Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Approaches against DDoS attacks?
I inherited a client a while back that last week was, and again currently is the target of a DDoS attack. There’s nothing about the site that is at all contentious and the owner runs a small business that I don’t think has a market share that anyone would put the effort into destroying so the reason is probably just bad luck.
Looking at the log files from yesterday, there were around 9 million requests at millisecond intervals that always use an url made of successive bits of other urls on the same site, e.g.:
/section/123/article-name/section/456/other-article-name/section/789/and-so-onor using url parameters that we don’t use like ?lang=more-url-splurge.
At that point the host takes the site offline, and I’ve crafted various regex patterns to sink non-bona-fide url requests before textpattern tries to process them, but the host says it happens again (though I’ve not been able to corroborate that because the site was taken offline again).
The host has suggested we pass the domain through Cloudflare. This is not a hobby site, but also not a huge seller, e.g. it shows wares for a business but doesn’t have an online shop on the homepage itself, so I’m unsure whether Cloudflare’s free plan applies here. I guess not. That adds 20$ a month to the client’s outgoings. The site is currently hosted on a shared hosting plan.
Do I have any other sensible options? Could, for example, relocating to another host help here, or do I just set end up getting targeted on the new host? Are there hosts that do both cloudflare’s ddos filtering and the hosting part for an affordable fee?
Any advice gratefully received.
TXP Builders – finely-crafted code, design and txp
Online