After a DDos attack

[Mark87]

My site was the victim of a nasty DDos attack recently and I am reaching out with some questions to those of you with more knowledge and insight than me. First how many bots and crawlers is normal? What's an abnormal spike that I should watch for?

Secondly is there anything simple one can do to stop this type of thing before it stats? Off/On etc. I've invested so much time in my place and really love Xenforo but this experience has deflated me in terms of going forward. Any and all opinions and input are welcome.

 

[BassMan]

I suggest you start using CloudFlare. This service is great in case of a DDoS attack.

 

[Black Tiger]

Some bots are really nasty, like semrush bots often causing high loads.
I used a robots.txt which I found here on the forums somewhere and that works good.
Next to that, our datacenter has automatic DDOS protection for the servers, which seem to work very well.

In other cases, yes in deed Cloudflare is a great solution.

 

[TPerry]

And there is a fantastic add-on to ease the use of it by DigitalPoint.

[DigitalPoint] App for Cloudflare®

Features Everything is available from within XenForo (you do not need to go to Cloudflare for things) via the Cloudflare API. This allows you give admins permission to do certain things (for example block IP addresses within Cloudflare without...

xenforo.com

If you do decide to use it, be sure to read the instructions and those on all the updates... there are certain API entries that have to be made.

 

[digitalpoint]

And there is a fantastic add-on to ease the use of it by DigitalPoint.

[DigitalPoint] App for Cloudflare®

Features Everything is available from within XenForo (you do not need to go to Cloudflare for things) via the Cloudflare API. This allows you give admins permission to do certain things (for example block IP addresses within Cloudflare without...

xenforo.com

If you do decide to use it, be sure to read the instructions and those on all the updates... there are certain API entries that have to be made.

The initial setup is actually pretty simple. If you don’t have an API token setup for it, it gives you a link that pre-populates all the necessary permissions for you. It’s basically click the link and hit save. So you don’t actually need to read the update notes… that’s just for when new permissions get added after the fact (but for new installs, it starts them with all the necessary permissions), FYI.

@Mark87 if you use Cloudflare, you only need their Free plan. Also, FYI. They will of course try to upsell you because money for them is better than free, but really the free plan is great. If you have a specific need for why you need something beyond free, then it might make sense, but if you don’t know otherwise, free.

 

[TPerry]

you only need their Free plan. Also, FYI. They will of course try to upsell you because money for them is better than free, but really the free plan is great.

It's what I use and am having great luck with it.... in fact, with judicious setup, the limited WAF rule limits work well.
I could probably do better... but this has knocked out a lot of scanners/bots that were hitting trying to find exploits. I hardly get an TOR hits, so probably will free that one up. In the Blocked IP list I have one from Turkey that is hitting around 500-800 times a day from just one IP. Some' of those are ASN's that have a proxy... that's why I use a managed challenge instead of a full block.

 

[Jja]

Depends on how attack was made, targeted.
One suggestion would be put it under Cloudflare and assign server with new/different ip, so attack cant be targeted directly to that same ip address as before, because ip address can be searched again in "history".

 

[Suzanne O]

use cloudflare along with your own anti virus software.

Set up your anti virus software to run a scan each time you put your pc on.

 

[Jake B.]

Set up your anti virus software to run a scan each time you put your pc on.

What do you think a DDoS attack is?