Search Feature Attack

  • Unknown's avatar
    jferezy · Member ·

    Hi there,

    I have a few wordpress sites where thousands of IP addresses are attacking the /?s= variable where it is killing MySQL and apache. They are all over the world and nothing to really grab a hold of. I can’t rate limit them either because it would interrupt regular searches. The search that these bots are doing are random words – even though they come up with no results, it is still taxing the database.

    For example (this is only 1 in my logs)
    99.106.241.101 – – [02/Apr/2017:18:14:20 -0400] ‘GET /?s=2710R

    I have cPanel and ConfigServer. Mod_security is an option but there is not much we can do without taking out the regular searches.

    Any help would be greatly appreciated!!!

    Jason

    The blog I need help with is: (visible only to logged in users)

  • Unknown's avatar
    timethief · Member ·

    That site is not on our WordPress.COM servers. You are posting to the wrong support forum.

    WordPress.COM and WordPress.ORG are completely separate and have different username accounts, logins, features, run different versions of some themes with the same names, and have separate support documentation and separate support forums. Read the differences here http://en.support.wordpress.com/com-vs-org/

    This is wordpress.COM support. We provide support only for wordpress.COM hosted sites. Our support docs do not apply to
    (1) local installs of wordpress.ORG software on your own server or
    (2) wordpress.ORG software installs on paid hosting, and we do not provide support for them at wordpress.COM.
    (3) sites linked to wordpress.COM accounts with the Jetpack plugin so they display on the My Sites wordpress.com account page.

    Support for your site is found at http://wordpress.ORG/support/ The wordpress.ORG login link is here https://login.wordpress.org/ If you do not have an account yet then click Create an account https://login.wordpress.org/register/ and if you have lost an account password click Lost password? https://login.wordpress.org/lostpassword/
    WordPress.org support docs are at https://codex.wordpress.org/Main_Page
    See also https://apps.wordpress.org/support/ for app support.

    Some Jetpack solutions are here http://jetpack.com/support/
    Others are in the Jetpack support forum at WordPress.org
    http://wordpress.org/support/plugin/jetpack
    However, if help cannot be found at either one then they can file a Jetpack support ticket here > http://en.support.wordpress.com/contact/?jetpack=needs-service

  • The topic ‘Search Feature Attack’ is closed to new replies.