0

I am hosting one of the projects on Heroku Standard 2x dynos plan. Everything was working alright until recently I started to get notifications from our uptime checker that website is down. After closer investigation of logs I noticed that most of the requests are coming from one IP. Apparently, all the requests are coming from some automated script or tool which is trying all the possible JS and SQL injections.

After manually blocking IP in Nginx config everything went back to normal.

My question is how I can automatically prevent it in the future and does Heroku really does not have simple protection from DOS (not even DDoS) if there are hundreds of requests per second from one IP?

Giedrius
  • 111
  • 2

1 Answers1

1

Put CloudFlare or similar in front of your instance and block traffic at the firewall level that doesn't come from CloudFlare or your own IP. CF will absorb or deflect most DOS attacks. I don't know if you can do that easily on a hardware firewall in your environment, doing it after traffic reaches your server is pretty pointless. In AWS you'd change your security group or network ACL.

You may need to change your IP, given your DNS records have published that IP. Again, not sure if that's possible on your hosting system, but it's pretty trivial in AWS for example.

Tim
  • 30,383
  • 6
  • 47
  • 77