You might have realized in the past days that 4sysops was unreachable sometimes. There have been content spam attacks from countless different machines resulting in DDOS (Distributed Denial of Service).
- OpenVPN IPv6 and IPv4 configuration - Mon, Mar 1 2021
- 4sysops author and member competition 2020 - Fri, Jan 1 2021
- Assign an IPv6 address to an EC2 instance (dual stack) - Tue, Dec 15 2020
4sysops runs on a tiny dedicated Linux server that is powerful enough to manage normal traffic, but gets overloaded as soon as these attacks start. Usually this lasts from 30 to 60 minutes. There are numerous accesses per second from different IPs during this time. Sometimes, even Apache crashes, i.e. 4sysops is unreachable even after the attack. The server runs with the default configuration of SuSE 10.0.
I don't have much time at the moment to deal with this problem. I could only take some simple steps against the DDOS attacks. It improved the situation a little. At least, Apache won't crash anymore.
I reduced the KeepAliveTimeout and installed the mod_evasive module for Apache. Mod_evasive helps in some cases with DOS attacks. I also installed the Bad Behavior plugin and the WP-cache plugin for WordPress. The latter just improves the performance.
I considered working with packet string-matching of iptables to block the attacks at the firewall before Apache gets involved. However, it seems that SuSE forgot to include this extension in the 10.0 version. This worked fine with SuSE 9. I guess, I have to compile a new kernel to get this working.
Subscribe to 4sysops newsletter!
Please, let me know if you have better ideas. I am not a Linux geek. I suppose, there are plenty of other countermeasures possible. I apologize to those who can't access the site during the attacks for the inconvenience. Please just come back later. Usually, it works again, at least after an hour or so