DDoS attacks are stressing me, how about you?

LPH

Well-known member
The last two weeks have been nothing but monitoring, patching, and praying. The spikes come about every 30 minutes with a flood of requests for /wp-login. All IPs but mine are denied access to the file. China and Russian Federation are blocked - which slowed down the attacks for a day or two. Today was a huge one while I was at work. :(

Is anyone else struggling with DDoS attacks?

Protection: Firewall, CSF, CloudFlare, and Trackment (and little ole me monitoring)

Reality: Down daily ...
 
I had a member here DDOS me awhile back. Other than that, been pretty lucky.
I'll cross my fingers for you. Once they've latched on to thinking they can get to the /wp-login then it's been pretty rough. Luckily XS is installed and the WP accounts are not used. Too bad for the wanna-be hackers :)
 
The last two weeks have been nothing but monitoring, patching, and praying. The spikes come about every 30 minutes with a flood of requests for /wp-login. All IPs but mine are denied access to the file. China and Russian Federation are blocked - which slowed down the attacks for a day or two. Today was a huge one while I was at work. :(

Is anyone else struggling with DDoS attacks?

Protection: Firewall, CSF, CloudFlare, and Trackment (and little ole me monitoring)

Reality: Down daily ...


Are these DDoS attacks or simply login attempts?
 
@Mike Edge handle it for me :)
Thanks a Lot to him! (y)
I suffered the attack almost 1 week, transferring from different server's.
And ended up on xfhost.net
 
@Mike Edge handle it for me :)
Thanks a Lot to him! (y)
I suffered the attack almost 1 week, transferring from different server's.
And ended up on xfhost.net

Can't - love him and the idea of the service - but - my site has WordPress, XenForo, two MediaWiki and two Moodle installations.
 
Technically it appears to be a Brute Force attack - which are distributed - and end up overwhelming the server.

It's well known these attacks are happening daily. Our security firm sees them daily and our incident response team always is pouring over the data of our own site and several client sites. If you want, we can step in and add a few additional layers of security through existing plugins to minimize the chance someone successfully gaining access.
 
The most important factor in mitigating a DDoS is proxying your IP address. Services like Cloudflare and Google Pagespeed Service can do the heavy lifting for you, but if the attacker knows your server's IP, you're on your own. Cloudflare recently posted about this here: http://blog.cloudflare.com/ddos-prevention-protecting-the-origin.

You also can't beat a good host. It takes some expensive hardware, but with a good host you shouldn't even know about a small, <1GPS DDoS. They'll mitigate it before it ever hits your server.
 
Top Bottom