Getting too many (flood) request, how can I block/reduce bot requests to my site?

13

3

We are using J3.2.3 on one of our client's website, which is an online casino website.

The website is not live yet, as it is in development mode.

Today we noticed that the server is too slow, though it's a dedicated server.

After digging into the server we understood that there are a lot of requests coming from various IPs, bots, etc.

We can definitely block the IPs using Ubuntu tools, but this is not a solution. We should use a method to first detect them, then to block them, but at the same time not to block the real visitors.

I installed sh404SEF and activated the Security features, as well as, Project Honey Pot! Now when I go to Components > sh404SEF > Security Stats, I get these stats for the last 30-40 minutes: sh404SEF security stats tab


Question 1: Is it dangerous to have this much page requests? Question 2: Is there a way to reduce the number of requests? Question 3: Which is the best way to protect my Joomla website against the bots, DDoS attacks, etc.

Thank you!

Gev Balyan

Posted 2014-04-22T17:58:01.977

Reputation: 287

2You need to tell us a lot more about your server for us to offer legitimate solutions. I think I'd be investigating why your server is slow with so few requests... Really 8,000 requests slow down your server? They might be spammers, but they are showing you, you can't serve many requests. – bgies – 2014-04-23T00:41:41.210

Did you change anything prior to the server becoming slow? For the moment, I would treat the bots as a different problem. Incidentally, I've read that sh404SEF security features can slow down a server- I've not verified this myself. – TryHarder – 2014-04-23T01:44:57.357

Few servers or IPS are always under threat. So no matter what site it is, if you are under that network / server / hosting, you will be under attack. Try switching servers to avoid such unnecessary attacks. But if your site is famous and getting real visitors then this is not avoidable anyhow bots will attack. – Sasi varna kumar – 2017-01-23T09:34:25.793

Answers

7

If you are using Cpanel or any other linux distribution I would highly suggest using http://configserver.com/cp/csf.html and configuring it. It will reduce the amount of bots that are hitting your server and using up your resources.

Steven Pignataro

Posted 2014-04-22T17:58:01.977

Reputation: 134

8

You can use CloudFlare as firewall to your site: http://www.cloudflare.com/features-security

me7hos

Posted 2014-04-22T17:58:01.977

Reputation: 235

2

Another Web Application Firewall to consider is Sucuri. https://sucuri.net/ We have used it with success on a number of our projects.

– Zachary Draper – 2014-04-22T19:24:24.040

7

There is no one solution, you are best off using a combination of solutions. We have some high profile sites that are often targeted so we have adopted these measures -

  1. Cloudflare - great service. The bogus requests never make it to your server and their caching will save you considerable bandwidth. They filter the vast majority of bad requests.

  2. Admin tools or RS Firewall - Many sites you can block most countries other than your target audience. They can also automatically block IP addresses that are repeat offenders.

  3. Jsecure or similar plugin - changing the URL to the admin site is easy insurance. There's nothing to attack if they can't find the page.

This protects your sites in multiple ways. Most attackers won't bother with your site if they hit a couple of roadblocks early, there are too many other insecure sites out there to spend a lot of time on one site. Unless they are specifically targeting your site, you should be good.

Brent Friar

Posted 2014-04-22T17:58:01.977

Reputation: 241

6

You can also run jSecure on your site, it's a simple component that moves the administrator login to something other than /administrator/index.php. It can also redirect requests to the old admin page to something like a 403 page and has some basic IP auto banning functionality.

It's a small change but I find it greatly reduces the number of bots requests on a site.

Spunkie

Posted 2014-04-22T17:58:01.977

Reputation: 682

4

I would suggest Akeeba Admin tools, it offers great protection to nearly all kind of attacks, and white/black list features, you can block ips, etc...

That said, I would investigate why a non live site is attacked so much, is strange being still in development

Johnnydement

Posted 2014-04-22T17:58:01.977

Reputation: 165

4

There are components that can help with this. sh404SEF by Anything Digital has the ability to monitor, throttle and block requests based on a preset config that you define. I think Akeeba Admin Tools Pro allows this as well.

If nothing else, you can always view your server logs in cPanel and add blocking config to your site .htaccess file.

Don Gilbert

Posted 2014-04-22T17:58:01.977

Reputation: 1 022

1

Project HoneyPot is a great idea that worked well until the spammers figured out how to get around it. I am continually blocked by Project HoneyPot because I have a dynamic IP that has apparently been used by spammers about 2 years ago. I now refuse to use websites that use Project HoneyPot. It's not worth my time and effort to get my IP unblocked almost every day. You will be blocking a great many legitimate users if you continue to use it when you are in production.

If you have admin access to your server there are definitely better ways to do this.

bgies

Posted 2014-04-22T17:58:01.977

Reputation: 226