DDOS Attacks

I mentioned a couple of days ago that I have a website that has now been entirely disabled to the point of becoming unusable by DDOS attacks.

I posted about this a couple of days ago and upon recommendations changed some of the Cloudflare settings. It made no difference.

What the attackers method seems to be is hitting the same pages over and over again from different locations. I know which pages those are. Is there something that would take the ips that are making those repeat hits on specific pages and either compile or add them to a blocklist?

9 Comments
  1. How are you determining where the attacks are coming from? What actions did you take to attempt to stop them? Be specific. Either you didn’t setup CF (+ the WAF rules) properly, or the attacks are bypassing CF.

  2. Did you enable the DDOS attack button on the main page? Add the known IPS to the WAF that you want to block.

  3. If they are hitting certain pages you have a HTTP flood. However if your website doesn’t have DDoS protection and you’ve enabled CloudFlare they are now still just hitting the IP behind Cloudflare.

    So you either need to move to a DDoS protected webhost or change your IP with your current provider and ensure it doesn’t leak.

  4. If the website is important and brings in revenue might be time to go to a specialized webhost that deals is ddos if the site is just a hobby maybe take it offline for a bit and it will stop

  5. Can you share some of the requests (can redact the domain). 

    Is it hitting the exact same URL? If so, are those pages cached?

  6. What’s your host? If it’s some shared package, you can’t do too much: you can protect the site against BruteForceAttacks, but not against DDoS. Good host already have DDoS protection.

  7. I would suggest cloudflare. Also try BBQ Firewall, Banhammer & Blackhole for Bad Bots. They are lightweight and does the job pretty good.

  8. > Is there something that would take the ips that are making those repeat hits on specific pages and either compile or add them to a blocklist?

    Logs from your webserver, apache or nginx, is the best way to do this. Can only be done if you have access to those, or direct access to SSH.

    Rate limits per IP/route/… can also be added in those webservers. All of this is best done outside of PHP.

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer