Is there no way in AdminTools to mitigate flood attacks. I have a site that is getting tons of POST requests. I cannot possibly block out each IP by hand though I started to but this is from hundreds (or even thousands) of IPs. I turned on the geographic blocking for Asia and Africa but it doesn't seem to have much impact at all. Site is otherwise up to date, admin folder password protected, .htaccess in place, caching turned on. Yet this nuisance is still really messing up the server with so much traffic. Any suggestions?
#19602 Flood protection question
Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a
Latest post by mirphi on Monday, 17 March 2014 12:55 CDT
Monday, 17 March 2014 12:45 CDT
dlb
There is not much you can do to stop the attacks at the source, all you can do is prevent them from being successful in breaching your site.
Permanently banning the IP addresses is usually not effective. Hackers don't use their own IP addresses. Banning by country or region is ineffective for a similar reason, they just use a proxy service in a country that isn't banned. What may be of some use is the auto ban feature. When a particular IP address creates X number of attacks in Y minutes, ban that IP for Z length of time. This stops the hacker from using that IP address for a while, but avoids the permanent ban, which will eventually ban legitimate traffic to your site.
Permanently banning the IP addresses is usually not effective. Hackers don't use their own IP addresses. Banning by country or region is ineffective for a similar reason, they just use a proxy service in a country that isn't banned. What may be of some use is the auto ban feature. When a particular IP address creates X number of attacks in Y minutes, ban that IP for Z length of time. This stops the hacker from using that IP address for a while, but avoids the permanent ban, which will eventually ban legitimate traffic to your site.
Dale L. Brackin
Support Specialist
English: nativePlease keep in mind my timezone and cultural differences when reading my replies. Thank you!
????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)
Monday, 17 March 2014 12:55 CDT
mirphi
Thank you for your swift reply. The auto ban isn't catching any of them unfortunatelly. The IP addresses are strategically staggered and varied. I see that all of the unwanted traffic are POST requests so I added some custom code to .htaccess but it doesn't seem to be making any difference.
RewriteCond %{REQUEST_METHOD} POST
# allow the server to POST to itself
RewriteCond %{REMOTE_ADDR} !127.0.0.1
# allow POST from trusted users
RewriteCond %{REMOTE_ADDR} !123.456.789.123
# send all other post requests to 403
forbidden RewriteRule ^ / [F]
RewriteCond %{REQUEST_METHOD} POST
# allow the server to POST to itself
RewriteCond %{REMOTE_ADDR} !127.0.0.1
# allow POST from trusted users
RewriteCond %{REMOTE_ADDR} !123.456.789.123
# send all other post requests to 403
forbidden RewriteRule ^ / [F]