What protocol should be followed if website is actively under attack?

security hacking best-practices

Solution 1:

When you're under attack there isn't a whole lot you can do, other than try and block the origins of the attack, which is usually quite futile, as they are a moving target. Such attacks are normally done using compromised systems, numbering anywhere from a few thousand to many millions. Blocking them is like killing flies in summer - for every one you stop there are numerous others to take its place.

Life's too short to go through web logs unless you're looking for something pretty specific. You can however try and block the attack strings in the URLs or restrict access to things like logon or other potentially vulnerable pages. Once that is done your time is best spent ensuring you have a a reliable backup ready and hope the attack fails.

One of my sites has been under attack for about the last 3 or 4 weeks. It's a simple attempted logon attack, using distributed systems. The attack itself was doomed to failure from the start, as my sites don't have the default logon account. However, to ease the load on the web server a little any attempt to reach the logon page from an IP address other than my home now results in a 404 error. I can't stop the attack but I can make it ineffective.

Related

NFS soft mount timeout too slow
Does return-path or reply-to affect email deliverability?
Can't get postgres and kerberos (gss) working together
WMI Impersonation levels within vbscript / ASP code
Postgres WAL files clean up
HAProxy check port 443
preseed command string fail with newline character using virt-install initrd-inject
Apache other_vhosts_access.log and access.log log files
Nginx permission denied upstream error, even after 777
Unxeplainably high disk IO caused by nginx worker processes
SSH unresponsive after stopping Tomcat, many ksoftirqd CPU usage
How to create an else statement with the expect command?