-2

I run a Wordpress on EC2 at AWS and I am facing the following issue:

More than 2 days ago, the CPU went straight to 100% and the load balance up to ~20+ (for a 4-vcpu server) out of the blue.

Being unable to understand what is going on, I activated "I Am Under Attack" mode on Cloudflare (https://blog.cloudflare.com/introducing-im-under-attack-mode/) which brought things back to normal (~15% CPU, <1 load).

Since then, as soon as I disable the "under attack" mode, the exact same happens, crazy CPU, crazy load. I switch it back on, things go to normal.

Additionally, I am monitoring with tcptrack -i eth0 and I see new connections coming in from different IPs when I turn off the Cloudflare protection.

Should I conclude that this is a DDoS attack? What can I do other than siting behind the Cloudflare firewall and how long can it last?

Thanks for any tips

user3367364
  • 1

1 Answers1

3

You need to look at your Apache logs, to understand what the incoming requests are before jumping to any conclusions. Might not be DDOS could be simply a badly coded page getting lots of traffic, or your site might have gone viral on social media... look at your Apache logs or get some analytics happening to work out what's going on before deciding on any plan of action.

Nath
  • 1,362