Urgent : Port 80 attacks causing 99% CPU

[Only registered and activated users can see links. Click Here To Register...]

This is what happened because of the attacks,
the only solution i know is end task the apache, so the attacks stops and CPU back to normal.

Some notes:
1. i am using CMS
2. i am using cloudflare
3. i am using dedicated server
4. i believe he's using the real ip or the gateway domain

Help if you can, thanks in advance.
All the answers appreciated.

Allow The httpd.exe through firewall don't open the port , Use Something like ddos protection , Simple FW these tool's can help tho

Or use a debian server with iptables, cloudflare and nginx.

Quote:

Originally Posted by Mc-Diesel Allow The httpd.exe through firewall don't open the port , Use Something like ddos protection , Simple FW these tool's can help tho

Will try this now, hope it works, i will feedback once i am done with it.

Quote:

Originally Posted by Devsome Or use a debian server with iptables, cloudflare and nginx.

I am using cloudflare already. I think he's using the real ip with the port 80.

it might be a script being used infinitely.. first thing to do is limiting out "MaxRequestsPerChild" and removing any extension was added manually

Mentioning ddos attacking for pservercms there are many ways that can take ur website down one of them is brute forcing.

So it gonna end up with debugging and checking where the issue caused from

This can't be continue, i need help!!!

I have tried to disable port 80 and open apache httpd, but still

[Only registered and activated users can see links. Click Here To Register...]

Quote:

Originally Posted by bimbum* it might be a script being used infinitely.. first thing to do is limiting out "MaxRequestsPerChild" and removing any extension was added manually

How can i do that? maybe it works!

so far i tried
Kimiguard, Simple FW, Anti-ddos
the issue still exist, i would love to get some help here.

Quote:

Originally Posted by FREDDY! This can't be continue, i need help!!! I have tried to disable port 80 and open apache httpd, but still [Only registered and activated users can see links. Click Here To Register...] How can i do that? maybe it works! so far i tried Kimiguard, Simple FW, Anti-ddos the issue still exist, i would love to get some help here.

simply use the website in a separated dedicated server

Did you fix it my friend ?:rollsafe:

2 Things:

-VPS Company is sh*t and need to change
-Need more CPU Cores and RAM.

Im pretty sure this is ur problem.

btw to make a good server and avoid this shits

pay 8g ram vps from any poor company then host the website files on it

also open cloud flare protection .

that's 1 from the steps to make stable server
GL

can't find a solution still, need more hints

Quote:

Originally Posted by FREDDY! can't find a solution still, need more hints

We're specializing in DDoS Protected hosting services, we can be of help if needed. ;)

Why don't you rate limit the connections?

Quote:

Originally Posted by _SGA_ Why don't you rate limit the connections?

Well if he uses rate limiting, the attacker has to use a large proxy list to bypass it, even if you do it at 1/s, the attacker can still use 1000 proxies to do hits at 1/s, resulting in 1000/s, while sounds good, it will only solve lame attacks, however, distributing it, will suffice to bypass it.

Quote:

Originally Posted by hyperfilter Well if he uses rate limiting, the attacker has to use a large proxy list to bypass it, even if you do it at 1/s, the attacker can still use 1000 proxies to do hits at 1/s, resulting in 1000/s, while sounds good, it will only solve lame attacks, however, distributing it, will suffice to bypass it.

I through single IP is making tons of requests. Yup in this case, it won't work. Cloudflare is very effective in filtering such things, are you sure they aren't bypassing Cloudflare. For example they might be connecting directly to your host IP address. Maybe you should try allowing web connections only from the Cloudflare's official IP's. You can block any other IP's for ports 80 and 443 and allow cloudflare ones and increase the security level from cloudflare's menu.