Jump to content

Switch off guest access under attack


Recommended Posts

  • 3 weeks later...
13 minutes ago, Aleksandr Timashov said:

I agree with you, but attack on L7 level can't prevent any hosting provider.

Turning off the site to guests does not stop an attack. It still takes resources to generate that site offline message etc. You don’t mitigate TRUE DDoS attacks on the server itself. It’s mitigated higher up in the stack such as at a firewall or with something that has capacity to handle them. 

If you try to mitigate a DDoS in software, I promise you will lose if it’s any sort of real attack.  Even things like mod_dosevasive don’t really mitigate any recent modern attack. 

Ideally you want to fight the attack as far away from your site/server as possible. This reduces the chance of potential collateral damage. 

Edited by Randy Calvert
Link to comment
Share on other sites

On 12/2/2023 at 6:40 PM, Aleksandr Timashov said:

I agree with you, but attack on L7 level can't prevent any hosting provider.

Actually it can only be prevented by the hosting provider. If there are 1000s of requests a second for example, it doenst matter if we show a guest page, a login page, or anything else. There are still 1000s of requests for that resource

Link to comment
Share on other sites

17 hours ago, Aleksandr Timashov said:

@Marc Stridgen I think you could add option that blocks guest access and add captcha in login page.

Could you add them in next version of IPS?

I feel you may still be missing the point there. If they hit the page 1000s of times a second, it doesnt matter what is on the page, whether it be captcha or otherwise. It will still cause issues. This kind of thing has to be taken care of at a hosting level (as we indeed do on cloud)

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...