Wordfence doesnt block very low volume of DDOS?

  • Resolved erikdemarco

    (@erikdemarco)


    3 years, 5 months ago

    I test it using fresh install of wordpress and wordfence on 12gb vps.
    Set the firewall to trottle request more than 30/seconds.

    Then I try random search parameter or random 404 attack only 100request/second.
    My site down and show ‘Error establishing a database connection’

    If I lower it to 10requests/seconds. Wordfence show ‘You are blocked by wordfence’ (very good job). But If I start increasing the attack to 50request/seconds. Its down, only show ‘Error establishing a database connection’.

    I dont understand what is the purpose of wordfence if its cant block just very simple and very very low volume of ddos attack?

    Is it really so easy to make most wordfence site down? What is the best setting to against this type of attack?

    • This topic was modified 3 years, 5 months ago by erikdemarco.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @erikdemarco, thanks for getting in touch!

    I suspect from your description that the database connection message is due to a restriction or setting on your hosting plan that is struggling with the higher number of requests. When you set the number of requests to be lower, so there’s less for the site to deal with, it seems to work.

    I would first try mentioning this issue through your host’s support channels to see if they can find any reason why your database connection would fail under higher loads. It could be a legitimate mistake or a configuration issue that can easily be rectified from their end.

    Let me know what they say, as we can continue to run some tests if that side has been ruled out.

    Thanks,

    Peter.

    Thread Starter erikdemarco

    (@erikdemarco)

    @wfpeter Yes of course the db connection will be limited to protect server resources.

    Is it possible wordfence design the the real culprit here?

    Wordfence should not use sql database to do ratelimit. when site is ddosed it can be 1000req/second or more. Its way out of range for regular server to handle.
    The correct way is wordfence ratelimt should run as early as possible in action queue and use file based storage. File based storage much much much more faster than db. I dont understand the logic behind wordfence team choose to store ratelimit count in sql database. Its a big flaw. It will never can handle even small volume of ddos attack.

    Just by browsing all site using wordfence in here:
    https://trends.builtwith.com/websitelist/Wordfence

    I can make 90% of that site down just by sending very low 1000reqs/second randomized search params.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @erikdemarco,

    How much traffic your site and database can handle is a function of how it is provisioned and DDOS/DOS mitigation is not a feature we offer.

    We block and rate-limit requests primarily to prevent attackers from performing other malicious activity such as brute-force/dictionary/credential-stuffing or content scraping – in addition to attempting to exploit vulnerabilities.

    Wordfence might offer an increase in number of requests site the can handle with an optimized firewall because we can block before the rest of WordPress loads using auto_prepend_file, but that’s not the primary function of the WAF.

    Thanks,

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Wordfence doesnt block very low volume of DDOS?’ is closed to new replies.