Wishlist used for DDOS

  • Resolved Sn00z389

    (@webmakers2011)


    5 years, 2 months ago

    Hi,

    I’m having a DDOS attack from different chinese IP addresses and all of them are targeting links with add_to_wishlist=… I have disabled add_to_wishlist and add-to-cart URLs in robots.txt but still they do not obey and crawl them like crazy.

    Sometimes they add both parameters to the url, sometimes only the add_to_wishlist and I don’t know what to do to stop them…

    Right now I have added these lines to .htaccess:

    RewriteEngine On
RewriteCond %{QUERY_STRING} (?:^|&)add_to_wishlist= [NC,OR]
RewriteCond %{QUERY_STRING} (?:^|&)add-to-cart= [NC]
RewriteRule ^(.*) - [F,L]
</IfModule>

    but still they block only the root of the site and the parameters, if the attacker is on another page, let’s say /shop/?add_to_wishlsit=3827 it still gets a 200 and passes.

    If you have any other suggestions I will be happy to try and resolve the issue.

    Thank you,
    Best Regards,

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author YITHEMES

    (@yithemes)

    Hello there,

    Thanks for contacting us and I hope you’re doing well ??

    DDOS attacks are possible to any url, the fact that they’re calling add-to-wishlist, allow you to have this type of DDOS attacks.

    If you want to protect against DDOS attacks, you should consider to use dns protection such as the one provided by services like cloudflare

    Maybe you can use these type of service and create a possible firewall rule that should block excessive requests.

    I hope it helps you.

    If you have any other questions, don’t hesitate to contact us, we’ll be happy to help you.

    Have a good day.

    Thread Starter Sn00z389

    (@webmakers2011)

    Thanks for the suggestions!

    Have a good day!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Wishlist used for DDOS’ is closed to new replies.