Hi everybody,
We were experiencing extremely high loads on one of our web-servers, generating enormous loads on Apache, eventually resulting in the server running out of memory and just locking up.
Most IP's were coming from a certain country, so in the end, I ended up simply blocking all subnets from that specific country (no interesting information for them on our websites anyway).
I did this by using the following script:
http://www.cyberciti.biz/faq/block-entier-country-using-iptables/
Very effective - a tail -f /var/log/messages is very amusing once the script is active.
And of course, iptables --list -v -n ; gotta love those counters.
At the moment it is running on the webserver itself in test, will probable move it to our firewall at a later stage, if it proves to be effective (so far it seems to be very effective).
Thought I might share this with you guys, I'm probably not the only one experiencing this kind of trouble ;)
(And yeah, I should probably move to something like NGINX etc... but that's not an option right now ;) )
(a thank you goes out to my colleague for finding the above script on the internet)