Trace bot traffic to its origin

I want to trace bot network traffic and block such traffic dynamically. How can I do this?

Are there applications that I can use for this on a semi-automatic basis, i.e. by configuring steps to take when bots are discovered?

Any tips on how bots work so I can learn how to prevent them from jamming my LAMP servers are highly appreciated.

Thanks

Replay

Final solution will depend on what type of bots you want to block. If bots are attacking apache directly, then you will probably want to use fail2ban. That's great tool for cases where bots are trying to bruteforce login page or something like that.

If you have some kind of DDoS, and especially if it is not targeted on application level, then you can use iptables to limit connections to port per source IP basis. For example:

iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 10 -j REJECT --reject-with tcp-reset

This rule will drop reset connections from IP which number of connections is more than 10.

Category: linux Time: 2016-07-30 Views: 1
Tags: linux security

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development

search

Front-end development

Database

development tools

Open Platform

Javascript development

.NET development

cloud computing

server

Copyright (C) avrocks.com, All Rights Reserved.

processed in 0.148 (s). 12 q(s)