[ad_1]
I have a website that gets about 30k visitors a day. Suddenly today it became unresponsive, slow etc so I checked resource usage in cpanel (shared hosting) and it was at 400% usage. I flipped on cloudflare’s “im under attack” and poof cpu down to 8% where it usually sits. All good for 3 hours and I tested setting it from under attack to high and instantly back over 200% cpu usage.
So… what am I supposed to do? Just leave attack mode on until whoever is doing this gets bored? It’s shared hosting so I dont have full access and dont want to give the host a reason to boot me.
Can you see what exactly is being brute-forced?
Are they “bashing” the login page, or something third?
A (not very) fun story: this winter I had a site “bashed” by Google bots no less. LOL. Took me a while to figure out what’s going on and how to solve it.
But generally, I’d start by trying to figure out what is being brute forced exactly.
My stupidity docummented (may help give you some ideas): 🙂
[https://io.bikegremlin.com/31865/website-attacked-by-ghosts/](https://io.bikegremlin.com/31865/website-attacked-by-ghosts/)
You’re already using Cloudflare, so surely you can see on the WAF events if you’ve got bots or some other non-standard traffic? And then just set up some rules to block that traffic based things like IP, country, etc…
Do some investigating, check the Cloudflare WAF history, server logs, etc. Setup WAF rules to block future attacks.
Check logs, ban Russia and China to begin with. Attackers usually get bored/run out of funds at some point so yes, you need to mitigate until attack is over.
30k visits a day on shared hosting with 8% cpu usage? who is your provider?
I’ve been once in similar situation, and someone helped me with it, I’ll DM U.
What I do is turn ddos protection on for 15 mins then ban any server farm that fails the challenge. Also I could scale up to like 50 servers but best to block server farms anyway.