Recent content by ES Dev Team

I like to refer to this as a free vulnerability scan, provided by independent and state sponsored hackers. They always go after wordpress first because that's like 60% of the internet. I have seen scans such as these try to pick up database/file backups in the root folder, which i see most...

That's what i'm experiencing too. But it's slower to tail off. It might be because my 'members online timeout' is set higher than theirs. Wonder if other cloudflare users also experience this periodic blast.

Wish i didn't run an international forum at this point 🥲 Looks like Xenforo.com is getting hit. This reminds me of my last night.

Looks like it's mostly died down. Found a recent article about one of these residential proxy botnets and how google took one of them down: https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network

We have enormous guest amounts now ( 7.7k ) but only 50-100 tcp/ip ports being used. Last night i saw up to 17k and the tcp/ip ports being used was 1800+ ( apache starts choking at 1000/sec with ) So yeah last night's rush was a different kind of traffic..

I got hit with a mega-wave last night.. they kept consuming all my tcp/ip ports ( my current limit is 2048, double the linux default ).. i kept the site online for others only by restarting apache repeatedly. The blast lasted 15 minutes and it totally cut through my protection. I'm not sure if...

If your cpu/mem is not maxing out then you need faster hardware. If your bandwidth is not saturated then you have an TCP/IP socket limit. Linux is by default set to have a maximum of ~1000 connections, so defaults are going to be too low and the site will choke from that alone. If that's not the...

You can use fail2ban for protection and not need cloudflare. It works, i've ran it for years and it's about equivalent, just needs more curation. You can use a reverse proxy over SSH to bounce one website off another. You could also use this to route a VPN you control over SSH. In fact you can...

Nah, i run my own ubuntu server on AWS and use fail2ban, which uses IPtables for banning ( very fast ) I use .htaccess because it's easy and it can send hints to fail2ban.

Thank you so much. Very useful I recently learned the WHOIS command in linux to get IP blocks and it's helped me put together lists more rapidly than using a program that analyzes fail2ban's banlists. This is more powerful. You know, this isn't a bad idea. You get the strengths of both engines...

How do you do it? I of course have these agent strings banned but bytedance bots since last night are not identifying themselves as a bot in the browser string. And a few new IP address ranges appeared while i was sleeping, so i didn't catch it. I use apache .htaccess to ban those ranges, then...

Found more and it looks like these bots saturated the available tcp/ip ports numerous times last night.. #bytedance bots - unlabeled 01/25/2026 - DS Deny From 45.78.192.0/18 Deny From 101.47.0.0/18 Deny from 101.47.112.0/20 Deny from 101.47.128.0/17

Just had a bot attack from bytedance that consumed all the tcp/ip ports. They have an enormous network and were just repeatedly slamming the share button or refreshing the home page. Fixed with: #bytedance bots - stealth 01/25/2026 - DS Deny From 45.78.192.0/18

On a lot of sites i manage the hosting for, i've noticed that there's someone trying do a slow_loris attack of sorts to consume the server's available TCP/IP ports. On most linux servers, this defaults to 1000 available ports, so it's easily exhausted before CPU is. Can you SSH into this...

I see this issue occasionally. Hopefully the move to tiptap fixes this.