I thought I’d write a quick post up about my recent experience with a DDoS attack on the epicplugins website and how I was able to manage this using Cloudflare and how it helped.
Since around 1.00AM GMT the site started seeing “500 internal server error” this was caused by a number of spambots hitting the site and after they’d visited they’d left 4,000 SPAM comments on a single blog post.
Yep – that’s a lotta SPAM. Looking through the usual Google Analytics charts nothing looked out of the ordinary but it could be seen from the Cloudflare analytics that a large number of the visits to my site were coming from China and from spambots. A large number to post comments on a single blog post and slow down the server.
What are our tips for preventing a DDoS?
- They’re tough to defend against. If the bots came back from a different IP cluster they could cause more problems.
- I renamed the permalink and ID of the post so that if it was set in a spambot program, it wouldn’t be found (ID needed to be changed as well since WordPress runs things from ?p=124 type addresses).
- I let cloudflare do it’s thing, put the security setting on high and blocked the IP of the spambots
They could indeed come back and wreck havoc again. I’m not sure on the motivation of these but they seemed to be drawn to the use of “bbPress” in the title of my post and related links on the bbPress forum.
This may be because most forums would be free for people to post up topics and replies and an easy way for a spambot to get their links put down.
Perhaps this attack was in response to me posting a link about the latest bbPress plugin we’ve developed and it was treated as SPAM.
What is SPAM? is there a difference between SPAM and promotion? In my view SPAM is someone coming to a site about WordPress plugins and putting a link up about fake handbags.
Sending a link to a WordPress plugin, when someone has asked “does this WordPress plugin exist” I don’t think as SPAM but it appears some people must think of it as SPAM.
What are your thoughts.