How to Take Care of DoS Attack

#1

Hi there,

So, I have noticed and flagged some IPs. Based on the frequency, they are clearly doing a DoS attack on my site.

26 requests per minute for over 2 hours. And that’s just the IP I accidentally caught. There are some I find here and there every few minutes.

If this is the case, is there a way to report this? I know DoS Attacks are illegal. But what can I do about other than protect the site?

#2

If you know they’re not Cloudflare IP’s, you can set up a Firewall Rule to block certain patterns, IP’s, AS Number, prevent access to parts of your site and depending on your plan, extended firewall options with Web Application Firewall. There is also Rate Limiting, User Agent Blocking.

3 Likes
#3

It is because of some firewall rules that I found them.

I was more wondering what happens like after you find them and block them. Even though they are not effecting the site anymore, is there anything to do about them?

Or just… leave it be?

Spoke to a friend and he’s like, “unless you are as rich as Google, you can’t do anything, really. Just block them.”

#4

Your friend is right about taking direct legal action without deep pockets, but If you have the time, there are things you can do to fight back.

If it’s coming from a malicious site, you can report the site as unsafe from your browser (usually in help menu), signup for Project Honeypot and donate an MX, report IP’s using tools like Fail2Ban or manually posting to https://www.abuseipdb.com/ and depending on their hosting companies attitude on enforcing their abuse policy, do a WHOIS to find the abuse contact email. For WordPress sites using the WordFence plugin, you can participate in the Real-Time Wordfence Security Network.

2 Likes
#5

As @Withheld states - FIGHT BACK! Project Honeypot is fantastic and tools like Fail2Ban work. All it takes is a bit of your time and then you’ll know you’ve acted to stop what happened to you and most likely helped to stop it happening to others. :+1:t3:

1 Like