You have a dedicated server with Plesk Panel:
Intel Core i7-2600 Quad Core
32 GB DDR3 RAM
2x 3TB SATA III HDD
On the 7.3 server PHP is running on Apache+FPM+Nginx. You can turn the pure NGINX, but I don't want to constantly Tinker with manual configuration for all WordPress (the server has many WordPress sites and need to work .htaccess and all the plugins dependent on them). WordPress installed and configured W3TotalCache.
The problem: under normal load, everything is flying, even with a large attendance. But the sites happens periodically DDOS attack from competitors, as I understand it with bot no networks controlled manually - as soon as I find a way to block the current attack, they change it to another.
The server is fail2ban rules in which I periodically change, to adapt to the changing attack.
Now the sites are on old server with same hardware but older software (Apache, FCGI, PHP5, without Nginx):
Block the usual attempts to "swotting up" with the same easy ip using fail2ban, but the attacks are moving into more and more sophisticated:
1) Begins to hammer with random requests for non-existent pages in WordPress, and since it does not give 404 error (WordPress is trying to find such articles and generate your 404 page), then there is no cache here does not help - each request generates a new cache. Example queries (dozens per second):
2) IP change all the time, have virtually ceased to use the repeats (each new request from a new IP).
3) Referrers were fake (all different), there are use the empty, after they have become will be banned my settings.
4) Sometimes hammering just some page in a query (for example sort items by rating).
5) Hammering /wp-admin/admin-ajax.php POST/GET requests is heavily hangs the server. Lock the whole file so can't use the frontend requests from real users. It turns out zablocie through .htaccess if you use blank referrer. If not - it is not clear how differences from normal users.
6) Domain connected to Cloudflare but as I understand with these types of attacks (where all ip are different and to determine what actions questionable hard) he is not going to help.
Actually a question - as I understand to set the ban for such attacks is automatically very difficult (especially once they see that there is a ban immediately change requests, referrers, etc.), so there is another request - how to configure and customize the new server (where I move from the old sites where the attacks), these attacks do not hang the server, and he did to them worked fine? As I understand PHP7 and Apache FPM and NGINX should help with this? What else would you recommend to install and configure? (Acceleratory to PHP, databases?) Much will help the transition to a pure NGINX without Apache?
What settings the Apache/Nginx should indicate (limits, connections, etc.) to a server did not fall, and all things are working? (there was 503/502 errors).
The sites that attack after you create a barely updated with new information (and therefore full of deep caching possible), but have some dynamic functions (for example likes publications) that need to stay and work.
Could you tell me what software bundles should use to make it all bright-eyed despite the load? Enough iron the specified server?