0

Our hosting is set up on Amazon EC2 servers, which have been performing great. The problem we run into are spikes in requests for invalid URLs from scripts/bots looking for security holes. When these URLs are queried, they are obviously not cached, requiring more resources. This will slow our site to a crawl and has even made servers unstable to the point apache couldn't be stopped and we needed to reboot.

I've done some research and found a good thread on solving this problem. Unfortunately, it doesn't seem like a perfect solution.

We need something that will replicate bans across servers. We also need the ability for the process to be automated (not having to create manual URL Rewrites).

Here's the solution I'm envisioning:

  1. Add php error_log() command on Magento soft 404 pages
  2. Use fail2ban (or similar) to monitor the error_logs and ban offending IPs
  3. Add rules to a Network ACL on AWS for a VPC (to minimize machine load and distribute bans to all machines in cluster)

Step 1 & 2 aren't too complicated. I'm lost on step 3. Does anybody have guidance on applying the ban rules to multiple servers?

iJeep
  • 119
  • 5

1 Answers1

1

You need dedicated DDOS and SymFlood software, it is not something you want to do yourself. Obviously you have CloudFlare & Incapsula which is the simple approach. We work on servers from consultants who work with AWS and other tools to do this on clusters, it really depends on the level of your site (ie. revenue & visitors) which determines the approach that is suitable. You can do it yourself but the people running these bots are stupidly smart so you need equally smart software to mitigate, and that is not something you want to spend 24x7 maintaining. We use third party tools via via as the ROI implementing it yourself is incredibly low.

Serpyre
  • 111
  • 2