Bots

[Evonazya]

What is it ?

 

[djbaxter]

Look to see where they're coming from. Last time I saw that, it was a DDoS from Chinese site and we had to go to Cloudflare to block them.

Check the IP addresses at https://{yoursite.com}/online/

 

[bevans84]

Probably Hong Kong. Out of the Huawei cloud
Using Plesk, I just went into the Apache and Nginx settings for the domain and set up a custom block in Apache for
159.138.144.0/20
159.138.128.0/20 (If I shouldn't put these CIDR's in a post, please delete)

Apache memory use went back to normal quickly, although the proxyerror log started getting entries, they weren't objectionable and the bots gave up after a couple of days.
Using Apache with Nginx frontend.
Very aggressive botnet.

 

[djbaxter]

It could have been a lot worse. In the case I worked on, it wasn't just two IP or even two IP ranges. It was literally hundreds of IP addresses bombarding the site in a true DDoS.

Glad you were able to manage yours without resorting to Cloudflare.

 

[l3ta]

Had to block them, too. Was getting a lot of unwanted traffic out of Hong Kong:

Huawei Clouds 59.138.155.28 ecs-159-138-155-28.compute.hwclouds-dns.com

 

[bevans84]

It could have been a lot worse. In the case I worked on, it wasn't just two IP or even two IP ranges. It was literally hundreds of IP addresses bombarding the site in a true DDoS.

Oh, it was hundreds at the least. Between 159.138.128.0 and 159.138.159.255

 

[Eagle]

We can block (in fact, redirecting them to 403 forbidden) bots using the exact IP address inside the .htaccess file.

The following site definitely will help you. I'm using the same setup and its saving my server resource.

Create an Access Control List to Block Countries or Continents