Server being overloaded by flood attack

Question

I have a strong server, with 64GB Ram and amazing network and SSD for fast connections, but someone, I don't know why, is attacking my website, it seems that it is a script requesting my index.php page very often causing my MySQL unstable, even my server using a good hardware configuration. Check my logs file:

[Fri Nov 06 13:02:47.169346 2020] [proxy_fcgi:error] [pid 30232:tid 140367357691648] [client 164.68.100.114:35336] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.169560 2020] [proxy_fcgi:error] [pid 29914:tid 140366971922176] [client 164.68.100.114:33102] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.170482 2020] [proxy_fcgi:error] [pid 29692:tid 140364547610368] [client 164.68.100.114:2658] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.168929 2020] [proxy_fcgi:error] [pid 30229:tid 140366980314880] [client 164.68.100.114:40178] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.169336 2020] [proxy_fcgi:error] [pid 30229:tid 140366946744064] [client 164.68.100.114:2841] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.186088 2020] [proxy_fcgi:error] [pid 30229:tid 140367483582208] [client 164.68.100.114:39838] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.186853 2020] [proxy_fcgi:error] [pid 30229:tid 140367089354496] [client 164.68.100.114:2591] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.187609 2020] [proxy_fcgi:error] [pid 30229:tid 140367097747200] [client 164.68.100.114:2609] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.188884 2020] [proxy_fcgi:error] [pid 30229:tid 140366837704448] [client 164.68.100.114:3360] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.190061 2020] [proxy_fcgi:error] [pid 30229:tid 140366946744064] [client 164.68.100.114:2841] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.190768 2020] [proxy_fcgi:error] [pid 30230:tid 140367475189504] [client 164.68.100.114:3624] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.190043 2020] [proxy_fcgi:error] [pid 30230:tid 140366611199744] [client 164.68.100.114:40394] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.190882 2020] [proxy_fcgi:error] [pid 30230:tid 140366468523776] [client 164.68.100.114:40390] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.190880 2020] [proxy_fcgi:error] [pid 30229:tid 140367114532608] [client 164.68.100.114:3085] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.190894 2020] [proxy_fcgi:error] [pid 29692:tid 140364556003072] [client 164.68.100.114:33944] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.190051 2020] [proxy_fcgi:error] [pid 30230:tid 140366544058112] [client 164.68.100.114:40392] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.190914 2020] [proxy_fcgi:error] [pid 30229:tid 140365092873984] [client 164.68.100.114:33844] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.188394 2020] [proxy_fcgi:error] [pid 30230:tid 140366493701888] [client 164.68.100.114:40396] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.191808 2020] [proxy_fcgi:error] [pid 30229:tid 140365076088576] [client 164.68.100.114:40402] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.190599 2020] [proxy_fcgi:error] [pid 30230:tid 140366560843520] [client 164.68.100.114:40386] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.190959 2020] [proxy_fcgi:error] [pid 30230:tid 140366577628928] [client 164.68.100.114:40388] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.192573 2020] [proxy_fcgi:error] [pid 30229:tid 140367466796800] [client 164.68.100.114:60224] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'
[Fri Nov 06 13:02:47.193573 2020] [proxy_fcgi:error] [pid 30229:tid 140366846097152] [client 164.68.100.114:60192] AH01071: Got error 'PHP message: PHP Warning:  mysqli::__construct(): (08004/1040): Too many connections in /var/www/master/database.php on line 19\n'

How I supposed to block this? Analyzing the logs deeply, all requests are made on HEAD method. If I block HEAD request for my website, I will have any problem or issue with Google bots, for example? I dont know if this is a solution, seems to be a trick. Also, I am using Cloudflare and this attacks persists. What should I do?

Thank you.

Answer 1

Fail2ban might be a good option to watch the apache access LOG for unusual amounts of HEAD requests in a given period of time and create a temporary block in iptables firewall.

Jay Ta'ala has an article on his website that provides information on how to configure fail2ban for watching apache log files.