I’d block the Ip address. Link
Thread Starter
okann
(@okann)
Thanks, i’d block too, but they can find thousands of proxies.I have to find another solution.
On a .htaccess file, add this:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
RewriteCond %{QUERY_STRING} ^login=.*$ [OR]
RewriteCond %{QUERY_STRING} ^(.*)email=(.*)$
RewriteCond %{QUERY_STRING} ^(.*)text=(.*)$
RewriteRule (.*) - [F]
Beware, it should not block your website for legal queries, so you have to adapt it to this ddos attack. It blocks everything after “/index.php?”. So, you need to add the right arguments, and you are protected. But, do not use arguments used by WordPress, some functions will not work then. I believe that “login” and “text” are not used by wordpress.
Thread Starter
okann
(@okann)
Thanks for your help, i added it to .htaccess.I m waiting for attacks now. I hope it will be help.
Thread Starter
okann
(@okann)
it doesnt help me. attacker can easily change this values and attack again. anyone know something that can block this type of attacks ? Please help me i changed my host again… :((
“it doesnt help me. attacker can easily change this values and attack again.”
Yes, it does help you. Of course the attacker can change these values but so what? When they do, make the appropriate changes. In the meantime, study the htaccess rules and see if you can come up with something better. When you do, let us know, ok?
