502 is not significant of a DDoS attack. Which IP is your account on? What is your URL? What (if any) software are you running on your website?
If you don’t provide information, we can’t help you solve your issue.
5 Likes
Did you read?
5 Likes
Hey! Yes I’ve read.
Site IP: 185.27.134.33
On Vol:l vol17_1
Is it also concerned by the outage?
185.27.134.33 appears unaffected.
3 Likes
So I suspect a DDOS attack as mentioned. Always error 502.
Again, HTTP 502 doesn’t explicitly denote a DDoS attack. You’d be able to tell if the IP or domain wasn’t responding, like loading indefinitely. It was probably unannounced maintenance or emergency maintenance; but of course I can’t rule out your theory of a DDoS attack.
4 Likes
Hey! Me again. I’ve looked the metrics and it shows big hits between 01/11 and now. It’s unusal and I’m quite sure someone is hacking my site. Is it possible to have a server log for this period to see the ip(s) attacking my site? Eventually I need some to make complaint.
Heres’s the metrics showing the pick of presume attacks:
Thxs.
You barely got 10k visitors, and that graph looks normal.
No, we don’t keep logs; upgrade to premium if you need them.
Honestly, I see nothing wrong. I think you just need to settle down a bit.
4 Likes
Hi,
I answer to the title question : what can I do to block attack IPs ?
You can adjust the .htaccess file. I recommend to look at Perishable press [7G Firewall | Perishable Press] . I use it, it is free, and and it is very effective. I had thousands of non desired robots requests everyday, and now, less than 10. The author gives a lot of tricks to redirect and improve the safety of your site.
You’ll have to be specific in your choices to decrease the size under the 10 ko maximum accepted for htaccess at Infinityfree
That does not really work, since the request will still come to the server. Plus, blocking IPs is not really effective, since you can change your IP in just a few seconds.
4 Likes
How to block an IP range with CP Deny IP? I’ve tried this format but it doesn’t work: 213.186..
Mistake the format used is “213.186.star.star”
Now I’m asked to change to premium because of the hits, but it’s false, I’ve a metrics too that counts all connections to my site with an average of 20-25/daily. With 3 articles on it it’s impossible to have such hits as announced.
That’s why, with the 502 error and many SQL errors too always redundant. I’m sure that’s a DDOS attack, same symptoms. So as I understand there’s no way to get a proof, all what I’ve to do is to pay when my site is hacked by cyber hacktivists.The announced trafic IS NOT ON MY SITE but only on the SERVER.
The IP address your website is on, 185.27.134.33, does appear to have been flaky. I think it’s most likely that this is the same issue as with the other three IPs given that the symptoms are very similar, but that’s just a guess on my part. I’ve asked iFastNet for more info about it.
This is definitely unrelated to your website specifically though.
The “big hits” you’re referring to just seems like a small bump. I don’t see any cause for concern there. There may be some bot traffic coming in to your website, but with proper website security and Cloudflare’s WAF they won’t do any real damage. And the total hits usage is still well below any limits, so that’s all fine.
You can try to block bad IPs through Cloudflare, but know that any dedicated attacker will have access to a large number of IP addresses from different locations and providers, which is virtually impossible to block.
3 Likes
Thank you for your prompted & wised answer. Keep me inform of feedback.
Hi,
With some .htaccess “tricks” I could drop the bot activity from thousands a day to less than 10 a day. You can log the activity, as well the IP adress as the user agent and tune the .htacess accordingly.
Question : Why isn’t it done upfront at the server level ? to avoid the bots to reach the sites and decrease the load on the server ?
I do not have the answer , and I guess it is technically not that easy as every web hosting company does it the same way. Or some webmanager are interested in getting these bots visits ?
And bonus
5 Likes
Thanks for feed back. It’s clear
When I tuned my htaccess to decrease from thousands bad requests a day, to less thant 10, I realized, that actually more than 99% of the web traffic is useless. Decreasing the energy used by web servers is within reach if we manage to block these bad guys upfront !
I don’t think it is.
You can’t block bots from hitting the server with configuration on the server. That’s what I wrote in the first post @Oxy linked to. The bot hit will come anyways. Your htaccess tricks won’t help you in the slightest from reaching the hits limit.
If you saw bot traffic decrease, that’s great news! But waves of bot traffic go up and down, so it’s possible that the bots just moved on regardless of the .htaccess rules.
Also, I don’t know what htaccess config you added, but I can assure you that it’s not guaranteed to be effective. You can block IP addresses and user agents, but many bots use user agents from popular browsers and a large number of IP addresses, which you can’t properly stop without blocking massive swaths of IP addresses which will invariably hit legitimate traffic.
Again, you say you understand but then you say things that suggest otherwise.
We already do this. That is what iFastNet said in April. A lot of traffic is already being blocked but it’s hard to block more without blocking legitimate traffic.
5 Likes
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.