Hello there, everyone. I've been struggling with thousands of bots hammering one of my forums for months. It's a low-resource server so it's crashing apache over and over, not due to apache but rather mysql taking up 99% of the cpu causing timeouts. There is no legitimate user on this forum from the country and it's a very small community so I'd like to try to block the country. I wrote a php script to do this in which I'm storing IP addresses and if it's not seen, it pings an IPgeo db then stores it. This works with low traffic but when it gets hammered, the script is getting capped by the ipgeo sites and it would take me years to build a sufficient db to work. I found this article but when I add the 2+mb to the .htaccess file, it causes the page load to timeout, I'm guessing it's just too much to run for the thousands of hits I'm getting at once. Is there a way to add this range to my firewall? Is there another option for me, either through ISPC or something in debian? Thanks for your time!
There is no builtin function for geoip blocking in UFW and as ISPConfig uses UFW, there is no such function in ISPConfig either. You could build iptables rules e.g. with https://www.ipdeny.com/ though. However, it's more about blocking a country than just allowing one. I suppose the rules list would be quite extensive to block all countries except one. You could use a local GeoIP database, e.g., from MaxMind, in your script instead of a GeoIP service. If I remember correctly, they also provide some free databases with not-so-exact localization. As you only want to block by country, these not-so-detailed databases should be sufficient.
I don't know what kind of bots you are dealing with, but nowadays there are alot of AI scraping bots. Maybe implement a solution like https://anubis.techaro.lol/ to fight the bots. A lot of open source projects use this to protect their services like forums, git trackers, bug trackers and docs from bots.
