrowserMatchNoCase "Baiduspider" bots
        BrowserMatchNoCase "HTTrack" bots
        BrowserMatchNoCase "Yandex"  bots
        BrowserMatchNoCase "AhrefsBot" bots
        BrowserMatchNoCase "exabot"  bots
        BrowserMatchNoCase "MJ12bot" bots
        BrowserMatchNoCase "dotbot"  bots
        BrowserMatchNoCase "gigabot" bots
        BrowserMatchNoCase "Visbot" bots
        BrowserMatchNoCase "SemrushBot" bots
        BrowserMatchNoCase "SpammerRobot" bots
        BrowserMatchNoCase "SecurityHoleRobot" bots

        Options Indexes FollowSymLinks

        AllowOverride none
        Order allow,deny
        Allow from all
        Deny from env=bots
        Require all granted
Reply Report

Related

Looking for something else?

Ask a new question Search for more help