I want to trace bot network traffic and block such traffic dynamically. How can I do this?
Are there applications that I can use for this on a semi-automatic basis, i.e. by configuring steps to take when bots are discovered?
Any tips on how bots work so I can learn how to prevent them from jamming my LAMP servers are highly appreciated.
Final solution will depend on what type of bots you want to block. If bots are attacking apache directly, then you will probably want to use
fail2ban. That's great tool for cases where bots are trying to bruteforce login page or something like that.
If you have some kind of DDoS, and especially if it is not targeted on application level, then you can use
iptables to limit connections to port per source IP basis. For example:
iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 10 -j REJECT --reject-with tcp-reset
This rule will drop reset connections from IP which number of connections is more than 10.