Tweet
Any help identifying DoS Attacks?
As several of you who have had the misfortune to run over your monthly bandwidth allotment, I searched the forums and knowledgebase to find out what the problem was.
Like I said, I've read the forums and have seen the cynical ("why would 3dcart help when they charge $5/GB of overage") argue with the proud ("it's nobody's responsibility but your own to monitor your site's bandwidth usage"). I've seen people sing the praises of Smarter Stats, but I haven't seen any guides for using them. I've seen people blocking IP addresses and not knowing why. I tried all the same things.
I contacted 3dcart support and they had me make changes to my site that would drive down bandwidth usage. That didn't work for me. I know that the advice I got there was good: using my Smarter Stats and optimizing the files that get the most traffic, enabling advanced page cache, etc. But like I said before -- the amount of legitimate traffic to our site has been static, as has our site. I made the changes suggested, but they did not affect change. Their next suggestion, upgrading my plan again, to a third level above what we need, I will not take.
So, instead of haphazardly blocking IPs, I'm reaching out to the community. What DoS attacks have you received? Besides researching each IP that takes up the most bandwidth, how do you decide which IPs are legitimate customers? How do I/how do you currently idendtify the source and method of attack of these DoS attacks? Besides blocking IPs and changing the robots.txt file (which a DoS attacker will ignore anyway), what measures can we take?
For those of you just as lost as I am, I've been using Smarter Stats to first: identify the IPs that use the most bandwidth, then do the following:
Any advice or resources you might be able to point me to would be greatly appreciated.
- We saw a 500% spike in bandwidth usage
- there was no increase in analytics or sales
- there were no changes to the site
Like I said, I've read the forums and have seen the cynical ("why would 3dcart help when they charge $5/GB of overage") argue with the proud ("it's nobody's responsibility but your own to monitor your site's bandwidth usage"). I've seen people sing the praises of Smarter Stats, but I haven't seen any guides for using them. I've seen people blocking IP addresses and not knowing why. I tried all the same things.
I contacted 3dcart support and they had me make changes to my site that would drive down bandwidth usage. That didn't work for me. I know that the advice I got there was good: using my Smarter Stats and optimizing the files that get the most traffic, enabling advanced page cache, etc. But like I said before -- the amount of legitimate traffic to our site has been static, as has our site. I made the changes suggested, but they did not affect change. Their next suggestion, upgrading my plan again, to a third level above what we need, I will not take.
So, instead of haphazardly blocking IPs, I'm reaching out to the community. What DoS attacks have you received? Besides researching each IP that takes up the most bandwidth, how do you decide which IPs are legitimate customers? How do I/how do you currently idendtify the source and method of attack of these DoS attacks? Besides blocking IPs and changing the robots.txt file (which a DoS attacker will ignore anyway), what measures can we take?
For those of you just as lost as I am, I've been using Smarter Stats to first: identify the IPs that use the most bandwidth, then do the following:
- search for them online to see if they are associated with any blacklists
- see if they're located outside of the country (we don't do any international business currently)
- Use the data mining feature in Smarter Stats to see what the top files requested by the IP are (see if it's a real user or a bot)
- Block it and hope it's not a legitimate user or Search Engine bot.
Any advice or resources you might be able to point me to would be greatly appreciated.
Comment