Skip to Main Content
View DateLast View DateFirst View DateScoreNPage Id NIp StartIp Address 1Ip Address 2Ip Address NAgentAgent NBot Pk IdBot TypeIp FromIp ToInfo SourceUser Agent RegexDescription
2024-11-082024-11-08 19:35:052024-11-08 13:12:181.02388557.141.57.141.***.***57.141.***.***30meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)1
2024-11-072024-11-07 15:53:202024-11-07 07:16:321.02026357.141.57.141.***.***57.141.***.***30meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)1
2024-11-072024-11-07 11:51:122024-11-07 09:46:440.01386291.142.91.142.***.***91.142.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.361
2024-11-062024-11-06 15:55:432024-11-06 05:19:411.01457957.141.57.141.***.***57.141.***.***30meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)1
2024-11-062024-11-06 11:45:022024-11-06 11:04:280.010035186.200.186.200.***.***186.200.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.361
2024-11-052024-11-05 17:03:372024-11-05 16:42:360.013350185.51.185.51.***.***185.51.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.361
2024-11-052024-11-05 15:30:112024-11-05 10:14:411.01156357.141.57.141.***.***57.141.***.***29meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)1
2024-11-042024-11-04 23:59:482024-11-04 00:04:492.06014452.167.52.167.***.***52.167.***.***52Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; MicrosoftPreview/2.0; +https://aka.ms/MicrosoftPreview) Chrome/100.0.4896.127 Safari/537.362
2024-11-042024-11-04 17:40:082024-11-04 10:28:141.01426657.141.57.141.***.***57.141.***.***30meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)1
2024-11-032024-11-03 18:29:362024-11-03 09:30:380.011640178.44.178.44.***.***178.44.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 YaBrowser/24.10.0.0 Safari/537.361
  • 1 - 10 of 15

Info

DDoS attacks (or Brute Force attacks or other bot-related behavior that amounts to the same thing) are becoming a bit of a problem for my server.
Thousands of requests per hour are too much for my modest setup, so I had to take some measures.
So I created a query to find suspicious IP addresses and/or User Agents using apex_workspace_activity_log. See the code below - I hid the complete IP addresses for privacy reasons.
If I identify an attack, I can add a "rewrite rule" to Apache (on my proxy server) to block an IP range or User Agent. More info on that here and here.

This is not ideal of course. A problem has to arise first, before I can act. But it's better than doing nothing.
I should look into other measures like Mod_evasive, Mod_security, Fail2ban, etc., but for now this sort of works.

Update May 2023:
Things were getting out of hand, so I installed ModSecurity on my Apache reverse proxy server (Apache 2.4 on AlmaLinux 8).
That turned out to be quite simple (after a few hours of trying all sorts of cookbooks that did not work...). Here's what I did:
You will need to deactivate ModSecurity from any machine/subnet that is allowed to use Apex Builder. Otherwise saving anything in the Apex Builder will result in a 403 error.
In my case I need to do this for IP 192.168.2.254, which is my internal router address. You can check the log here: And to check if it all works, perform an "illegal" request: which should return:

Code

Page

Identification
Page ID
Name
Page Alias

Region

Identification
Sequence
Title
Type
Source
Source Type
Region Source

View

View
Name
DDL