• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue 600 requests in one second: How to prevent this attack

ahoi

Basic Pleskian
Hello everybody,

one of my servers is facing recurring "attacks" like this:


Bash:
/var/log/nginx/access.log
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /backup HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /newsite HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET / HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /old HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /test HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /wordpress HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /wp HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /cms HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /main HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /blog HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /new HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /dev HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /cms HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /new HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /blog HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /backup HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /dev HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /dev HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /main HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /newsite HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /cms HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /backup HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET / HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /wp HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET /old HTTP/1.1" 301 162 "-" "-"
46.xx.138.xx - - [19/Aug/2021:02:49:16 +0200] "GET / HTTP/1.1" 301 162 "-" "-"

I truncated the full logs, but altogether there are more than 1000 requests made in one or two seconds.

I am thinking about some rate-limiting using iptables, but maybe Plesk is already providing something built-in which I did not found out yet?

Love to get some advice :)
 
Back
Top