In a recent article on WP protection, I wrote that I had somehow encountered a DDoS attack on the SEO blog of a sectarian, and this acquaintance did not bring anything pleasant. But I acquired some useful knowledge.
How it was
One day, I received a letter from the hoster that because of the DDoS attack on my site, it was “stub” (where you need to confirm the transition to the site). Thus, only people get to the site. I was told that if within a few days I did not reduce the load on the server, they would disconnect me (I need to stop myself from doing this?)))).
With this hoster I already had unpleasant moments because of well, oooochen long answers of those support, and I decided to change it. Soon I moved to a new hosting, and then fun began. Every day I was flooded with letters about the load on the server (“ CPU usage account xxxxxxx exceeded the maximum allowable daily load “) and the requirement to go first to a higher plan, and then to a dedicated server. None of this works, checked
Since the rescue of drowning people is the work of the drowning themselves, I realized that my support will not adequately answer my questions, and
to hear read about the tariff increase is already tired. Then I began to look for solutions. And found.
What is CloudFlare
CloudFlare is a very useful service that filters traffic before it hits your site. Accordingly, if properly configured, you can not put it on the site of spammers.
CloudFlare has a free package, and it can not but rejoice. Of course, there is not all the functionality there, but it will reduce the load on your server, it will help, so the benefit from it is enormous.
To start using CloudFlare, you need to register and add your site / sites. After adding, each site is scanned (it takes about a minute), and after scanning you will see all the found DNS data that you can change. But if you do not know exactly what and how, do not touch anything like I do
Next, there will be more settings, where you can choose the Plan, the level of protection and security. Here you must decide what you need. All functions and explanations are in English, so for those who do not know English, Google Translate to help.
The last stage of tuning deserves special attention. It’s called Update your name servers . Here it is said that for activation you need to change your DNS servers on hosting.
It was a difficult moment for me, because I did not quite understand if it was safe. So I abandoned the installation of CloudFlare for a couple of weeks, until everything became completely bad with the attacks. After I figured out everything became easier.
This scheme helps to cut off most of the spam traffic and protect against DDoS attacks by preconfiguring the necessary settings.
Blocking IP addresses and countries in CloudFlare
Just adding a site to the CloudFlare service is not enough, you still need to understand where the spam traffic comes from and put its filtering. To do this, you need to collect a list of attacking IP addresses and find out which countries they belong to (for example, using http://www.ip2location.com/). IP addresses need to look in the logs on your hosting.
Here are some tips for specifying spammers in logs:
After you have compiled IP addresses, block them in CloudFlare on the Threat control menu:
If there are too many IP addresses from one country, block the whole country
I did the following:
After all the settings, you can look at the analytics of visits to the site and spam attacks. This analytics in the free plan is not available immediately.
As you can see, traffic from the blocked countries was more than a lot …
CloudFlare – this is not a complete panacea, some passes of spammers, he still misses. But despite this, he oooochen strongly helps. Once I did an experiment: I turned CloudFlare off for half an hour. The site lay down for 10 minutes, because a bunch of requests collapsed on the server, 10,000 lines of the log file were filled in 3 seconds … Then I turned on CloudFlare again, and in a few hours 10,000 lines of the file were filled in just 18 minutes)))
Emergency protection during a DDoS attack
All of the above actions significantly reduce the amount of unnecessary load on your server, but in the case of the DDoS attack itself, this may still not be enough.
If your server is on the verge of exhaustion in the fight against DDoS attack, then it is better to take advantage of the emergency protection from CloudFlare. To do this, go to the settings and turn on the mode “I’m under attack!”.
Thus, when your site is visited by someone, CloudFlare will conduct additional verification of this user and skip it if the check is successful. It lasts only a few seconds and does not require captcha input. For the average user, it looks like this:
Those who closely follow the SEO blog of a sectarian should have seen this page.
As soon as the load is asleep, you can turn off this mode.
How to change hosters using CloudFlare
As I wrote at the beginning of the article, I changed the hoster. But it affected even worse, and I moved back to the old one. Who cares, SEO blog of the sectarian now on Timeweb, made an attempt to move to Reg.ru. The attempt ended in failure, not at my level. It seemed to me that Reg.ru initially had a very weak defense, because it was the week with which they were most tense. As soon as I returned to Timeweb, the load decreased itself. Apparently, they have filters at the level of their servers, rather than individual sites.
So when I moved the site back to Timeweb, I needed to change the IP address and DNS. But I also had DNS CloudFlare installed, and I did not understand how to implement the transfer.
In fact, everything is simple: you just need to replace the old host IP address with the IP address of the new one in CloudFlare itself. In the My websites panel, select the site and click on DNS settings
In the menu that appears, you need to change two items that show which IP address is sent filtered traffic after filtering in CloudFlare.
After that, do not forget to put the DNS CloudFlare in the new hosting panel.
Blocking IP addresses in the .htaccess file
CloudFlare is good, but as I wrote above, some of the spam traffic still gets through its filters. That’s why I additionally banned the most active IP addresses in the .htaccess file. This is done very simply:
Order Deny, Allow Deny from 188.8.131.52 Deny from 184.108.40.206 Deny from 220.127.116.11 Deny from 18.104.22.168 Deny from 22.214.171.124 Deny from 126.96.36.199 ....
If you have many such addresses, this tool will be useful, it will generate a list with all the forbidding directives. You only need to give it the IP addresses that you want to block.
As a result, all blocked addresses will be given 403 errors. It also loads the server, but it is many times less than loading a full page of the site. In logs on the server, such visits will be visible.
By these methods I was fighting against DDoS attack and reducing the load on the server. Have you ever faced these challenges? Do you know any other interesting ways? Share them in the comments!
And do not forget to subscribe to the SEO Blog of the sectarian, or else it will be