I'm suffering DDOS attack on my site what Iinity can do to block the attack ips?

Username (e.g. epiz_XXX) or Website URL

(please specify the website or account you are asking about)

Error Message : 502 Bad Gateway always always always

(please share the FULL error message you see)

Seelms to be a DDOS attack since several days

(other information and details relevant to your question)

502 is not significant of a DDoS attack. Which IP is your account on? What is your URL? What (if any) software are you running on your website?
If you donā€™t provide information, we canā€™t help you solve your issue.

5 Likes

Did you read?

5 Likes

Hey! Yes Iā€™ve read.
Site IP: 185.27.134.33
On Vol:l vol17_1
Is it also concerned by the outage?

185.27.134.33 appears unaffected.

3 Likes

So I suspect a DDOS attack as mentioned. Always error 502.

Again, HTTP 502 doesnā€™t explicitly denote a DDoS attack. Youā€™d be able to tell if the IP or domain wasnā€™t responding, like loading indefinitely. It was probably unannounced maintenance or emergency maintenance; but of course I canā€™t rule out your theory of a DDoS attack.

4 Likes

Hey! Me again. Iā€™ve looked the metrics and it shows big hits between 01/11 and now. Itā€™s unusal and Iā€™m quite sure someone is hacking my site. Is it possible to have a server log for this period to see the ip(s) attacking my site? Eventually I need some to make complaint.

Heresā€™s the metrics showing the pick of presume attacks:

Thxs.

You barely got 10k visitors, and that graph looks normal.

No, we donā€™t keep logs; upgrade to premium if you need them.


Honestly, I see nothing wrong. I think you just need to settle down a bit.

4 Likes

Hi,
I answer to the title question : what can I do to block attack IPs ?
You can adjust the .htaccess file. I recommend to look at Perishable press [7G Firewall | Perishable Press] . I use it, it is free, and and it is very effective. I had thousands of non desired robots requests everyday, and now, less than 10. The author gives a lot of tricks to redirect and improve the safety of your site.
Youā€™ll have to be specific in your choices to decrease the size under the 10 ko maximum accepted for htaccess at Infinityfree

That does not really work, since the request will still come to the server. Plus, blocking IPs is not really effective, since you can change your IP in just a few seconds.

4 Likes

How to block an IP range with CP Deny IP? Iā€™ve tried this format but it doesnā€™t work: 213.186..

Mistake the format used is ā€œ213.186.star.starā€

Now Iā€™m asked to change to premium because of the hits, but itā€™s false, Iā€™ve a metrics too that counts all connections to my site with an average of 20-25/daily. With 3 articles on it itā€™s impossible to have such hits as announced.
Thatā€™s why, with the 502 error and many SQL errors too always redundant. Iā€™m sure thatā€™s a DDOS attack, same symptoms. So as I understand thereā€™s no way to get a proof, all what Iā€™ve to do is to pay when my site is hacked by cyber hacktivists.The announced trafic IS NOT ON MY SITE but only on the SERVER.

The IP address your website is on, 185.27.134.33, does appear to have been flaky. I think itā€™s most likely that this is the same issue as with the other three IPs given that the symptoms are very similar, but thatā€™s just a guess on my part. Iā€™ve asked iFastNet for more info about it.

This is definitely unrelated to your website specifically though.

The ā€œbig hitsā€ youā€™re referring to just seems like a small bump. I donā€™t see any cause for concern there. There may be some bot traffic coming in to your website, but with proper website security and Cloudflareā€™s WAF they wonā€™t do any real damage. And the total hits usage is still well below any limits, so thatā€™s all fine.

You can try to block bad IPs through Cloudflare, but know that any dedicated attacker will have access to a large number of IP addresses from different locations and providers, which is virtually impossible to block.

3 Likes

Thank you for your prompted & wised answer. Keep me inform of feedback.

Hi,
With some .htaccess ā€œtricksā€ I could drop the bot activity from thousands a day to less than 10 a day. You can log the activity, as well the IP adress as the user agent and tune the .htacess accordingly.
Question : Why isnā€™t it done upfront at the server level ? to avoid the bots to reach the sites and decrease the load on the server ?
I do not have the answer , and I guess it is technically not that easy as every web hosting company does it the same way. Or some webmanager are interested in getting these bots visits ?





And bonus

5 Likes

Thanks for feed back. Itā€™s clear
When I tuned my htaccess to decrease from thousands bad requests a day, to less thant 10, I realized, that actually more than 99% of the web traffic is useless. Decreasing the energy used by web servers is within reach if we manage to block these bad guys upfront !

I donā€™t think it is.

You canā€™t block bots from hitting the server with configuration on the server. Thatā€™s what I wrote in the first post @Oxy linked to. The bot hit will come anyways. Your htaccess tricks wonā€™t help you in the slightest from reaching the hits limit.

If you saw bot traffic decrease, thatā€™s great news! But waves of bot traffic go up and down, so itā€™s possible that the bots just moved on regardless of the .htaccess rules.

Also, I donā€™t know what htaccess config you added, but I can assure you that itā€™s not guaranteed to be effective. You can block IP addresses and user agents, but many bots use user agents from popular browsers and a large number of IP addresses, which you canā€™t properly stop without blocking massive swaths of IP addresses which will invariably hit legitimate traffic.

Again, you say you understand but then you say things that suggest otherwise.

We already do this. That is what iFastNet said in April. A lot of traffic is already being blocked but itā€™s hard to block more without blocking legitimate traffic.

5 Likes