Posted by CherylJoy on February 25, 2015 at 5:13pm
I am presently overseeing a site that was attacked by DDos.
The hosting compnay suggested turning on Cloud Flare which we did only to find out that with the SSL and eCommerce the site had an untrusted sign put on it.
I have turned CloudFlare off. Are there any modules that we can use to protect the site?
Presently we have Captcha on all the forms and this did not seem to prevent the attack.
Running Drupal7
Any input or reading assistance with this would be appreciated.
Thank you
Comments
This article might be of help
Here is an article that might help you.
https://www.acquia.com/blog/when-and-how-caching-can-save-your-drupal-site
I saw a demo at last year's Bad Camp where the presenter ran a process the attacked a drupal site with about 500 request. Needless to say, the site did not do very well.
They then enabled Varnish and attacked the site again with 10,000 request and the site did find. Varnished server up all of the pages and the site was never hit - other than the very first time.
Good luck
Good point. Caching is
Good point. Caching is definitely essential. Admittedly, I don't know much about Varnish but I was under the impression it works as a reverse proxy? It's worth noting that there is a proposed session that might be worth checking out at FL DrupalCamp covering Varnish: https://www.fldrupal.camp/sessions/florida-drupalcamp-2015/development-performance/pounding-drupal
However, because of the way CloudFlare works, it has some operational similarities to reverse proxies (i.e. problems with geoip, mollom, etc.) so it's worth considering that whatever is tripping up the SSL using CloudFlare might still be a problem with Varnish.
I'd still look at CloudFlare for support. You can't be the first person with an SSL running through CloudFlare. And if using CloudFlare and Varnish together, the attack wouldn't even get to Varnish, let alone Drupal page generation hooks, if it's working correctly.
--
Digital Frontiers Media
I don't think there's much
I don't think there's much you can do really. If you're running FastCGI, you could limit the number of children threads possible or maybe configure your server to only allow up to a certain number of TCP connections at any given time, reduce your max_execution_time and memory_limits, etc. While this wouldn't prevent the attack, it could limit the impact on the server so that it bounces back quickly as soon as the attack is over.
CloudFlare is really the best type of option out there I can think of. Maybe those with more experience using self-scaling gridservers or CDNs or other distributed synchronized server systems can comment about how to combat it using something of these technologies?
I'm surprised that CloudFlare would have caused any sort of SSL trust issue since it's just a name server change--NOT a change to the destination. Maybe you can supply more information about how CloudFlare is interrupting the chain of trust and someone can help you work out how to continue using CloudFlare with your SSL setup?
--
Digital Frontiers Media
FYI CloudFlare offers a lot
FYI CloudFlare offers a lot of SSL support options. Googling "cloudflare ssl" provides a ton of info.
Here's some basics:
https://www.cloudflare.com/ssl
--
Digital Frontiers Media
Cloudflare
it doesn't sound like you had Cloudflare set up correctly. Did you add your keys to it? i've been running it on a site for over a year with no problems.
Their support is excellent and responds quickly or i'd be happy to help you. I manage a jewelry site that gets attacked in hopes of getting extortion.
Thanks
Thank you all for your input.. Longtime replying, but followed advise and all up and running