DDOS on a website through WordPress?

S

SKRSKR2016-10-22 21:50:14

linux

SKRSKR, 2016-10-22 21:50:14

DDoS started 40 minutes ago, I found manuals on the Internet how to disable iptables, but it didn’t work, the access.log file weighs 370GB, and every minute it grows by 400MB, the site opens every other time, what should I do? in the logs requests of this type:

68.151.232.*** - - [22/Oct/2016:20:30:52 +0200] "GET / HTTP/1.0" 200 20761 "-" "WordPress/4.5.4; http://bjshilling.ca ; verifying pingback from 191.96.249**"

the channel load is 950+ Mbps, the server console itself works fine, the CPU is loaded by 320% from 800% possible (cpu i7 3770), there is protection against L3 / L4 attacks but not from L7, what should I do?
software nginx + apache + mysql as I understand it, requests to apache do not reach
ps while I put parlamnet migration in ovh and iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 1 -j REJECT but the site opens once

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

sx66627, 2016-12-03
@sx66627

What are you, drug addicts?
Through nginx, it is treated with just one rule:
if ($http_user_agent ~* ^(WordPress.*) ){
return 444;
}
What is the clogged channel? This is an http flood, which is the easiest to extinguish) And no third-party services, protections, etc. are needed. Unless the money has nowhere to go.

A

Alexander Alexandrovich, 2016-10-22
@tatu

I'm not sure if the following actions will bring great results:
1. Try enabling the ability to limit connections on Nginx
limit_conn_zone $binary_remote_addr zone=perip:10m;
2. Enable similar actions, but from the iptables side
-A INPUT -p tcp --dport 80 -m iplimit --iplimit-above 10 -j REJECT

E

Erelecano Oioraen, 2016-10-23
@Erelecano

iptables -A INPUT -p tcp -m tcp --dport 80 -m string --string "WordPress" --algo kmp --to 65535 -j DROP
iptables -A INPUT -p tcp -m tcp --dport 443 -m string --string "WordPress" --algo kmp --to 65535 -j DROP