http://imil.net/blog/tags/ddos/ Recent content in DDoS on iMil.net Hugo en-us Sat, 21 Mar 2020 07:01:41 +0100 http://imil.net/blog/posts/2020/http-flood-drop-with-nginx/ Sat, 21 Mar 2020 07:01:41 +0100 http://imil.net/blog/posts/2020/http-flood-drop-with-nginx/ <p>The other day at <code>${DAYWORK}</code> we got hit by a simple yet efficient <em>DDoS</em> attack, basically, there were lots of regular <code>HTTP</code> queries with a specific query parameter but using either <code>GET</code>, <code>POST</code> or <code>HEAD</code> methods:</p> <pre tabindex="0"><code>www.customer.com:443:80 174.76.48.233 - - [19/Mar/2020:17:26:11 +0000] &#34;POST /?=Best_HTTP_Flooder_For_FREE_by_PassDDoS&amp;9716 HTTP/1.0&#34; 200 62861 &#34;http://validator.w3.org/feed/check.cgi?url=https://www.customer.com&#34; </code></pre><p>Fortunately, the parameter was always the same, and as we use an <a href="https://nginx.org">nginx</a> reverse proxy farm in front of our customer&rsquo;s websites, we could deploy this simple trick in order to get rid of the attack:</p>