Recently, on October 15-16th, the hosting load has spiked up to 5-6 times its usual amount. The hoster has sent a message suggesting that there are numerous requests coming in from foreign IP-addresses. To fix this problem, they recommend activating access to the site solely from within the country through the control panel.
Unfortunately, the requests seem to come from different IP-addresses and URLs, and there is no common parameter to filter them out selectively. One solution could be to connect the domain to Cloudflare; this may help to filter out such requests.
I have already activated the tool to restrict access only from my country, but it's not a long-term solution since 13% of traffic comes from abroad. I don't have much experience solving such issues, so I would appreciate some straightforward advice. Do you have any recommendations for someone unfamiliar with this type of problem?
Let's implement an anti-bot measure. It could be located somewhere in -DM-.
Is it possible that the hosting service does not keep track of website traffic?
I have encountered a situation before where my hoster notified me of a significant attack on my site. However, the attack was actually just visits from Googlebots, Bing, and Robot Sapa.
Quote from: Newport on Oct 19, 2022, 02:34 PMSet the anti-bot. At -DM- somewhere it was.
and cloudflare by these rules wmsn.biz/m.php?p=143697 (https://wmsn.biz/m.php?p=143697)
Cloud Flare FirewallRule setup from the 3 rules, which will work for many, but not all.
I try to set up all my sites this way now. For me, it's convenient.
Start by enabling forced redirect from http to https, you can find it in: SSL/TLS | Edge_Certificates | Always_Use_HTTPS.
Then in Firewall - Firewall_Rules create rules (they should be in this order):
1) Allow access to white bots. Who CloudFlare considers white listed here.
If the bots get to http - will have a 301 redirect https.
The rule looks like this: (cf.client.bot)
ab1-.webp
2) Those who got to http - make 5-second JS check (if there are attackers), let them suffer, after that they will get redirect to https.
If you do not make this rule, then http will not be available at all because of rule number 3.
The rule looks like this: (not ssl)
ab2-.webp
3) Deny access to everyone who visits not via HTTP2 protocol, dhdos-bots, shitbots, and other stuff that goes mainly via HTTP/1.0 and HTTP/1.1.
The rule looks like this:
ab3-.webp
And a little bit about the sad part. HTTP2 is not supported by a couple percent of browsers, mostly these
old abandoned mobile browsers, but they are as good as milk, these browsers are not convenient to use and
the hell to do with them on the site, no goods to order, or advertising to click, or comments to shit. Although,
those who are still optimizing sites for ie7, - for these webmasters is probably a loss.
These settings do not obviate the need to use antibots, as Ahrefs, Archive, baidubots and other unnecessary bots
for CloudFlare are considered white and they pass. Also, many hotbots use HTTP2, which abuzayut, etc.
are negative activity against sites, from them will save only cloud antibot.
By the way, I also in tech support recently recommended to block IP....Google, Bing, Yandex, and ArchiveOrg ;D
Well, morons, no words, only emotions, bordering on hysteria...
Quote from: Newport on Oct 19, 2022, 02:34 PMby a serious attack meant the visits of googlebots, bing, and robot sapa )).
Now most of the "shared" started tightening the screws, the crisis, the equipment is getting more expensive, so they include all sorts of "protections" that harm the site, but the server loads less to the hoster.
Quote from: Newport on Oct 19, 2022, 02:34 PMI once had a hoster wrote that there was a serious attack on the site, by a serious attack meant the visits of googlebots, bing, and robot sapa )).
Hoster, I wrote myself with a request to advise the causes of such a sudden jump in load, which I noticed in the control panel.
Observed it for 2 days, before that everything was normal. Attendance is at the same level.
There are several days in a year when the traffic is increasing. But even on those days the load is much less than the current values.
Quote from: -DM- on Oct 20, 2022, 09:27 PMand cloudflare by these rules wmsn.biz/m.php?p=143697
That is, only your anti-bot will not be enough?
Quote from: Ronny on Oct 21, 2022, 06:12 AMThat is, only your anti-bot will not be enough?
Antibot works on your server, culling primitive bots by claudflare outside your server is a significant resource saver.
I do not know how to live without claudflare, it's awesome, convenient dns, saving traffic and server resources, ssl, and much more.
Quote from: -DM- on Oct 21, 2022, 06:39 AMAntibot works on your server, culling primitive bots by claudflare outside your server is a significant resource saver.
I do not know how to live without claudflare, it's awesome, convenient dns, saving traffic and server resources, ssl, and much more.
Maybe, I do not argue. I just never got into the subject of bots because I didn't have that problem. It all seems complicated and convoluted to me.
Any step by step instructions on how to properly connect and configure it all?
Yeah, had the same problem this summer. A very uncomplicated and inexpensive way, is to move all sites to work through cloudflare. Turn on high security mode.
It's likely that requests from bots can go not only to the sites, but also to the server IP. You need to close access for requests that are not coming through CF.
Cloudflare is also useful in that it spoofs the true IP address of the host, which will help avoid problems in the future.
