Problems with layer 7
Hello my dear friends of this beloved forum.
As everyone knows, most schools, if not all schools are closed and with that all the kids are on the loose (burn the witch)!
I work with sales of minecraft hosting and recently I am having problems with DDoS Layer 7 attacks that make my php-fpm just overflow CPU usage.
I use nginx + php fpm.
I need urgent help to remedy this problem. I will be grateful for those who help me.
Here is a screenshot of the attack:
https://purplehost.com.br - Reliable, secure and affordable game hosting.
Comments
Appears to be just one IP. Why not block it on the firewall ?
Clouvider Limited - VPS in 11 datacenters - Intel Xeon/AMD Epyc with NVMe and 10G uplink! | Dedicated Servers
It is one of thousands of IPS, ufw did not solve ;(
https://purplehost.com.br - Reliable, secure and affordable game hosting.
Cloudflare with mode security on
Without results, for some reason this type of attack passes the firewall and js challenge of cloudflare.
https://purplehost.com.br - Reliable, secure and affordable game hosting.
Have you changed IP? They might be just accessing your IP directly, which obviously bypasses Cloudflare security. Or, you might want to enable CAPTCHA and disable privacypass
I have enabled captcha, I am looking forward to receiving new attacks.
https://purplehost.com.br - Reliable, secure and affordable game hosting.
@nullroute Hope everything works itself out - Script kiddies are the worst!
@nullroute have you tried blocking by referer header?
You could try atleast try to slow that attack with nginx conf and enable some kind of ratelimiting to that authscript
Something like this (prolly doesnt work as I'm writing this out of my head) but put inside http-block:
limit_req_zone $binary_remote_addr zone=authlogin:8m rate=10r/m;
and then inside vhost server-block:
location ~* /auth/login { limit_req zone=authlogin nodelay; }
Needs fine tuning and proper testing but you can easily try and see if it would help
UPDATE
Limiting the number of requests per page was totally ineffective, this only increased the CPU usage by php fpm.
The definitive solution was to block access from other countries to the URL through the cloudflare firewall.
https://purplehost.com.br - Reliable, secure and affordable game hosting.
Why not u change the wp login url ? Why not you enable the captcha ? Why not u enable the DDoS Protection by CL why not ur using CsF to block ips connection when it exceeds the number of connections
KhanWebHost Cheap Shared Hosting | Cheap KVM VPS (DE,UK,US,FR) | KVM Sale - LES Offers
If all this cnt solve then go with bitninja ask them to fix it for u if u dont know hw to fix they will charge few $
KhanWebHost Cheap Shared Hosting | Cheap KVM VPS (DE,UK,US,FR) | KVM Sale - LES Offers
I don't use wp, captcha is enabled and all pages have google recaptcha. Cloudflare DDoS protection has also always been active (orange cloud).
This attack method seems to circumvent the protection of cloudflare by making real requests, but luckily I have already solved it.
https://purplehost.com.br - Reliable, secure and affordable game hosting.