New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
My website is under constant bit attack. How to resolve
Hi all,
I would like to get help in resoving bad bot/ddos on ky website. Its an ecommerce website and i advertise it using google and bing ads. But as soon as i switch on the campaign, my site goes down with server load rising to 150 and many ips connected to it.
I am running centos with cpanel, and have tried many solutions but to no use. Can somebody help me in mitigating it, , i am also ready to pay for the service as well.
Thanks
Comments
Try using CloudFlare
use WAF with cloudflare or stackpath
or Sucuri
It seems your server do not handle the traffic generated by your campaign more than a ddos
Is it wordpress+woocommerce? Or open cart/presta/magento/cs cart etc.?
try ConfigServer Security & Firewall, you can block from RBLs and I believe country and asn; alternatively CIDRAM does may of the same things.
also perhaps a cheap CDN to lighten the load on your server will help.
Your website is in wp?
If ddos is strong enough to fill up your port-speed, then there's not much you can do. Whatever filtering you use (firewall, blocklist, etc), it is done after traffic reached your site/server. So even if you dropped that malicious traffic, your input line is still clogged up and any valid traffic would still have to wait in line to get to your site.
You can only ask your hosting to deal with it. Depending on their ddos-protection and complexity of attack, they might filter it on their upstream link (which is much stronger and not so easy to fill up)...
that maybe a real users
Grab a slice!
And a protected IP aswell.
Thanks everyone for the suggestions, i think its now under control & yes my website is already hosted on buyvm with ddos protected IP and Franc helped me alot in resolving the issue.
How was it resolved?
I added additional/localized filtering (basically some L7 stuff).
Francisco
Check if it is a DDoS, what if they are real users? Make a traffic scan and look at the URL of reference if available and wether the IP is the same or repeated several times. If you have access you should also check how many connections per user are there. Are you using a VPS, cPanel, Shared Hosting?
If it happens only after you publish ads it could be too much traffic or your competitors making you waste money. Check properly !
Is your website developed on WordPress? Also try Cloudflare.
Is setting up L7 rules possible with ddos protected IP?
you'd have to do it on the VPS for now.
I'm working to get something users can opt into but haven't got the hardware online yet.
Its been a crazy busy month for sure!
Francisco
If you want Layer 7 rules it's included in our mitigation platform.
See https://www.x4b.net/kb/Layer7Rules
How much RAM and CPU you have in your cPanel server?