It happens every day and usually strikes fear into website owners, developers and designers.
Your website is probably attacked hundreds of times each day without you realising, In this short document we will get you off to the right start in defending against the simple attack all the way through to a professional hacker determined to get into your website.
Most attacks come from small-time Charlie’s who got a piece of software they don’t understand, turned it on and left it running while they go out for the evening.
Professional hackers are after customer data, credit card data etc or a malicious hacker may be interested in destroying your website just because they can.
We assume that you have your website set up correctly and that your files and folder permissions are correctly set.
Defence number one.
Make sure you add Google Recapture V3 (or the latest version) to all forms on your website.
You can get Google recapture here
If that’s not enough
Defence number two.
Add Cloudflare to your DNS.
How.
Purchase Cloudflare at https://www.cloudflare.com/ and choose the Paid-for version currently $20 per month.
Easily deploy defences that will kill most attacks in seconds, plus you automatically get the benefit of Cloudflare’s CDN which is great for page speed. The best $20 USD you can spend.
Defence number 3.
It is possible that your hacker already knows your IP address and is attacking the site directly. This is where things get a little more complicated.
The fastest way to get started is to open a ticket with your ISP and tell them you think you’re being attacked.
They have the tools at hand to see if you’re right and to quickly advise you on further action.
Usually, this involves a range of attack IP addresses or user agents that are being used to form the attack.
Depending on your hosting it is quite easy to block IP address ranges and or user agents using your hosting server either via .htaccess files or configuration files.
Check your server transfer logs for repeated visits from the same IP addresses, Download the logs, and import them into an excel spreadsheet, it only takes minutes to spot unusual behaviour.
Please note** Good bots like Googlebot declare themselves in the user agent so bear this in mind, you don’t want to cut off Google by blocking a list of their Ip addresses.
Once you have a list of offending Ip addresses check them using https://www.ip2location.com
You want to know the country location of the Ip address.
Now you have choices,
You can block the country if you don’t trade there, using Cloudflare’s firewall that you bought in step 2, which may not entirely solve the issue. A knowledgeable hacker will use open proxy Ip addresses from various different countries at the same time.
Or/and add the user agent if it’s unusual to a user agent firewall deny rule, in Cloudflare.
Then to cover the direct attack use the .htaccess file in the root of your domain or the webserver to block the Ip address ranges that you picked up in your log files.
Here’s an example of an IP block using the .htaccess file
Order Allow, Deny
Allow from all
Deny from 54.36.149.49/26
Deny from 216.244.66.240
Deny from 40.88.21.235
Deny from 114.119.136.88
Deny from 54.36.149.91
Deny from 103.131.71.73
Deny from 54.36.148.2
Here is an example of blocking a user agent string using a .htaccess file.
If you wanted to block multiple User-Agent strings at once, you could do it like this:
RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^.*(Baiduspider|HTTrack|Yandex).*$ [NC] RewriteRule .* – [F,L]
If all of the above doesn’t cut the offender off then it is likely that you have a professional hacker at play.
At his point, you will need to contact us for further support.
