Skip to Main Content

DDoS

View DateLast View DateFirst View DateScoreNPage Id NIp StartIp Address 1Ip Address 2Ip Address NAgentAgent NBot Pk IdBot TypeIp FromIp ToInfo SourceUser Agent RegexDescription
2025-09-092025-09-09 09:59:392025-09-09 06:10:202.022414734.174.34.174.***.***34.174.***.***3Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.362
2025-09-082025-09-08 21:45:552025-09-08 00:10:282.01143966.249.66.249.***.***66.249.***.***15Google6
2025-09-082025-09-08 16:59:302025-09-08 01:49:432.015011734.174.34.174.***.***34.174.***.***2Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.362
2025-09-062025-09-06 16:47:422025-09-06 00:51:352.077918434.174.34.174.***.***34.174.***.***11Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:139.0) Gecko/20100101 Firefox/139.05
2025-09-052025-09-05 23:28:342025-09-05 10:56:472.028515734.174.34.174.***.***34.174.***.***4Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.362
2025-09-052025-09-05 21:57:572025-09-05 08:56:222.017154193.186.193.186.***.***193.186.***.***5Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.362
2025-09-032025-09-03 02:06:062025-09-03 02:04:092.03871174.170.174.170.***.***174.170.***.***1Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.3613
2025-08-282025-08-28 18:23:402025-08-28 17:54:070.014431168.90.168.90.***.***168.90.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.361
2025-08-282025-08-28 15:50:022025-08-28 08:06:240.02305586.144.86.144.***.***86.144.***.***1Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 Edg/139.0.0.01
2025-08-262025-08-26 23:53:252025-08-26 05:13:552.012142162.120.162.120.***.***162.120.***.***27Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.364
  • 1 - 10 of 17

Info

DDoS attacks (or Brute Force attacks or other bot-related behavior that amounts to the same thing) are becoming a bit of a problem for my server.
Thousands of requests per hour are too much for my modest setup, so I had to take some measures.
So I created a query to find suspicious IP addresses and/or User Agents using apex_workspace_activity_log. See the code below - I hid the complete IP addresses for privacy reasons.
If I identify an attack, I can add a "rewrite rule" to Apache (on my proxy server) to block an IP range or User Agent. More info on that here and here.

This is not ideal of course. A problem has to arise first, before I can act. But it's better than doing nothing.
I should look into other measures like Mod_evasive, Mod_security, Fail2ban, etc., but for now this sort of works.

Update May 2023:
Things were getting out of hand, so I installed ModSecurity on my Apache reverse proxy server (Apache 2.4 on AlmaLinux 8).
That turned out to be quite simple (after a few hours of trying all sorts of cookbooks that did not work...). Here's what I did:
You will need to deactivate ModSecurity from any machine/subnet that is allowed to use Apex Builder. Otherwise saving anything in the Apex Builder will result in a 403 error.
In my case I need to do this for IP 192.168.2.254, which is my internal router address. You can check the log here: And to check if it all works, perform an "illegal" request: which should return:

Code

Page

Identification
Page ID
Name
Page Alias

Region

Identification
Sequence
Title
Type
Source
Source Type
Region Source

View

View
Name
DDL