I recently received an attack and I still receive it, it is not to YourWPweb.com, but to other of my websites.
The attack consists simply of spam visits, massive visits with the intention of saturating the server. What is known as DDOS attack, denial of service attack.
This forced me to take action. Because although the attack was small at first this was growing, day after day, probably so if you have a software not very good installed security does not detect spam traffic. But I as a human I detect it. How?
The spam traffic comes from a botnet, this means that it comes from a network of hacked computers … why do I believe this? Because the visits come from practically the whole planet and the operating systems of the trash visits are diverse, windows and sometimes mac, and browsers firefox, chrome, opera… In very common percentages, which makes me think that the traffic comes from infected devices and directed like a botnet.
How do I know that they are spam visits and how do I distinguish them from normal ones?
The first thing you have to do if you have a strange traffic rush is analyze it, I always do it. Normally they are standard spam haha. That is, the visits come from a website that sells a service with the intention that by looking at your statistics you can see their website. This is very typical and it is not harmful but it is not the case that I am telling.
In my case it is a website in Spanish where I have been receiving visits every year from countries such as Spain, Mexico, Venezuela, etc. And some of the USA. It is logical, a web in Spanish receives users of Spanish speaking countries.
That’s why when I suddenly got triple the number of normal visits in a day from France, Germany, China, Korea, Thailand, I knew something was happening. I let it go, but the next day it multiplied by 3 visits. I was receiving my first DDOS attack.
Then I will explain how I defended myself but first I have to tell how I distinguish the visits of the bots from the human ones since some visits also come from South America.
Well, in the case of this DDOS attack the attacker’s visits always start at the main URL. I mean, it would be yourweb.com, and not directly into a subURL like yourweb.com/things-that-i-like, then I looked at my statistics for the last few months and discovered that until the attack only 4% of my visits are arrived directly in the main URL. And I almost do not have visits from countries like Japan, France or China, which together do not represent more of 0.5% of my visitors.
In other words, I know that if they arrive at the main URL and they are from non-Spanish speaking countries it is spam, and I only have an error lower than 0.1%.
Then there is another variable in which I have repaired, 95% of my visits come from Google and only 0.5% of visits go directly to the main URL without coming from Google, YouTube, or an intermediate website in general.
So, if the visitor visits the main URL, does not come from any website and is from a country where Spanish is not spoken, there is a 99.9% chance that it will be part of the attacker’s visits.
Perfect, once the attacker was identified, I could take action, and you, too, if the same thing happens to you.
Now the next step is to organize the defense.
Defend our WordPress website from spam visits and DDOS attack
There are many plugins that allow us to defend our wordpress, from the Akismet plugin to Wordfence through a thousand more or less famous plugins.
But in this article I am going to show you the ones I used, fulfilling 2 requirements: defend myself against this attack and nothing else, and being free.
I found many plugins that allow you to ban ip but only one that only does that and that is also free, is called
LionScripts: IP Blocker Lite. It is a simple IP blocker, it has a box where we put the IP and add it to the blacklist, then they will not be able to visit our website anymore from that IP, unless we remove it from the blacklist.
The plugin is very simple and fulfills its function perfectly. It also has a paid version but the function that interests us is free.
Beware: Do not block your own IP or you will have to go to a cafe or use another device to re-access your website.
The next thing is to identify the IP, if you already have a plugin that allows you to see the perfect IP, but install this plugin: SlimStat.
It is a very used plugin that will allow us to know the IP of the page (s) visited by that IP, the browser, the OS, etc.
It also has many statistics functions, we can be a complement to Google Analitycs statistics or even substitute our statistics in WordPress generated by the Jetpack.
Once installed both plugins simply in SlimStats we go to the section: AccesLog and there we will see the following:
We see in the photograph what I indicated above, visits to the main URL, varied browsers, and the IPs come from different countries. We can use a location website, like this one or this one. But there are many other websites that allow us to locate IP geographically, you just have to search in Google “ip location”, or similar.
And ready, located the IP and proven the source because we proceed, if it is spam, to copy and add it to the blacklist.
Summary
Simply before a simple DDOS attack or even users who bother us, simply install the 2 mentioned plugins, find the IP of the attacker or the pattern that follows the visits of the attacker identifying their IPs and blocking them.
This protects us against unwanted users and against bot attacks.
The problem would be that the DDOS attack was more sophisticated and had unlimited IP in practice, in that case we would use another plugin and another strategy on which I will write.
|
|
Acepto donaciones de BAT's mediante el navegador Brave 🙂 |