Dealing with DDOS Attacks

[doctor46]

Hi there,

 

Currently our website is under attack by what appears to be DDOS (as advised by the Host).

This has been ongoing for 6 days now and is causing the website to be shut down every 24hours (by the Host) due to CPU overload.

 

We are currently looking at what measures are available to cease the attack.

• I have modified the robot.txt file to only allow selected robots, however this had no effect.
• I have also selected the SSL be forced for the entire site - this is effective but there are now issues with certain devices and/or businesses.

 

Currently we are running version 4.3.4 and have delayed upgrading due to the many mods installed.

 

Can anyone provide any advice?

 

Much appreciated,

Troy

[bsmither]

Welcome doctor46!

 

Cubecart cannot do anything about DDOS. DDOS'ers do not pay attention to robots.txt files. Having CubeCart instruct the visitor's browser to re-request the page using SSL port 445 also is too late*, as the initial page request has already been received into the data center, passed to the appropriate server box, and acknowledged by the web server serving your pages. All this is before CubeCart gets involved.

 

Blocking DDOS requires a hosting-level solution - often a very sophisticated one. This is very much the same as when the United States' Affordable Health Care Act website went online (not because of DDOS, rather because everyone tried to access the site all at the same time -- same effect, different intent). Redesigning the web content or the application's programming is not the solution. Building/configuring a better firewall is the solution.

 

* However, by issuing the 302 re-direct, Cubecart has deferred a lot of computation and database access. To get CubeCart completely out of the picture, the .htaccess file can do the 302 redirect. But CubeCart will still need to be configured to match the .htaccess file. Otherwise an infinite series of "use ssl", "do not use ssl" will occur.

[doctor46]

Thanks for the prompt response.

At present i am having difficulty convincing the host that we need a hardware solution, not some form of coding.

Perhaps if i ask what level of configuration is available within the firewall - see what that brings?

 

Are there any specific options that should be applied. I don't have access to the firewall through C-panel as i believe it is within the WHM.

[havenswift-hosting]

Hi Troy

As already said, this is not a function of CubeCart and requires a hosting level solution although it sounds like your hosting company isnt being very helpful either in actually help mitigate the attack or provide more information - what is the website and hosting company ? What makes them believe it is a ddos attack - if their server is heavily loaded already then any regular process (ie every 24 hours from internally or externally) could cause overload.

Unless you have a well known, busy or contentious website then it is either not likely to be a ddos or is a small scale one that should be easily preventable - it also sounds a little strange that your host is shutting down the site every 24 hours - at what time and for how long ?

If it is indeed a ddos attack targeted at your specific site and is relatively small scale then it would be easy to stop via IP or maybe even country level blocking but this is only effective if it isnt distributed with randomly changing IP addresses - however any decent firewall should be able to stop small scale distributed attacks easily anyway. For larger targeted attacks then solutions we put in place include Cloudflare who we are a partner with and is extremely effective

If you would like us to help you out then please drop me a line

Thanks

Ian

[Al Brookbanks]

Hi Troy,

 

I just wanted to backup these guys with an official response that they are correct. Suitable software or hardware firewall settings should resolve this issue.

 

I hope it settles soon.