You can establish a CF and utilize the five free rules available. Once you set it up, you'll realize that a large portion of bots come from Amazon.com, DigitalOcean, Hetzner, and OVH.
These bots will be subjected to a captcha, which should resolve most of your issues. This could potentially put an end to your entire problem.
Quote from: -DM- on Oct 21, 2022, 06:39 AMI do not know how to live without claudflare
Quote from: Ali_Pro on Oct 21, 2022, 08:21 AMYou set up a CF.
It's nice when you have your hands and your head in place :)
And quite well, if you have another paid antiddos and a lot of extra money for a more powerful server. ;D
External attacks primarily involve bots scanning the site for vulnerabilities and sensitive areas that can be hacked to slow down operations and consume hosting resources. The increase in traffic is caused by an external scanner sending numerous POST requests to the server simultaneously.
Load surges are relatively common since network traffic fluctuates frequently. However, there's no need to panic. If changes occur too frequently, conduct a full site inspection, study the code thoroughly, and assess if any JavaScript function is hampering the work.
Checking logs may help you identify where the root of evil lies. It's also necessary to test your scripts.
If everything seems okay on the outside, it's possible that the problem lies within the site like a parasite. Begin by scanning your resource for malicious code and implement a security system. Analyze the site's loading speed, review the processing time for database requests, replace old non-optimized methods with functions, and consider using Nginx in conjunction with Apache to limit the number of requests.
If you're experiencing a sudden increase in hosting load and requests from foreign IP addresses, there are a few steps you can take to address the issue.
1. Monitor Your Traffic: Use web analytics tools or server logs to understand the origin of the increased traffic and identify any patterns or commonalities among the requests.
2. Implement Rate Limiting: Configure your server or hosting platform to enforce rate limits on incoming requests. This can help mitigate the impact of excessive traffic by limiting the number of requests from a single IP address or network within a specified time interval.
3. Consider Cloudflare: As you mentioned, connecting your domain to a service like Cloudflare can provide additional security measures, including filtering out suspicious requests based on IP addresses, URLs, or other parameters. Cloudflare can also cache content and help distribute the load across multiple servers, reducing the strain on your infrastructure.
4. Consult with Hosting Provider: Reach out to your hosting provider's support team for guidance on mitigating high load issues. They may have specific recommendations or be able to assist with implementing necessary changes at the infrastructure level.
5. Optimize Website Performance: Review your website's code, database queries, and overall architecture to identify potential bottlenecks and optimize performance. Implement caching techniques, minimize resource-intensive processes, and consider implementing content delivery networks (CDNs) to offload some of the traffic.
6. Consider Professional Help: If you're still facing difficulties, consider consulting with a professional who specializes in web security or performance optimization. They can provide a thorough analysis of your infrastructure, identify vulnerabilities, and suggest appropriate solutions tailored to your specific situation.
7. Enable Firewall Rules: Configure your server or hosting platform's firewall to block traffic from suspicious IP addresses or ranges known for malicious behavior. This can help filter out unwanted requests and mitigate the impact on your hosting load.
8. Implement CAPTCHA: Consider adding CAPTCHA verification to forms or interactive elements on your website. This can help differentiate between human and automated requests, reducing the number of potentially malicious or spammy requests.
9. Stay Updated: Keep your website's software, plugins, and frameworks up to date. Regularly patching and updating these components can help address security vulnerabilities that could be exploited by attackers.
10. Use Web Application Firewalls (WAF): Utilize a WAF solution that can inspect incoming traffic and identify and block malicious requests. This can provide an additional layer of protection against various types of attacks, including those originating from foreign IP addresses.
11. Analyze Traffic Patterns: Continuously monitor and analyze your website's traffic patterns to identify any unusual activity. Look for spikes in traffic, anomalies in the types of requests being made, or any other irregularities that could indicate potential security threats.
12. Educate Users: Promote good security practices among your website's users. Encourage them to use strong passwords, be cautious about clicking on suspicious links, and report any unusual activity they may experience while accessing your site.
13. Use IP Whitelisting: Consider implementing IP whitelisting to only allow access to your website from trusted IP addresses or networks. This can help restrict access to your site to known, authorized entities, reducing the chances of unauthorized traffic.
14. Implement Two-Factor Authentication (2FA): Add an extra layer of security by implementing 2FA for administrative accounts and any other critical areas of your website. This ensures that even if someone gains access to a password, they would still need a secondary factor (like a unique code generated on a mobile device) to log in.
15. Conduct Regular Security Audits: Perform regular security audits of your website to proactively identify vulnerabilities and address them promptly. This can involve using security scanning tools, hiring professionals for penetration testing, or conducting code reviews to ensure the security of your website.
16. Backup and Disaster Recovery Plan: Regularly back up your website's data and have a robust disaster recovery plan in place. This allows you to quickly restore your website to a previous state if it becomes compromised or experiences any issues.
