(please specify the website or account you are asking about)
(please share the FULL error message you see)
(other information and details relevant to your question)
502 is not significant of a DDoS attack. Which IP is your account on? What is your URL? What (if any) software are you running on your website?
If you donāt provide information, we canāt help you solve your issue.
Did you read?
Hey! Yes Iāve read.
Site IP: 185.27.134.33
On Vol:l vol17_1
Is it also concerned by the outage?
185.27.134.33 appears unaffected.
So I suspect a DDOS attack as mentioned. Always error 502.
Again, HTTP 502 doesnāt explicitly denote a DDoS attack. Youād be able to tell if the IP or domain wasnāt responding, like loading indefinitely. It was probably unannounced maintenance or emergency maintenance; but of course I canāt rule out your theory of a DDoS attack.
Hey! Me again. Iāve looked the metrics and it shows big hits between 01/11 and now. Itās unusal and Iām quite sure someone is hacking my site. Is it possible to have a server log for this period to see the ip(s) attacking my site? Eventually I need some to make complaint.
Heresās the metrics showing the pick of presume attacks:
Thxs.
You barely got 10k visitors, and that graph looks normal.
No, we donāt keep logs; upgrade to premium if you need them.
Honestly, I see nothing wrong. I think you just need to settle down a bit.
Hi,
I answer to the title question : what can I do to block attack IPs ?
You can adjust the .htaccess file. I recommend to look at Perishable press [7G Firewall | Perishable Press] . I use it, it is free, and and it is very effective. I had thousands of non desired robots requests everyday, and now, less than 10. The author gives a lot of tricks to redirect and improve the safety of your site.
Youāll have to be specific in your choices to decrease the size under the 10 ko maximum accepted for htaccess at Infinityfree
That does not really work, since the request will still come to the server. Plus, blocking IPs is not really effective, since you can change your IP in just a few seconds.
How to block an IP range with CP Deny IP? Iāve tried this format but it doesnāt work: 213.186..
Mistake the format used is ā213.186.star.starā
Now Iām asked to change to premium because of the hits, but itās false, Iāve a metrics too that counts all connections to my site with an average of 20-25/daily. With 3 articles on it itās impossible to have such hits as announced.
Thatās why, with the 502 error and many SQL errors too always redundant. Iām sure thatās a DDOS attack, same symptoms. So as I understand thereās no way to get a proof, all what Iāve to do is to pay when my site is hacked by cyber hacktivists.The announced trafic IS NOT ON MY SITE but only on the SERVER.
The IP address your website is on, 185.27.134.33, does appear to have been flaky. I think itās most likely that this is the same issue as with the other three IPs given that the symptoms are very similar, but thatās just a guess on my part. Iāve asked iFastNet for more info about it.
This is definitely unrelated to your website specifically though.
The ābig hitsā youāre referring to just seems like a small bump. I donāt see any cause for concern there. There may be some bot traffic coming in to your website, but with proper website security and Cloudflareās WAF they wonāt do any real damage. And the total hits usage is still well below any limits, so thatās all fine.
You can try to block bad IPs through Cloudflare, but know that any dedicated attacker will have access to a large number of IP addresses from different locations and providers, which is virtually impossible to block.
Thank you for your prompted & wised answer. Keep me inform of feedback.
Hi,
With some .htaccess ātricksā I could drop the bot activity from thousands a day to less than 10 a day. You can log the activity, as well the IP adress as the user agent and tune the .htacess accordingly.
Question : Why isnāt it done upfront at the server level ? to avoid the bots to reach the sites and decrease the load on the server ?
I do not have the answer , and I guess it is technically not that easy as every web hosting company does it the same way. Or some webmanager are interested in getting these bots visits ?
And bonus
Thanks for feed back. Itās clear
When I tuned my htaccess to decrease from thousands bad requests a day, to less thant 10, I realized, that actually more than 99% of the web traffic is useless. Decreasing the energy used by web servers is within reach if we manage to block these bad guys upfront !
I donāt think it is.
You canāt block bots from hitting the server with configuration on the server. Thatās what I wrote in the first post @Oxy linked to. The bot hit will come anyways. Your htaccess tricks wonāt help you in the slightest from reaching the hits limit.
If you saw bot traffic decrease, thatās great news! But waves of bot traffic go up and down, so itās possible that the bots just moved on regardless of the .htaccess rules.
Also, I donāt know what htaccess config you added, but I can assure you that itās not guaranteed to be effective. You can block IP addresses and user agents, but many bots use user agents from popular browsers and a large number of IP addresses, which you canāt properly stop without blocking massive swaths of IP addresses which will invariably hit legitimate traffic.
Again, you say you understand but then you say things that suggest otherwise.
We already do this. That is what iFastNet said in April. A lot of traffic is already being blocked but itās hard to block more without blocking legitimate traffic.
