Skip to Main Content

DDoS

View DateLast View DateFirst View DateScoreNPage Id NIp StartIp Address 1Ip Address 2Ip Address NAgentAgent NBot Pk IdBot TypeIp FromIp ToInfo SourceUser Agent RegexDescription
2023-12-072023-12-07 20:44:452023-12-07 20:02:070.02026585.75.85.75.***.***85.75.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.361
2023-12-062023-12-06 23:54:442023-12-06 00:00:362.02845366.249.66.249.***.***66.249.***.***15GoogleOther4
2023-12-062023-12-06 14:39:052023-12-06 12:46:580.01183341.110.41.110.***.***41.110.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.361
2023-12-042023-12-04 23:42:442023-12-04 00:08:072.02853152.167.52.167.***.***52.167.***.***50Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; MicrosoftPreview/2.0; +https://aka.ms/MicrosoftPreview) Chrome/100.0.4896.127 Safari/537.362
2023-12-032023-12-03 19:51:082023-12-03 04:46:021.025879186.150.186.150.***.***186.150.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.362
2023-11-302023-11-30 10:22:542023-11-30 10:09:090.01352249.37.49.37.***.***49.37.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.361
2023-11-292023-11-29 22:29:012023-11-29 21:59:200.012353195.234.195.234.***.***195.234.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.361
2023-11-272023-11-27 23:57:512023-11-27 00:06:362.03854666.249.66.249.***.***66.249.***.***11GoogleOther3
2023-11-272023-11-27 20:21:362023-11-27 20:10:540.015261197.133.197.133.***.***197.133.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.361
2023-11-272023-11-27 13:40:022023-11-27 13:27:320.021883196.204.196.204.***.***196.204.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.361
  • 1 - 10 of 19

Info

DDoS attacks (or Brute Force attacks or other bot-related behavior that amounts to the same thing) are becoming a bit of a problem for my server.
Thousands of requests per hour are too much for my modest setup, so I had to take some measures.
So I created a query to find suspicious IP addresses and/or User Agents using apex_workspace_activity_log. See the code below - I hid the complete IP addresses for privacy reasons.
If I identify an attack, I can add a "rewrite rule" to Apache (on my proxy server) to block an IP range or User Agent. More info on that here and here.

This is not ideal of course. A problem has to arise first, before I can act. But it's better than doing nothing.
I should look into other measures like Mod_evasive, Mod_security, Fail2ban, etc., but for now this sort of works.

Update May 2023:
Things were getting out of hand, so I installed ModSecurity on my Apache reverse proxy server (Apache 2.4 on AlmaLinux 8).
That turned out to be quite simple (after a few hours of trying all sorts of cookbooks that did not work...). Here's what I did:
You will need to deactivate ModSecurity from any machine/subnet that is allowed to use Apex Builder. Otherwise saving anything in the Apex Builder will result in a 403 error.
In my case I need to do this for IP 192.168.2.254, which is my internal router address. You can check the log here: And to check if it all works, perform an "illegal" request: which should return:

Code

Page

Name
Page ID
Name
Page Alias

Region

Identification
Sequence
Title
Type
Source
Source Type
Region Source

View

View
Name
DDL