Hello,

We are under DDoS attacks from the company Expanse Inc.  According to them these attacks on our servers are legal according to the CFAA-compliant. 😨

Google: Palo Alto Networks ensables your team to prevent successful cyberattacks with an automates approach that delivres consistent security across cloud, network and mobile.

We have blocked IP addresses (34.96.130.0/24, 34.77.162.0/24, 34.86.35.0/24, 144.86.173.0/24), but this is not effective, as it consumes resources that are not negligible given the volume of attacks. Curiously, not all websites are attacked by the same volume of connections.

1. Have you ever had this type of problem?
2. What are our options to stop their attacks?

Edited September 13, 20213 yr by MEVi

This is something you really should discuss with your server provider.

An actual DDOS attack is something that needs to be addressed at the server level. And if this is Shared hosting, or you are leasing a dedicated server, is something your provider should be made aware of (I doubt they'd appreciate an impact on their network). That statement "According to them these attacks on our servers are legal according to the CFAA-compliant" doesn't make sense, either, really.

Run your domains through cloudflare or similar.

Setup cloudflare..

You can block entire countries by putting their IP addresses set in your .htaccess.
Here you can find the IP addresses for each country : https://www.ip2location.com/free/visitor-blocker

We've already done that to avoid some countries make full scans of our community ressources.

Edited September 15, 20213 yr by Dexter_X

It's a constant thing you have to look out for. We had a huge network attack on our platform a few months ago. At one point our firewall was blocking 450,000 requests per second. In fact, there is always some sort of attack going on in our network but we host thousand of communities so I guess someone is always a target 🙂