內容簡介
外掛 WP AntiDDOS 通過阻擋來自一個或多個相關 IP 地址的頻繁請求,防止您的網站遭受 DDOS 攻擊。這包括 HTTP flood 和密碼破解攻擊。該插件將數據存儲在 MySQL 表格中(MEMORY 引擎),這可確保其高效性。我們建議在 WordPress 的 index.php 文件開始處插入插件呼叫,這將顯著提高其效果,因為攻擊請求在 WordPress 重量級引擎連接之前將被 插件拒絕 。這需要手動完成(請參閱插件配置頁面上的說明)。
工作原理
您在插件的配置中設置兩個主要參數 - 相關 IP 地址內一定時間內的最大請求次數(請求限制)和時間限制(秒數限制)。插件將 IP 地址
a.b.c.1
a.b.c.2
a.b.c.3
…
a.b.c.255
視為相關,它們通常屬於同一局域網,DDOS 攻擊通常來自本地網絡上的許多計算機,因為如果一台計算機感染,攻擊者可以輕易感染其他計算機。如果插件檢測到在“秒數限制”內某個本地網絡有超過“請求限制”的請求,則超過的請求將被阻擋 - 插件將以 503 服務不可用 狀態回應,並通過在插件配置中指定的延遲時間重新加載頁面。請求限制分別針對 GET、POST、XHR 和登錄請求進行設置。
搜尋引擎兼容性
有時,搜索引擎會產生足夠頻繁的查詢,這可能會導致 WP AntiDDOS 插件阻塞。但是,插件不會影響搜索引擎索引,因為帶有狀態碼 502 服務不可用 的響應不是頁面內容,而是有關其當前無法使用的技術報告。在任何情況下,我們建議在 robots.txt 中使用 Crawl-delay 指令。
自定義查詢處理
WP AntiDDOS 插件可以配置為僅處理某些類型的查詢。例如,搜索查詢最大程度地加載服務器,因此經常用於攻擊網站。您可以在插件的配置中的 GET 或 POST 參數中輸入(用空格分隔)激活 DDOS 檢查的參數,然後將 只處理以下 GET/POST 參數的請求 設置為 是。例如,從插件安裝後已經定義了的 s pwd 參數識別 WordPress 的搜索查詢和登錄嘗試。請注意,您對登錄請求進行了分離設置,這對於防止密碼破解攻擊非常有用。
插件效果
DDOS 攻擊因規模和使用方法而異。作為 WordPress 插件,WP AntiDDOS 對於攻擊 WordPress 引擎的攻擊(如 HTTP flood)有效。它們在技術上很簡單,通常用於禁用 WordPress 網站。使用 WP AntiDDOS 插件是基本保護的良好實踐,對於大量攻擊情況非常有效。
外掛標籤
開發者團隊
原文外掛簡介
Plugin WP AntiDDOS prevents DDOS attacks on your website by blocking the frequent requests from one or several related IP addresses. This includes HTTP flood and Password cracking attacks. The plugin stores the data in the MySQL table (MEMORY engine), and that ensures its high performance. We recommend to insert a plugin call into the beginning of the index.php file of the WordPress, it will significantly increase its effectiveness, since attack requests will be rejected by plugin before WordPress heavy engine connection. You have to do it manually. (see the instructions on the page with plugin’s Configuration)
How it works
You are setting two main parameters in the Configuration of the plugin – Hits Limit and Seconds Limit. They specify the maximum number of requests from related IP addresses within a certain time. Plugin conciders IP addresses
a.b.c.1
a.b.c.2
a.b.c.3
…
a.b.c.255
as related, they usually belong to the same LAN, and DDOS attacks are often made from many computers on the local network, because if one computer is infected, the attacker easily can infect others. If the plugin detects that during Seconds Limit from some local network there is more than Hits Limit requests, then excessive requests are blocked – plugin responds by status 503 Service not available with the code, which reloads the page after a while, which is specified in the plugin Configuration as Delay Time. Limits are specified separately for GET, POST, XHR and Login requests.
Search engine compatibility
Sometimes search engines produce enough frequent queries, which can cause blockage by the WP AntiDDOS plugin. However, the plugin does not affect search engine indexation, because a response with status code 502 Service not available is not a content of a page, but a technical reports on its currently unavailability. In any case, we recommend to use Crawl-delay directive in you robots.txt file.
Custom Query Processing
WP AntiDDOS plugin can be configured to handling only a certain types of queries. For example, the search queries load the server most significantly, and therefore are often used to attack sites. In the plugin’s Configuration in the GET or POST parameters that activate DDOS check up text field you can enter POST or GET parameters (blank separated) that identify the requests to be processed by plugin and then set the Process only requests with following GET / POST parameters to Yes. For example, s pwd parameters, which is defined in the text box since plugin has installed, identifies the WordPress’ search queries and Login attemts. Please, note, that you have separate setting for Login requests that is usefull for preventing Password Cracking attacks.
The effectiveness of the plugin
DDOS attacks are very different both by scale and by the used methods. Being a WordPress plugin, WP AntiDDOS is effective against such attacks as HTTP flood, which affect the WordPress engine. They are technically simple and most commonly used for disabling WordPress websites. Usage of the WP AntiDDOS plugin – good practice for basic protection, which is effective in a large number of cases.