Step 1 : Detect attakers ip
First run this code in ssh to get the visitors ip addresses and number of connection of each visitor
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
Output :
Number of connections IP Address
For example, this is a sample output :
In the above example, This IP : 41.176.11.15 has 144 connection to server. This is unusual and seems to be an attacker.
Note : Never block 127.0.0.1, this is a local ip.
Step 2 : Block IP with firewall
Block IP with firewall using webmin : Video tutorial