17. Stay Informed: Keep up to date with the latest security threats, vulnerabilities, and best practices in the industry. Subscribe to security advisories and newsletters to stay informed about emerging threats and proactive security measures.
18. Consider Dedicated Hosting or Managed Services: If your website continues to face excessive load and security challenges, consider moving to a dedicated hosting solution or engaging a managed service provider. These options can provide additional resources, expertise, and security measures tailored to your specific needs.
19. Implement Web Application Security Headers: Configure your website to include security headers in the HTTP response. These headers can help protect against common web vulnerabilities, such as cross-site scripting (XSS) and clickjacking attacks.
20. Use Content Security Policy (CSP): Implement a content security policy to control what types of content can be loaded and executed on your website. This can help mitigate risks of malicious scripts being injected into your pages.
21. Regularly Scan for Malware: Utilize malware scanning tools or services to scan your website regularly for any signs of malware or malicious code. Promptly remove any detected threats and investigate the source of the infection.
22. Educate Yourself: Take the time to understand the common types of web attacks, such as SQL injection, cross-site scripting (XSS), and distributed denial-of-service (DDoS) attacks. This knowledge will help you better protect your website and take appropriate measures to prevent them.
23. Harden Server Configuration: Review your server configuration and ensure that it follows best practices for security. Disable unnecessary services, use secure protocols (e.g., HTTPS), and implement strong access control measures.
24. Regularly Check for Vulnerability Updates: Stay informed about security vulnerabilities in the software and frameworks you use for your website. Regularly check for updates and patches to address these vulnerabilities promptly.
25. Implement Intrusion Detection and Prevention Systems (IDS/IPS): Consider deploying IDS/IPS solutions that can monitor incoming and outgoing traffic, detect suspicious or malicious activity, and automatically block or alert you of potential threats.
26. Encrypt Sensitive Data: If your website handles sensitive user data, ensure that it is properly encrypted both in transit (using HTTPS) and at rest (using encryption technologies). This helps protect the privacy and integrity of the data stored on your servers.
27. Conduct Security Awareness Training: Educate your team and website administrators about the importance of cybersecurity and best practices to follow. Teach them about common attack vectors and how to respond to potential security incidents.
28. Implement Web Application Firewalls (WAF): Deploy a WAF solution that can analyze incoming web traffic, identify suspicious patterns, and block malicious activity. WAFs often employ rule-based systems or machine learning algorithms to detect and mitigate attacks in real-time.
29. Implement Secure Coding Practices: Train your developers to follow secure coding practices, such as input validation, output encoding, and parameterized queries. This can help prevent common vulnerabilities like SQL injection and cross-site scripting.
30. Use Strong and Unique Passwords: Encourage users and website administrators to use strong, complex passwords for their accounts. Additionally, enforce password policies that require regular updates and prohibit the reuse of old passwords.
31. Regularly Audit User Accounts: Periodically review user accounts on your website to identify and remove any dormant or suspicious accounts. This helps minimize the risk of unauthorized access.
32. Enable Log Monitoring and Analysis: Activate logging mechanisms on your server and regularly review log files for any suspicious activities. Analyzing logs can provide valuable insights into potential security breaches or abnormal behavior.
33. Implement Two-Factor Authentication (2FA) for Users: Offer 2FA as an additional security layer for user accounts on your website. This can significantly reduce the risk of unauthorized access, even if usernames and passwords are compromised.
34. Stay Up to Date with Security News: Follow reputable cybersecurity blogs, forums, or news outlets to stay informed about the latest threats, vulnerabilities, and security practices. Being proactive and aware can help you better protect your website.
35. Engage External Security Audits: Consider hiring external security experts to conduct thorough security audits of your website. Their expertise and fresh perspective can help uncover vulnerabilities that you might have missed.
The sudden spike in hosting load is likely a result of their own incompetence or a deliberate attempt to upsell you on their services. Instead of wasting your time with temporary fixes, I suggest you take your business elsewhere.
Look for a hosting provider that offers better support and more robust security features. And don't bother with Cloudflare or any other third-party services that promise to fix the problem. They're just trying to make a quick buck off your misfortune.
Increased load on web hosting due to requests from certain IPs can be caused by several factors. Here are a few potential causes and solutions:
Bot Traffic: Automated bots may be making excessive requests to your server, causing a load spike.
Solution: Use CAPTCHAs, rate limiting, or firewall rules to block or limit bot traffic.
DDoS Attacks: A Distributed Denial of Service (DDoS) attack could be overwhelming your server with requests from multiple IPs.
Solution: Use a DDoS protection service like Cloudflare or implement IP blocking/firewall rules to mitigate the attack.
Malicious Activities: Some IPs may be attempting brute-force attacks, scraping content, or other malicious activities.
Solution: Monitor logs for suspicious activity, block the offending IPs, and ensure your server has proper security measures in place (e.g., intrusion detection).
High Traffic or Spikes: Legitimate users or traffic spikes from specific IPs could be causing the load.
Solution: Implement caching, load balancing, or scale your hosting resources to handle the traffic surge.