Latest Announcemnent
New thread

DDOS via 404 request. How to stop?

Status
Not open for further replies.
E

extabiter

Active Member
92
2012
22
0
I've found out that someone is ddosing my wordpress site via generating requests on non-existing pages on my site like this:

mysite.com/random_string -> 404 error

so this actually make my cache plugin to cache about 2000+ files per minute and it's killing my server. And deactivating cache plugin just make it worse. My question: is there any way to block 404 request completely? Thanks for replies.
 
Last edited:
24 comments
Yes. The problem is not about the cache plugin. It's the ddos, sending thousands of 404 request per minute. I need to stop this
 
Is the ddos coming from 1 or a few ip address ? if so and you are using a linux vps/dedi a quick way quick would be to just firewall the ip/s with iptables.

They will still get through the network but they will get blocked thus saving your wp site from generating a false cache.

This might also be useful:
Code: 
http://www.cyberciti.biz/faq/iptables-connection-limits-howto/

If its causing a problem on the network cloudflare might be a good option.
 
Last edited:
Thanks for reply, it's coming from more IPs, firewall didn't help this time. I'll check the link later, thx.
Cloudflare Pro doesn't help much, and business is too expensive, I don't consider this option in near future.
So there is no way to totally block 404 request?
 
The only way i can think of you doing something like that is to set up your .htaccess and change the 404 to a html file that redirects them to like fbi .gov or something.

Code: 
ErrorDocument 404 goodbye.html
In theory that could work then wordpress does not even come into it.
 
It's not bad idea, but I think it still go through WP.
if you access mysite.com/not_existing_page , then WP need to recognize that the page doesn't exist first, then redirect to error 404 page.
 
More sounds like a discovery spider scanning your site to me,
can be easily done with BackTrack 5 for example..

Are you currently running any software firewall?
CSF / LFD has a function that i am aware of which blocks the IP for x amount of minutes when he requests the maximum limit set for these 404 pages.
 
extabiter said:
Thanks for reply, it's coming from more IPs, firewall didn't help this time. I'll check the link later, thx.
Cloudflare Pro doesn't help much, and business is too expensive, I don't consider this option in near future.
So there is no way to totally block 404 request?
Click to expand...
multiple ip's mean two things
1. someone realy wants your site dead
2. they probably are using a botnet (i.e tor) tos poof their source and yield different IP's

if you know which page or string they use to trigger 404 then
.htaccess deny that path
 
To protect the server.
What I do is -

* Create a Monitor Server. Buy A Windows VDS or dedi > Install Apache > Squid > Add Proxy IPs => Your Server IPs

Job done. Anyone scratch my site domain > Will found my Windows Server > (He did know so) Hit my Port 80 ... O wait widows servers does.'t has port 80 LOL!

Thanks
 
If you use linux server

install this script for stop and monitor DDOS attack


you can install script by login root ssh

Code: 
wget http://www.inetbase.com/scripts/ddos/install.sh

Code: 
sh install.sh

After install Done change in /usr/local/ddos/ddos.conf

Code: 
nano /usr/local/ddos/ddos.conf

Code: 
APF_BAN=1 to APF_BAN=0

Code: 
EMAIL_TO="root" to EMAIL_TO="youremail@your.com"


If you need help in setup contact me i will help you to setup
 
Choose one of the many DDoS proxy services, although if your content is warez in nature you will be hardpressed to find one. Although it really depends on the volume, if the volume is indeed larger than your servers uplink then yes you need to filter it.

If its load related, then work on decreasing the amount of CPU required to generate a 404 page, if its Disk related change the plugin to not cache 404s (it shouldn't anyway -- a 404 should be cheap to generate).

If it doesnt exceed your network bandwidth then you should also be able to mitigate it with iptables through limiting the rate of each connection (slowing down the attack) and using fail2ban (or similar) to read the log files and ban IPs based on the number of 404's they have produced.

If its a legit blog, check out my site if you so desire (SIGNATURE) we offer 10gbit of protection (2mpps+).
 
You should be able to configure your cache plugin to ignore 404* pages

And I think its 'total security' plugin that will ban an ip after 'x' amount of requests to non existing '404' pages.

If your server can handle it, enjoy the free Alexa boost :D
 
Last edited:
Well you may also try installing mod_evasive for Apache to Prevent DDOS Attacks , atleast it will help you to manage request over :80 port . Install some firewall as well to manage the outgoing and incoming connections .
 
1. Install nginx. A few DDoS techniques don't work on nginx.
2. Use iptables to block the incoming IPs, monitor them with netcat.
3. Get a 10Gbit VPS and host your site on it.
4. Identify the attacker, and DDoS him back. [trollface]

4 works great.
 
Qarizma said:
1. Install nginx. A few DDoS techniques don't work on nginx.
2. Use iptables to block the incoming IPs, monitor them with netcat.
3. Get a 10Gbit VPS and host your site on it.
4. Identify the attacker, and DDoS him back. [trollface]

4 works great.
Click to expand...

I always prefer 4th one :) It's an answer back in the same language which hacker understands .
 
Status
Not open for further replies.
Back
Top