"mod_reqtimeout" and "mod_antiloris"

[xoox]

What is the difference between "mod_reqtimeout" and "mod_antiloris"
I noticed that I have both and I'm looking for something to protect against attacks

I saw
http://help.directadmin.com/item.php?id=302

But I do not know what to do and what to choose

 

[scsi]

What sort of attacks? These only help with slowloris attacks.

 

[xoox]

DDOS attacks?

When I enter the address
http://MYDOMAIN/server-status

I see every time you try to attack the server with a large opening of the same page of the same number of IP

17-0	16785	0/1/4925	W 	0.02	3	0	0.0	0.00	55.08 	195.154.126.199	www.DOMAIN1.com	GET /wp-login.php HTTP/1.0
18-0	16640	0/24/5036	W 	1.11	4	0	0.0	0.05	146.97 	195.154.126.199	www.DOMAIN1.com	GET /wp-login.php HTTP/1.0
19-0	16720	0/2/5010	W 	1.12	2	0	0.0	0.00	68.04 	195.154.126.199	www.DOMAIN1.com	GET /wp-login.php HTTP/1.0
20-0	16373	0/37/4793	W 	1.24	0	0	0.0	0.10	42.70 	195.154.126.199	www.DOMAIN1.com	GET /wp-login.php HTTP/1.0
21-0	16786	0/0/5330	W 	2.12	8	0	0.0	0.00	88.90 	195.154.126.199	www.DOMAIN1.com	GET /wp-login.php HTTP/1.0
22-0	16642	0/26/5111	W 	1.19	1	0	0.0	0.08	369.01 	195.154.126.199	www.DOMAIN1.com	GET /wp-login.php HTTP/1.0
23-0	16374	71/83/4913	K 	0.18	8	0	471.1	0.74	86.37 	46.120.103.249	www.DOMAIN2.com	GET /pic/img/small_2108.jpg HTTP/1.1
24-0	16787	25/25/4856	K 	0.08	5	0	52.5	0.05	66.59 	85.130.201.233	www.DOMAIN2.com	GET /news/images/news1.gif HTTP/1.1
25-0	16788	0/0/4768	W 	1.11	7	0	0.0	0.00	78.22 	195.154.126.199	www.DOMAIN1.com	GET /wp-login.php HTTP/1.0
26-0	16789	0/0/4725	W 	0.28	7	0	0.0	0.00	78.65 	195.154.126.199	www.DOMAIN1.com	GET /wp-login.php HTTP/1.0
27-0	16644	0/26/4832	_ 	1.36	0	16867	0.0	0.03	86.91 	195.154.126.199	www.DOMAIN1.com	GET /wp-login.php HTTP/1.0

If I'm not blocking the address 195.154.126.199 in IPTABLES
So it is tens of connections and disables the server

 

[DirectAdmin Support]

Hello,

That's an attack on WordPress.
I believe, by default, WordPress does not have any sort of failed login counters... so this attack is doing a brute force login attack on the WordPress login page.

Either way, block that IP.
Also setup an .htaccess or 3rd party WordPress module to restrict the wp-login.php to only your own IP.

John

 

[xoox]

Hello,

That's an attack on WordPress.
I believe, by default, WordPress does not have any sort of failed login counters... so this attack is doing a brute force login attack on the WordPress login page.

Either way, block that IP.
Also setup an .htaccess or 3rd party WordPress module to restrict the wp-login.php to only your own IP.

John

This problem in wordpress site that is client server that stores website
I can not install and explain to each client that will change the files in his site

How can I limit the amount of connections per user on the server?
And how can I fix it it would block future attacks?

It is not normal to have all the time wait for the installation and enter the same IP number for IPTABLES
It requires me to be 24 \ 7 to the server

 

[xoox]

????? Help ?????

 

[nobaloney]

Shouting will only annoy people; it will not get you help any faster.

If you don't want to tell your clients how to solve their problems, or to help them solve it for you then the only approach you have left is to protect your server. Firewall it. If you don't want to set up each IP# manually, then use a reactive firewll such as CSF for linux; see these forums or Google for more information.

Jeff