You are under ddos attack ?

1

 

Attaque DDos niveau 7

 

Ddos attack ?

Let's talk about it in case we did not already intervene :)

Naughty IPs lurk around your site, and saturate it, the question is 1 or more ?  (The remedy will not be the same)

From your cPanel, look at the Metrics section, see icon 'Visitors' and also icon 'Raw access' to download access files, try to identify if it's a single IP or specific URL else than homepage, analyze your raw logs also in cpanel if needed... (check column user agent to see if this could be bad ugly bot, if you think that yes, inform us...)

We have already seen bots bugging, check in case if it would be a google IP with this :
https://apps.db.ripe.net/db-web-ui/#/query

The first objective is to mitigate attack to make them give up if possible...

First and foremost, be sure that your site is 100% SSL, as this protects it in part from certain web attacks : https://support.yoorshop.hosting/knowledgebase/1551/How-to-install-an-SSL-certificate.html

Solution 1:
Block a time by cPanel: 'IP address blocker', several hours after come to unlock it (Google IP or not)

For attacks on contact form or registration or customer space, it is 'brute force' attack, no need to fight IPs that change without stopping, you must set up protection captcha : ReCapatcha

Solution 2:
If a multitude of IPs attack your site, no need to run after each, this is called a level 7 attack, and the only remedy is the tiered shield. Know that a part is already filtered by our firewall before the server, and also by the anti-ddos of our supplier. To stop the attack, if necessary, you have to make adjustments by Nginx at the level of your account

This shield is a special YOORshop config that you will be able to set up in a few clicks, and its goal is to restrict access to your site to only a few IPs for a few minutes, this will bring down the tension, and attackers (Robots obviously) will give up after a few minutes only because they can no longer send a valid query... We must make it clear to the attacker that the site is no longer vulnerable. There are no other solutions to stop this kind of attacks ...

From your cPanel, at bottom see section Nginx, et le plugin Nginx-Manager

Choose your domain then click 'Configure'

1. Cookie challenge :

Bots do not accept cookies in general, this filter will not let through if the cookie is not accepted.
All popular bots like google and other are excluded from the cookie test
Here is the option in Nginx for temporary or permanent solution :
see 'Security settings', see line : 'bot mitigate', click on enabled, finally : 'Apply settings'

Check if there are no side effects, in which case you can easily disable it from your cPanel. It is totally normal to see added in URL : 'bot_test=1'. Redirect code used is 307.

(NB: If a legitimate robot is blocked due to its role in your activity, we can authorize it on request, we need its name 'user agent' or IP if static. If a legit client is blocked because he doesn't accept cookies, he will see message to unlock himself alone : https://www.hostingfilters.com/cookie-test.html )

2. Limit traffic

Middle term and moderate protection, see 'Application status', keep PROXY and click Select, choose profile : 'YOORshop ddos attack repeated' and save with 'Apply upstream configuration'. This will cut connections to your website if they are too numerous above a a certain level during attack time. If no attack is ongoing, your website should function perfectly. The attacker will realize this after a while, his attacks will not reach their goal which is double : put your site offline for several hours, and underlying way harming the server that also host other customers... (As a reminder, the normal mode is the YOORshop Defaut profile)

3.If not enough, use Nginx template : 'YOORshop ddos attack'. You can also activate the dos mitigation by 'Security settings' : 'DOS mitigate', it is a little stricter and does not allow HEAD requests in case it is the case of attack by this type of request.

4. Activate Cloudflare from your cPanel without changing the DNS, and go to Settings, put 'Under attack' a few hours, then high and moderate gradually...

Observe what happens during next15 minutes minimum between each action you did ! this will take time to assess. Note that it is normal to see messages like 'Webservice currently unavailable Error 503' during the mitigation time

If actions 1 and 2 are sufficient, you can theoretically leave this configuration permanent for test_cookie. For the profile 'YOORshop ddos attack repeated', if you do not see any damage by visiting your website/or the average level of your orders, you can leave also it permanently. If action 3 is not enough, you must add Cloudflare in front of your domain, see dedicated article.

If points 1,2,3 are not enough, contact us