layer 7 of the post type on whmcs client area
Hello everyone, I would like to report a problem and ask for help in a possible solution.
For 3 days I have been suffering layer 7 attacks on my website. I will list all the measures I tried.
- Cloudflare PRO with WAF
- Sucuri (2 days with an open ticket and no response)
- Only SSL traffic allowed, attack method blocking (HTTP 1.1 POST)
- BitNinja
- cpGuard
For some reason the attack seems to circumvent the cloudflare captcha and JS challenge. Requests continue to arrive at the server and cause the site to overload completely.
https://purplehost.com.br - Reliable, secure and affordable game hosting.
Comments
Can you post tcpdump? I do not promise, but I might take a look.
The hosting I use is cPanel, shared, do not send tcpdump ;(
https://purplehost.com.br - Reliable, secure and affordable game hosting.
Are you hosted on someone elses server or this is your own?
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
It is a shared hosting.
https://purplehost.com.br - Reliable, secure and affordable game hosting.
Work with your host with some basic mod security and connection limitations
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
You hosting whmcs on a shared hosting? I'm confused...
You need to contact the hosting, without access to the server not sure what...
wait
what
but if they started attacking before you used CF that means you couldn't change ip... or did you?
Step 1, move your whmcs to your own server or VPS, step 2 you then have options that will allow us to help.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
Tried CloudFlare rate limiting? From your last screenshot it does appear to be the same IP address over and over, so if that's the general case then rate limiting would filter that out. However if they're using a big pool of different IPs, then it won't do much.
Yes, and for some reason, requests keep coming.
Right now I'm looking for a new host. That was my third this year.
https://purplehost.com.br - Reliable, secure and affordable game hosting.
Don't use shared hosting this time to stand at least some chance.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
And if you're going with a VPS (at least) as you should get rid of the shared hosting, you should block all traffic on ports 80 and 443, and whitelist CloudFlare IPs, to make sure that they're not attacking you directly (outside of CF).
I went to another host and activated the CF PRO WAF. Everything seems to be working fine now. Thanks for the tips and help.
https://purplehost.com.br - Reliable, secure and affordable game hosting.
so it was the ip