# Apache spam attack (high database CPU usage)



## yagokurt (Oct 27, 2015)

Hello everybody, I have an webserver who is getting a small access spam and this is affecting my external database making it frozen all services who access this database. Have something I can do to make it less dangerous, a configuration on www/apache24 or something on the database to filter too many connection from this other server. If any other information needed just ask me.

PS.: I have a lack of knowledge on FreeBSD


----------



## SirDice (Oct 27, 2015)

Could you define "small access spam"? Normally the plethora of bots scanning systems shouldn't impact the database. Unless there's something really weird with your setup.

The most obvious recommendation is to configure a firewall. On the webserver (to filter said spam) and on the database server (to prevent unauthorized access).


----------



## yagokurt (Oct 27, 2015)

Small access spam I mean he have a lot of bots accessing a page on my website who have around 3 mysql querys. And it was lagging my database and making my main server use 100% CPU. But a friend apply a fix for me on my code generating a cache and making it avoid to spam my database.


----------



## derwood (Oct 28, 2015)

I had this problem a long time ago too.  There's a couple of things you could do to mitigate the attack.

There is a mod_dnsbl plugin for Apache that will do the job.  You will have to set up a list of IP addresses.  You can probably pull that from the access logs.  Or you could set up your own DNS blacklist with BIND.  Either way you'll need the mod_dnsbl plugin. 

It's located here:   http://software.othello.ch/mod_dnsbl/ 

I don't believe it's in the ports collection, but it can still be compiled and installed alongside Apache.


----------

