DDOS攻击导致数据库连接错误 [英] DDOS Attack causing Database connection error
问题描述
我在Fastdomain服务器上托管了我的Prestashop,它就像第4年,网站稳定和工作正常,直到3天前,我的电子邮件收件箱里充满了垃圾邮件和超过300K的请求,使该网站下降。
我激活了Fastdomain Cpanel提供的来自Sitelock的基本保护,它工作了两天,网站又下降了另一次警告的cuz。
Fastdomain支持试图修复它,但没有即时方法他们说的问题是由于脚本过度使用发送给朋友模块,即使这个模块是一个原始的PrestaShop模块,他们说的网站将在几小时内恢复。
任何评论或想法?怎么回应这样的攻击!
我的网站是elektrojo.com,并使用最新版本
在该主题中链接了一个< a href =https://github.com/firstred/mpsendtoafriend/releases =nofollow noreferrer>支持CAPTCHA的模块的更新版本以及针对产品评论的类似修改。它似乎是PrestaShop 1.5和1.6。
如果你有某种后端,你可以更新模块,你也应该这样做。 p>
另一个建议是使用fail2ban 来检测重复尝试访问此功能并阻止它。您可能没有必要的访问权限,但如果没有,您的主机应该能够。
如果没有,您应该删除sendtoafriend代码(确保文件实际上是从原来的位置),直到你找到一种方法来硬化它,因为它被滥用来带你的网站。
I have hosted my Prestashop at Fastdomain server it's like the 4th year, the website is stable and working fine till 3 days ago where my email inbox got full of spam and more than 300K requests on the site causing the site to go down.
I activated the basic protection from Sitelock provided from Fastdomain Cpanel, it worked fine for two days and the site is down again cuz of another strike.
Fastdomain support tried to fix it but no instant method they said the problem is caused due to script overuse in send to friend module, even though this module is an original PrestaShop module, and they said the website will "recover" in few hours.
any comment or thoughts? how t respond to such attack!? my website is elektrojo.com and am using the up to date version
This appears to be a common problem. Not only is it taking your site down, it may be being used to spam others, which has the risk of getting your domain blacklisted.
In that thread was linked an updated version of the module supporting a CAPTCHA, along with a similar modification for product reviews. It seems to be for PrestaShop 1.5 and 1.6.
If you have some kind of a "backend" which you can update modules on, you should also do that.
Another suggestion is to use fail2ban to detect repeated attempts to access this feature and block it. You may not have the necessary access to do that, but if not, your hosts should be able to.
Failing that, you should remove the sendtoafriend code (ensure the files are actually gone from their original location) until you have found a way to harden it, since it's being abused to take your site down.
这篇关于DDOS攻击导致数据库连接错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
