I have a running apache server and I notice that the load of the server is quite HIGH. I just discovered that there are lots of GET query on the access log. It seems there are 5-10 get every seconds and this came from different ip address. I tried to put iptables and put the ff:
Code:
iptables -N syn_flood
iptables -A INPUT -p tcp --syn -j syn_flood
iptables -A syn_flood -m limit --limit 1/s --limit-burst 3 -j RETURN
iptables -A syn_flood -j DROP
iptables -I INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -m recent --set -j ACCEPT
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP
This work but the access on the apache also slows down.
Any suggestions on this brute force attack?