They hammer index.php

  • Hi

    They hammer index.php file and as it seems they attack to the pages or files that are not unavailable. This plugin can help about these kind of attacks? As it seems they are Brute Force.

    Cloudflare can not stand all type of attacks or if the attackers fimd my IP address. as I have seen before.

    On my last shared host account they helped me with the attack, I asked them how did you do that they said: “We analyze the attacks and closed them from the router”.

    I do not know how they did that. I have received such an emails for 12 times from yesterday:(They attack just 3 of my subdomians)

    lfd on xx: Excessive processes running under user xx

    Time: Wed Jul 25 20:22:02 2018 -0400
    Account: xx
    Process Count: 20 (Not killed)

    Process Information:

    User:xx PID:17849 PPID:12644 Run Time:2(secs) Memory:187496(kb) RSS:40336(kb) exe:/xx/index.php

    -How can this plugin recognize the attacker IPs when we are using a CDN like Cloudflare?

    – How can we now that we are under attack? by using this command on ssh? :
    `netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author WPChef

    (@wpchefgadget)

    Hi yeknafar,

    The plugin doesn’t use IPs. Here is how it works:

    https://www.ads-software.com/plugins/protection-against-ddos/#how%20does%20the%20plugin%20work%3F

    This means that the plugin can’t stop any DDoS attack, but the most common for WP sites ones.

    Try to apply some page caching rules from your CF account. This always helped us in the past. Or find out the attacker’s location and deny access from that country.

    [ Signature deleted ]

    • This reply was modified 6 years, 3 months ago by Jan Dembowski.
    Thread Starter yeknafar

    (@yeknafar)

    Thanks

    Does the hammering index.php is common too?
    Can the plugin help about it?

    The problem is they attack from the country that 95 percent of the visitors of my site come from there.

    I have blocked RU but some of their attacks reach to the server. My server went down for some minuses last night.

    I am trying to set IPtable too but there isn’t a goof manual for newbie people abiut it.

    Thanks

    Plugin Author WPChef

    (@wpchefgadget)

    Hi yeknafar,

    No, unfortunately the plugin doesn’t protect against index.php attacks. This requires a lot more than just simple cookie/htaccess checks which this plugin does.

    From our experience, the only thing that helps stopping intentional massive ddos attacks is using specialized services like CloudFlare premium features, Amazon ddos protection, etc. Also a lot of hosting providers provide this service and unfortunately it is usually paid.

    BTW CloudFlare allows to turn the “I’m under attack” option on and it actually helps but makes a site less usable.

    [ Signature deleted ]

    • This reply was modified 6 years, 3 months ago by Jan Dembowski.
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘They hammer index.php’ is closed to new replies.