Website is being flooded [closed]

First of all, report whoever is doing it.

You obviously could block anything with a query-string that contains screw-you, but that’ll only help in this case.

Maybe Drop any requests with HTTP/1.0 (browser don’t use it, and “good” bots like google don’t either, but if you need to provide access to special tools, you might not want to do this), but you should keep a close watch over what requests get dropped by this to make sure that you don’t lose any legitimate traffic.

And of course, there are technical solutions that try to automatically discover this kind of traffic and block it. Have a look at CloudFlare, Incapsula, StackPath etc.

Related Posts:

  1. Tips for finding SPAM links injected into the_content
  2. Spam injected in w3 total cache page cache [closed]
  3. Has anyone developed a anti-spam plugin to simply allow users to BLOCK whatever they wish to, but one that will also go easy on IP addresses?
  4. SSL Error: unable to get local issuer certificate
  5. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
  6. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
  7. Why does the URL http://a/%%30%30 crash Google Chrome?
  8. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site?
  9. Can an attacker use inspect element harmfully?
  10. Where does Internet Explorer store saved passwords?
  11. Infected Files – what to do [closed]
  12. WordPress 4.7.1 REST API still exposing users
  13. Should I escape wordpress functions like the_title, the_excerpt, the_content
  14. When to use esc_html and when to use sanitize_text_field?
  15. Why does WordPress have more than one salt?
  16. What is the ideal setup to address security concerns?
  17. Will there be security updates for 3.1 once 3.2 is released?
  18. WordPress it’s cleaning a custom query_var to avoid sql injections?
  19. Close a wordpress blog – keep site as it is but prevent hacks
  20. Is WordPress vulnerable to the httpoxy?
  21. Prevent setup-config.php page from appearing when host blocks database
  22. wp.getUsersBlogs XMLRPC Brute Force Attack/Vulnerability
  23. WordPress and Security
  24. Is there a security risk giving someone temporary access to my blog’s code?
  25. Is /wp-login.php?redirect_to[] exploitable?
  26. How to properly sanitize/secure a WP Query coming from the front end
  27. brute force attack even though it is limited by IP
  28. What should I do about hacked server?
  29. How do I authenticate WP users from a chrome extension?
  30. Strategies for coping with hyperagressive spambots?
  31. Is the “lost password” feature truly a vulnerability?
  32. Is it possible to reduce the minimum character length for passwords?
  33. Handling email piping attachments and detecting unsupported file types
  34. Why was my blog post inserted lot’s of ad links by others?
  35. Should I Worry About SQL Injection When Using wp_insert_post?
  36. Auth cookie value security risk?
  37. Is there a way for a user to have an alias?
  38. Security – Shortcode injection attack
  39. Registration Plugin – Recaptcha integration
  40. How to combat flooding admin-ajax.php?
  41. When is wp_set_password() called or how to capture a password
  42. Moving away from MD5: Where to declare the custom global $wp_hasher?
  43. Would it be dangerous to send all the wp_options to javascript file?
  44. Frequently getting attacks on admin-ajax.php, wp-cron.php, xmlrpc.php and wp-login.php
  45. Should I disable directory listing for wp-includes?
  46. How to get WordPress to send Password Reset Link Email instead of New Password?
  47. Safety side of storing emoji into database
  48. Verifying that I have fully removed a WordPress hack?
  49. Large Session Tokens
  50. How can I safely hide the fact that my website runs on WordPress? [closed]
  51. How to change permissions of WordPress and/or apache on macOS securely?
  52. How can I display nickname instead username in links
  53. My WordPress Websites are always under attack
  54. Is there value in using a wp_nonce for POST requests?
  55. Using an Encryption class in a WordPress Plugin
  56. How to hide easy access to my website temporarily?
  57. Can I Remove xmlrpc.php completely?
  58. Config file with no Keys..?
  59. How much should I worry about these messages?
  60. Security concerns with external links
  61. Uploading .webm format on WordPress results in security guidline breach and fail
  62. Any any insecure http:// URLs left in wordpress?
  63. White screen of death on admin pages after moving wp-config up two levels for security
  64. .htaccess password protection bypassed
  65. Session Cookie security questions
  66. Storing FTP details in wp-config.php
  67. Can a WordPress administrator see other users’ passwords?
  68. Why my plugins are updating automatically?
  69. Privilege escalation bugs in 2.9?
  70. Content-Security-Policy blocks WordPress check boxes from being activated
  71. How to distinguish between a hack and an encoding error?
  72. Prevent editor from adding script or form
  73. How to change location of wp-config.php to folder or 2 folders up?
  74. wordpress admin security
  75. Remove hacked code – out of ideas! [closed]
  76. How to stop direct HTTP POST to a PHP script?
  77. Why do people use “admin” username by default? [closed]
  78. WordPress Database Re-installed (Hacked)
  79. Using htaccess to prevent spam through wp-comments-post.php
  80. WordPress Security tools
  81. Robots.txt file not updating
  82. Security: Critical backend outside of wordpress
  83. Advice On How to Backup WordPress
  84. How can I stop other plugins from using my class’ sensitive methods?
  85. What are WordPress Current Security Issues in 2017?
  86. wp-config.php moved above root results in no plugin updates
  87. Password-protect feed and make it usable in major aggregators
  88. Should I change the default file and folder permissions?
  89. How to rewrite rules for WP-security in Nginx?
  90. how to find the way they hacked my WP site
  91. Is it a bad idea to CHMOD 777 all the files on your site?
  92. How to stop repeated hack on header.php of custom theme? [closed]
  93. is this code properly secured
  94. nginx + wordpress: Best practices for configuring it to be secure, reliable, and fast? [closed]
  95. How to get real password (before encrypt) when register a user?
  96. Move data from wp-config to another file
  97. Heartbleed: What is it and what are options to mitigate it?
  98. Dealing with HTTP w00tw00t attacks
  99. OpenVPN vs. IPsec – Pros and cons, what to use?
  100. How to test if my server is vulnerable to the ShellShock bug?
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)