Skip to Main Content

DDoS

View DateLast View DateFirst View DateScoreNPage Id NIp StartIp Address 1Ip Address 2Ip Address NAgentAgent NBot Pk IdBot TypeIp FromIp ToInfo SourceUser Agent RegexDescription
2025-07-052025-07-05 16:57:012025-07-05 14:08:000.017269114.203.114.203.***.***114.203.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.361
2025-07-032025-07-03 13:50:522025-07-03 08:30:210.01533395.179.95.179.***.***95.179.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.361
2025-07-022025-07-02 21:44:582025-07-02 03:00:442.011838162.120.162.120.***.***162.120.***.***27Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.367
2025-07-012025-07-01 14:59:032025-07-01 14:26:440.01375945.234.45.234.***.***45.234.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.361
2025-06-262025-06-26 21:40:562025-06-26 15:45:101.0778223.234.23.234.***.***23.234.***.***1Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.3613
2025-06-262025-06-26 13:12:502025-06-26 05:09:450.013840106.51.106.51.***.***106.51.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.361
2025-06-252025-06-25 20:20:322025-06-25 02:37:232.019347162.120.162.120.***.***162.120.***.***24Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.362
2025-06-232025-06-23 21:41:142025-06-23 21:39:462.0158145.134.45.134.***.***45.134.***.***1Mozilla/5.0 (Linux; Android 4.4.2; LG-V410 Build/KOT49I.V41010d) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.103 Safari/537.362
2025-06-232025-06-23 18:50:372025-06-23 18:48:492.01001178.249.178.249.***.***178.249.***.***1Mozilla/5.0 (Linux; Android 12; Pixel 4a) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.61 Mobile Safari/537.362
2025-06-212025-06-21 04:29:012025-06-21 04:26:322.01031185.65.185.65.***.***185.65.***.***1Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.362
  • 1 - 10 of 10

Info

DDoS attacks (or Brute Force attacks or other bot-related behavior that amounts to the same thing) are becoming a bit of a problem for my server.
Thousands of requests per hour are too much for my modest setup, so I had to take some measures.
So I created a query to find suspicious IP addresses and/or User Agents using apex_workspace_activity_log. See the code below - I hid the complete IP addresses for privacy reasons.
If I identify an attack, I can add a "rewrite rule" to Apache (on my proxy server) to block an IP range or User Agent. More info on that here and here.

This is not ideal of course. A problem has to arise first, before I can act. But it's better than doing nothing.
I should look into other measures like Mod_evasive, Mod_security, Fail2ban, etc., but for now this sort of works.

Update May 2023:
Things were getting out of hand, so I installed ModSecurity on my Apache reverse proxy server (Apache 2.4 on AlmaLinux 8).
That turned out to be quite simple (after a few hours of trying all sorts of cookbooks that did not work...). Here's what I did:
You will need to deactivate ModSecurity from any machine/subnet that is allowed to use Apex Builder. Otherwise saving anything in the Apex Builder will result in a 403 error.
In my case I need to do this for IP 192.168.2.254, which is my internal router address. You can check the log here: And to check if it all works, perform an "illegal" request: which should return:

Code

Page

Identification
Page ID
Name
Page Alias

Region

Identification
Sequence
Title
Type
Source
Source Type
Region Source

View

View
Name
DDL