I need help. My website is 11 months under DDOs attack

Hello,
I need help. My website is getting hit by big layer 7 DDOs and no and one can mitigate?. I tried many hosting company but they failed to protect my website. The attacker is targeting the DNS so moving to another new server IP is useless. Its been 11 months and until now i'm looking for the solution.
I'm using wordpress and the attacker is using my search function to attack by getting different search terms using multiple IP.
I already tried different method to mitigate like CSF (ConfigServer Security & Firewall)
IPtables
Block countries , Block Ip's
Disabled my search function
Tried other DDOs cloud proxy service but they not really mitigate all the attacks
I'm using cloudflare and activated the under attack but its not helping
Here is the screenshots :

Million of requests but my real visitors is only 1000-5000 :



Many DNS Traffic per seconds :


Too many traffic :


Here is the sample of the attack from cpanel and it look like real visitors :
/?s= there is so many search request per second thats why the CPU usage is high causing the server down.




Please share your solution to mitigate this kind of DDOs attack to help others. I'm sure i'm not the only one getting this kind of problem here.

Thank You

 

Hello CYCX,
Can you please mention on which Server your website is hosted? If it is hosted on a dedicated or VPS server, then please change your SSH port number. Also, check your SELinux security status, if it is disabled, then change it to enforcing.

 

Hello,

Looking at your issue, you should check a few things.

1. Do you have DNSSEC enabled on your website ? It will help you to mitigate fake or spoofed DNS queries.
2. What kind of webserver do you run ? Have your tried using something like litespeed?
3. Does your website completely go down when the attack happens ?
4. Also, what kind of budget are you looking at for a solution ?

Thanks
Casey K
Skype: [email protected]
www.24x7technicalsupport.net

 

I'm using VPS, already changed the ssh port but still no luck. Also i'm using kms-hosting with their layer 7 ddos protection.

The website is not completely down. It will load very slow. Because the attack consume all cpu resources.

 

>> You can block attacking IP addresses range in the Server firewall. There are few more tweaks but, that needs to be checked directly on the Server. The main node where VPS is installed must be properly secured. To suggest further, the server needs to be investigated.

 

LOL if its a bot, then why you simple don't enbale "i'm under attack" option on cloudflare ?

edit: i'm under attack + maximum security on cloudflare will fix your problem unless they are real visitors

btw what is your website domain?

 

You should consider memcached for Wordpress where the site will get cached in the server RAM and saves tons of mysql querys.

 

If the attack consists of search query spam and the person doing the attack knows how to code or is using a halfway decent bot CF's under attack mode will do nothing. You don't even need to run Javascript to solve the "checking your browser" challenge. At best it will delay every search query by 4 seconds. I don't know what "maximum security" does, but under attack mode will not stop a bot if it's designed to handle it.

 

I don't know really my website was never under attack. but a real attacker will never attack through cloudflare LOL. they always use your real ip for attack.
11 months under attack with no down time at all ? lol it does not make any sense. what kind of attack is this?
maximum security is requesting captcha in order to access website for visitors who use proxy or vpn or any shared IP

 

@Gavo Thank You for the suggestion.

I'm under attack is already enabled and it will not help at all. plus I created page rules and set the security to high on worpress ?s= search.

Thank You I will search about memcached for wordpress. I'm newbie thats why its hard for me to setup and fix the server side issues.

I already changed IP. As I've said the attacker is targeting the domain so even I change the IP or hosting the attack still ongoing.
my website is down for 11 months . Its an http flood attack with thousands of different IP is connecting to my wordpress search function every second and searching different keywords thats why the CPU load is very High.

 

What? There are some forms of DDoS attacks no sane person would try to a site behind CF. Intensive HTTP request (like search queries) spam is not one of those. CF gets the IP the request came from which means little to nothing in the case of proxies or botnets.

In addition to @Gavo and @RapidVideo's suggestions additional options are:

• temporarily disable search completely.
• temporarily switch to Google search.
• temporarily put search behind a captcha (this wont stop bots but it'll greatly reduce effectiveness and cost the attacker money to keep the attack going).
• modify WordPress' search such that it uses non-default query parameters and/or pages (this will nullify pre-built bots and script kiddies).

 

Thanks for all your help

Here is the solution that works for me.
First I created a cloudflare rules that redirect all search from bot to blank html page.
Then I install Dave's WordPress Live Search plugin and disabled enter key on search.
Now my website is up with live search bonus :D



Edit : Now the attacker is targeting the main domain and the cloudflare "under attack" mitigated it instantly.

 

send site link

 

everything is ok now. thanks for the help

 

Can you share what do you install to solve this? I would like to implement to my server too.

 

If you read the thread carefully that OP was shared the solutions.