Case Study
The most instinctive, junior-level response to malicious traffic is to block the offenders.
I spent two hours identifying the most aggressive IP subnets in the logs and hardcoding deny rules directly into the Nginx configuration. For a fleeting moment, the server breathed. The CPU load dropped, and the world was quiet.
Days later, the stuttering returned. The attackers had simply rotated their IPs. It was a digital game of Whack-A-Mole, and it was a battle of attrition I was guaranteed to lose.
Pivoting to an application-level defense, I logged into the admin dashboard and installed industry-standard firewall and caching plugins. The situation improved. The frequency of the crashes dropped significantly.
However, it was a fundamentally flawed architecture. The overhead of processing security rules and caching logic within the PHP interpretation layer was simply too high. When a swarm of new IPs hit simultaneously, the server still buckled. I was forcing the most computationally expensive layer of the stack to do the job of a bouncer.
This path doesn't work. Time to reconsider.