Mitigating a DoS attack with GoAccess and Cloudflare
In this off-topic post, I’m going to discuss some behind-the-scenes “fun” that may happen when managing the web server used to host the CNX Software website. From time to time, the server becomes unreachable, but I can still access its console, and notice a very high CPU load (over 100) on a VPS with four cores, while the CPU load is typically 0.5 to 2 under normal circumstances.
That’s usually due to a DoS (denial of service), DDoS (distributed denial of service), or some bug I can’t identify. An easy way to solve this issue is to log in to Cloudflare and set the “Under Attack Mode” to on.
It will show all visitors a JavaScript challenge the first time they visit the website, and the CPU usage typically drops back to normal level within a minute or so. That means I can access my website and so do regular visitors. It’s now without drawback though, as the RSS feed won’t work anymore, and some browsers seem to have some issues with the JavaScript challenge going into a loop. So I typically turn it on temporarily for a few hours until the (D)DoS attack is gone.
In the case of a DoS attack where one or only a few hosts may be the cause of the high CPU usage, as opposed to a DDoS where many hosts are involved, it’s also possible to use GoAccess open-source web analytics application. to monitor the IP addresses with lots of requests. In a Ubuntu/Debian server, it can be installed as follows:
/cdn.vox-cdn.com/uploads/chorus_asset/file/23951293/STK087_VRG_Illo_N_Barclay_7_bitcoin.jpg)
