1

enter image description here

The above screenshot is from my website's cpanel visitors list.My website is build on wordpress. And I think someone is trying hard to crack open my website with DDOS attack and drain out my 10gb bandwidth in single night.Although I've applied https and blacklisted the repetitive ip address accessing the non existing URL. What are the other possible methods to avoid this kind of attack ?

Community
  • 1
psudo
  • 111
  • 2
  • How many requests in total? My best suggestion would be to use for instance CloudFlare to handle caching. – vidarlo Nov 06 '19 at 06:43
  • 2
    HTTPS does nothing for DDoS or brute force – schroeder Nov 06 '19 at 07:32
  • Why do you think this is a DDoS? What do you mean by 10gb bandwidth? How many IPs are making these requests? – schroeder Nov 06 '19 at 07:34
  • @schroeder it might be brute force and DDOS at once as they are hitting non existing url repeatedly. – psudo Nov 06 '19 at 10:04
  • 1
    @vidarlo I agree with your Cloudflare recommendation. It comes with some prebaked Wordpress WAF rules and of course it is great at handling DDoS attacks and so on. So alot mote than just caching. – ChrisFNZ Nov 06 '19 at 10:38
  • 1
    On your screen you can see that the user agent is bingbot, may be you can dig a bit, do you have evidences that you have been attacked with 10GB? if you show them will be good for us – camp0 Nov 10 '19 at 02:34

1 Answers1

1

There's a lot of possible ways to enhance the security of your site. But it depends on the architecture of your website, if it is a dedicated server or not.

  1. Use anti-DDOS services- If you want free you can use Cloudflare. It will help you to block attacker requests, like botnet. Here's the link https://www.cloudflare.com/

  2. Use Wordpress plugins to enhanced security - I used Wordfence, which includes an endpoint firewall and malware scanner that was built from the ground up to protect WordPress. https://www.wordfence.com/

  3. Increase Internet Bandwidth and Server Capacity - The main reason your website can crash or go offline after a DDoS attack is if it doesn’t have the capacity to handle the volume of traffic sent by the attacker.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Al Francis
  • 278
  • 1
  • 11