Abnormal Traffic Spike

Recently I have been getting a website traffic spike from all over the world. And it has been as frequent as 1 min per web request.

Since I realized this problem, I have created a firewall to block all the access except traffic locally.

I have scanned for malware in my server, and remove unnecessary files from my website. But the traffic is not slowing.

Most of the request is trying to visit some weird path:

example:
/14347/N_z_Y4Y2_Y5OT/7a3-92a8e-73/18457221293601/feebdfac/1689-0475

Which does not exist on my website.

This surge of traffic actually causes my server CPU to increased to a ridiculous level. Any suggestion on how I can stop this? Is this possibly an attack?

Is there anything I can do?

Hello,

https://www.cloudflare.com/learning/bots/what-is-bot-traffic/

1 Like

Seriously? One request per minute is a surge that overwhelms your CPU?

That’s a start, but you can refine that firewall rule to be less restrictive. Here are some general DDoS tips that you can apply. Namely, taking a close look at unwanted traffic for common traits you can block.

1 Like

Thank you so much for the reply.

Yes. I would assume my server should be able to handle it too. Few weeks ago, my server was hit by some malware. I can see that most of the traffic is trying to hit my cron file. Seriously bogging the network.

This is the second attack I am experiencing. At least this time I have blocked most of the unwanted traffic. Since I’ve last updated this post, the requests are still streaming in (at a slower rate at least).

I reckon my strategy should be to wait out. Until the requests have stop. Probably I will then reopen the firewall to be less restrictive. Apart from this, I have no idea what else I can do.

Appreciate your advice though. Thanks!

1 Like