Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Q&A
Layer 7 Attacks
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="BIOS" data-source="post: 457850" data-attributes="member: 15674"><p>Plenty of things you can do that don't cost too much.</p><p></p><p>Some basics:</p><p></p><p>As people have mentioned, use UAM (Under attack mode) if you're on CF.</p><p></p><p>I'd also recommend getting the pro plan if you can (like 20$) which gives you WAF and Firewall features. This'll give you the "bot fight mode" too which is basically a tarpit for bots, plus rate limiting settings.</p><p></p><p>Don't forget to block all incoming connections to your server from IPs outside of Cloudflare's ranges, too: <a href="https://www.cloudflare.com/ips/" target="_blank">https://www.cloudflare.com/ips/</a></p><p></p><p>With either the above CF Firewall or your own, you could do a bit more fine tuning, i.e. block all POST requests that aren't on paths like /login, /register, and /housekeeping/*. POSTs are more expensive, and there's no need for your server to be processing garbage when it knows there's no POST route there.</p><p></p><p>Tbh also just look at your logs, majority of script kiddy bots these days will have the same UA string you can pick out and just blacklist entirely. If not, look for other common attributes you might be able to use against it, i.e. are they constantly hammering you from AWS EC2 instances? Then block all AWS IPS. Is it always the same path, same referrer? Check access logs to find out what you're dealing with.</p><p></p><p>Stick a captcha on your login and register page too, that way it limits what it can actually interact with.</p><p></p><p>Rate limiting within NGINX is also an option, see: <a href="https://www.nginx.com/blog/rate-limiting-nginx/" target="_blank">https://www.nginx.com/blog/rate-limiting-nginx/</a></p><p></p><p>Also try to optimize your site resources where you can, minify assets and reduce the number of database calls per page. Some L7 bots do cache busting to make your server do more work, you'll know if you see stuff like /?number in your access logs. You can tune your caching rules on CF to include more content incl query string, or just outright block those requests.</p></blockquote><p></p>
[QUOTE="BIOS, post: 457850, member: 15674"] Plenty of things you can do that don't cost too much. Some basics: As people have mentioned, use UAM (Under attack mode) if you're on CF. I'd also recommend getting the pro plan if you can (like 20$) which gives you WAF and Firewall features. This'll give you the "bot fight mode" too which is basically a tarpit for bots, plus rate limiting settings. Don't forget to block all incoming connections to your server from IPs outside of Cloudflare's ranges, too: [URL]https://www.cloudflare.com/ips/[/URL] With either the above CF Firewall or your own, you could do a bit more fine tuning, i.e. block all POST requests that aren't on paths like /login, /register, and /housekeeping/*. POSTs are more expensive, and there's no need for your server to be processing garbage when it knows there's no POST route there. Tbh also just look at your logs, majority of script kiddy bots these days will have the same UA string you can pick out and just blacklist entirely. If not, look for other common attributes you might be able to use against it, i.e. are they constantly hammering you from AWS EC2 instances? Then block all AWS IPS. Is it always the same path, same referrer? Check access logs to find out what you're dealing with. Stick a captcha on your login and register page too, that way it limits what it can actually interact with. Rate limiting within NGINX is also an option, see: [URL]https://www.nginx.com/blog/rate-limiting-nginx/[/URL] Also try to optimize your site resources where you can, minify assets and reduce the number of database calls per page. Some L7 bots do cache busting to make your server do more work, you'll know if you see stuff like /?number in your access logs. You can tune your caching rules on CF to include more content incl query string, or just outright block those requests. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Q&A
Layer 7 Attacks
Top