DDoS Attack Protection for Magento 2

These days we constantly come up against severe performance drop of Magento 2 stores (in some cases, stores crash completely), both our clients' and ours. Some people blame new updates, newly installed extensions, or DB getting bigger. While all of these might be the case, oftentimes it might be a targetted and smart DDoS attack from rivals or extortioners.

As a rule, DDoS (Distributed Denial of Service) are divided into two types.

1. An intense and distributed attack with 1000+ requests per second. Such requests are sent via a large zombie-network with unique IP addresses, different geo-locations, and plausible User Agents. Such kind of attacks is rather hard to resist using our extension. The best the latter could do is diminish the load by 100-200 times. This kind of attack requires more significant measures.

2. A small and smart attack that targets the slowest and the most sensitive non-cached pages using random parameters in URL. It would suffice to execute 50-100 heavy requests like this to make a Magento 2 website inaccessible (based on the latest clean Magento 2 with the latest patches and above-average server configuration). Nowadays, it doesn't take a mastermind or a zombie-network to create such a disaster. There are many proxy services using which one could launch an attack covering it as an SEO audit, e.g., semrush.com/bot.html, ahrefs.com/robot/, opensiteexplorer.org/dotbot, moz.com.

To protect you from such attacks, we created an extension capable of detecting suspicious requests to your website, analyzing them, and blocking bots using filters.

Description

The extension's configuration is represented by three sections:
• Stores > Configuration > SAFEMAGE > DDoS Attack Protection

Emergency

Can be applied if bots can't be identified by certain signs. It is a special mode that lets one keep the store in a working capacity. Any customer is shown CAPTCHA once. After passing it, the Magento store should look and work as normal. CAPTCHA is represented by either Google reCAPTCHA v2 or v3 and doesn't affect Googlebot to make sure the store remains indexable. However, Googlebot gets verified.

Monitoring

This tool controls slow requests, max number of sent parameters, and sent data size. The requests that match the filter requirements (see below) are logged in a special grid where an admin user can find more information like full URL, referrer URL, IP address, User-Agent, execution time, GET, POST and sent files data, customer ID, date and time. This is where you can analyze incoming traffic. We do not recommend keeping the setting on to avoid an additional (~1%) load for pages.

Filtration

After monitoring and analyzing data, you can configure the filters. Requests can be blocked by User-Agent, IP address, parts of URL, certain sent parameters, their number and size. If the setting 'Emergency > Enable CAPTCHA > Verify = only Filtered', the users caught by filters will be proposed to pass Google reCAPTCHA. Otherwise, an empty page will be shown.

Features

• Emergency mode for cases when bots can't be identified by certain parameters – one-time CAPTCHA (both Google reCAPTCHA v2 and v3 supported)
• Verifies Googlebot bypassing filters and/or CAPTCHA
• Monitors suspicious requests missing Full Page Cache
• Filters bots and protects from DDoS attacks by User Agent, IP Address, certain parameters, including their max number, maximum sent data size, etc.

Remember that any attack against your store is always unique and has its peculiarities. Should you need tailored approach or help configuring the extension, let us know (support).

Screenshots

Reviews(0)