Blog Category

How to defend Wordpress from DDoS attacks?

Wordpress is one of the most popular CMS platform available today with over 75 million websites powered by it. The popularity comes with risks as vulnerabilities and weakness of such platform will be shared amongst hackers and script kiddies, and automated bots will be searching for websites built on Wordpress platform.[..]

DDoS Use Case - How we mitigated a 9Mbps DDoS attack?

One of our sister website hosted on cloud server was recently hit by a 9Mbps DDoS, and the apache web server ran out of memory and crashed. The attack lasted more than 2-months with no known reason. We've taken a number of mitigation steps including installation of mod_security with mod_evasive, APF, BFD, DDoS Deflate and Rootkit and Traffic Control, but none came to rescue. Use of Linux provided WAF will mitigate the DDoS to the extent where CPU, Memory and Bandwidth are allowed; and in our case a single CentOS server with 4GB RAM wasn't sufficient to mitigate DDoS.[..]

Denial of Service (DoS) and DDoS Attacks

DoS attack, denial-of-service attack, is an explicit attempt to make a computer resource unavailable by either injecting a computer virus or flooding the network with useless traffic. In simple words, it is similar to thousands of people trying to enter a room from a single entrance, ultimately causing havoc. This not only disturbs the normal operations of the network but also results in poor performance and system breakdown due to overwhelming requests. A large-scale DDoS attack (ranges up to 400 GBps) can affect the internet connectivity of an entire geographical region. There are two types of DoS attacks: computer attack and network attack. Common forms of denial of services attacks are:

[..]