Bots / Robots bombard my web site

Status
Not open for further replies.

^^GoRiLLaZ^^

Active Member
251
2010
131
4,760
Hello guys, i have a big problem... my web site is bombarded by SEARCH BOMB -.- And my CPU goes to 100% because of that.


Solution, advice ... everything is welcome!
Thank you!
 

Attachments

  • search bomb.png
    search bomb.png
    131.2 KB · Views: 7
6 comments
I mean this is pretty much a (D)DoS attempt. He's either rotating proxies and User-Agent headers or using a small botnet. The reason for the search queries in that case would be because it's often a really easy way to spike memory and CPU usage because few people running a WP site cache search results or use rate limiting.

I would temporarily disable search (or switch to Google search). Also look at the logs right before it happened. I suspect the origin might be 141.101.98.14 because it's a cloudflare IP and it used the default Go HTTP client User-Agent https://golang.org/src/net/http/request.go#L458.
 
I mean this is pretty much a (D)DoS attempt. He's either rotating proxies and User-Agent headers or using a small botnet. The reason for the search queries in that case would be because it's often a really easy way to spike memory and CPU usage because few people running a WP site cache search results or use rate limiting.

I would temporarily disable search (or switch to Google search). Also look at the logs right before it happened. I suspect the origin might be 141.101.98.14 because it's a cloudflare IP and it used the default Go HTTP client User-Agent https://golang.org/src/net/http/request.go#L458.
Yeah, and how to protect from this (D)DoS attempts? Do you have any idea or anything? I want to disapear these all unreal visits.
 
There's really not a whole lot you can do against a DoS/DDoS if you're just running a simple site on a VPS/Dedi. When it happens you just have to deal with it. You can can try some things to mitigate it like temp banning IPs and disabling search in your case. There are software and hardware solutions to help mitigate it but these can be expensive. But even these don't prevent it from happening.
 
may be use google search feature temporary and disable wp search feature. if you are using cloudflare you can use "under attack" feature. every 5 min cloudflare will show captcha if visitor don't meet some requirement... i guess.
 
Your first problem is you not installing the cloudflare "restore ip" addon..
https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs

All ip's in screenshot are Cloudflare proxy ip's, which prevent you from finding the real culprit.
The user-agents look like bot rotators, using outdated browser strings, install restore ip mod, and check your access logs, for a couple of them to spot patterns.
How to setup this on cPanel / Wordpress?

Still flooding :(

_2450d370c777b94b027a860e903a354f.png
 
Status
Not open for further replies.
Back
Top