I’m having trouble on my website. I’ve been targeted by some mysterious botnet that randomly hits for relatively short periods but enough to completely crash my website.
I followed this guide here to enable a captcha for every single request and then basically whitelist everything I was sure of was safe, since everytime they change country/IP/anything to get around specific firewall rules.
However, now I noticed since a few days it seems there is a new captcha called hCaptcha in stead of the Google reCaptcha. I noticed since this change, with every spike my site goes down still completely.
As you can see in the image below all requests are presented with a captcha but still my site goes down almost instantly.
Is there any way to prevent this? Are there settings to change the captcha back to reCaptcha? Or is there some additional I am not aware of?