Blocking multiple hits from same IP

[Demon]

I've got a site which from time to time gets mass hits from an IP, I'm talking hundreds of hits in a few seconds. The problem is this site runs on a crappy custom script which according to my host is the cause of the problem as it searches through the entire mysql database whenever a query is made (something like that), which in turn overloads the CPU causing downtime.

Anyway until I get a coder to work on the script is there any way I can stop this from happening? Whenever this happens it basically cripples my server for minutes at a time. And it happens again and again from different IPs, so blocking them in htaccess doesn't really solve the problem.

Is there any way the server can block an IP automatically once it makes too many requests in a given time period?

 

[imkazu]

you could put the following code in your site's .htaccess file
Comprehensive guide to .htaccess- Deny users by IP

also, if you are on a dedicated server, you could block the IPs altogether by putting it into /etc/hosts.deny

 

[Demon]

Did you even read my post? I know how to block IPs in htaccess. That wasn't what I was asking. To quote myself again, "Is there any way the server can block an IP automatically once it makes too many requests in a given time period?"

 

[justo_tx]

1. Monitor visitor requests when a new session is started.
2. If too little time between requests and not on approved whitelist (googlebot, et al.) add them to a black list
3. Custom HttpHandler to check the blacklist before processing the request, boot or 404 if on black list.

I don't know what the equivalent of a HttpHandler is in the non-.NET world but you could just as easily run the check on load without a handler.

 

[LeapswitchIshan]

If you are on a vps/dedicated server , install CSF or DDOS Deflate. Both monitor number of connections per IP at a set frequency, and block IPs which are above the threshold.

If it a shared server, I would be surprised if no such protection has been installed.

 

[Demon]

Thanks guys, will ask my host to set one of them up. Question: if these simple measures block dos attacks then why do dos attacks still happen effectively?

 

[LeapswitchIshan]

Thanks guys, will ask my host to set one of them up. Question: if these simple measures block dos attacks then why do dos attacks still happen effectively?

1. A Large DDOS attack can use up the CPU of your server rendering your firewall ineffective.

2. Massive DDOS attacks can choke up an entire network, they can cause routers to fail , they can cause more incoming traffic than you have the capacity to handle.

 

[justo_tx]

Are you worried about DDOS or about competitors scraping your site?

 

[imkazu]

ops, read your title and first line and thought I knew the solution
Are you getting mass hits from a single IP, or mass hits from various IPs ? wasn't quite sure.

If its the later, I'd actually contact your hosting company as it sounds like you are being DDOSed;

Your developer is prob working on it already, but to reduce your DB load, try installing memcache and use ob_flush() to cache data ... and revisit your db structure and normalize it

 

[pstation]

Incredibly easy for those of us using IIS

 

[cheshire]

CSF + LFD.