epiz_25072880 (c28.epizy.com) <keddie28.com>
“Account is suspended due to Entry Process Limits.”
This began with a huge spike on EP failures on the afternoon of the 15th, leading to a 24 hr suspension. Shortly before the attack, and when my site came back online, there were a couple database errors, which happens every month or so-- typical burps and farts on the server which go away after a few minutes, so I chalked up the EP spike to changes apparently being made to the servers.
The site was fully operational about an hour after the suspension ended, so I let it go as a temporary glitch, as my site has never been attacked in ten years.
Then another massive spike happened again this morning around 4 AM my time: Same symptoms, same result: 24 hr suspension, which will end tomorrow morning. (see linked image below- both EP attacks are almost identical, except the first one was a larger spike within one hour). As a result, I now consider my site under direct attack.
In the lead-up to this, I’ve made no code changes of any kind in the last few weeks, and those changes were only to html pages. No PHP files have been altered in months. I’ve also made no changes at the Cloudflare level, until this second attack: This morning, I put CF in “Under Attack” mode as a first measure for when the current acct. suspension ends.
I have noticed that some trolls on my forum have been able to circumvent measures I’ve taken to ban them: Their IP ranges have been blocked on CF, via .htaccess, and via the BLOCK IP feature on the IF Control Panel. I suspect they are also behind the DDOS.
My Q: Can anything be done to determine which .php resources they are attacking? What measures can I put in place to block their attacks? What can I do at the infinity account level to identify and solve the problem? Same goes for expert suggestions on changes at the Cloudflare (free acct) level.
My site comes back online at 4AM PST Monday, and I would love to have shields in place which are impervious to these gutless trolls.