[ic] Malicious DDoS attack causing interchange to fail Extent of problem

gert at 3edge.com gert at 3edge.com
Thu Aug 7 21:36:05 UTC 2025 

Another idea may be to use https://metacpan.org/pod/Geo::IP2Location .. They
have a free 'limited accuracy' database:
https://lite.ip2location.com/ip2location-lite#database
If your market is mainly US then that may help split out IPs from other
locations and you could show a page to contact in case block is not correct.

You'd have to write some code to catch the IP location and redirect visitors
accordingly .. 
I think I had built it in a site at one point, I remember there was a geo-ip
tag, but I think it worked with the Maxmind database and I don’t think they
offer a free version anymore.

Good luck!

Gert


-----Original Message-----
From: interchange-users <interchange-users-bounces at interchangecommerce.org>
On Behalf Of DB via interchange-users
Sent: Thursday, August 7, 2025 11:40 PM
To: davideth--- via interchange-users
<interchange-users at interchangecommerce.org>
Cc: DB <db at m-and-d.com>
Subject: Re: [ic] Malicious DDoS attack causing interchange to fail Extent
of problem

I have been using Cloudflare for this on their free plan. I have a script
that checks the server CPU load, and if above a threshold, sets Under Attack
mode to on for 3 hours via and API call.Works pretty well and costs nothing.

DB

On 8/7/25 2:45 PM, davideth--- via interchange-users wrote:
> Checked the usertrack log that was cleared and restarted 5 Aug 2025 ( 3 
> days ago ).
> 
> 
> I log VIEWPAGES to usertrack, to see what customers look at but ...
> 
> there was 2.2 million lines in 3 days, 99 percent were 1 time accesses I
hav 
> to pages  VIEWPAGE =  .....  and the pages included pages that are not 
> normally accessible.
> 
> That is about 700,000 accesses a day ( averaging 480 pages a minute or 8 
> pages a second )  while the normal number of visitors is between 20 to 
> 40 a day.
> 
> because of this, it is often 20 seconds up to 2 minutes or longer for a 
> page to load for a legitimate user. ( Note also that this is for 1 site 
> of 80 on this server )
> 
> I sorted the file by IP in a spreadsheet and there was many that only 
> accessed 1, 2, or 3 pages in the 3 days period.
> 
> First, I would go broke using something like Recaptcha or cloudfare. 
> Just can not afford.
> 
> Would really appreciate some help and this is important to update in 
> interchange because sooner or later this sort of malicious attack might 
> happen to other Interchange sites.
> 
> 
> David
> 
> 
> 
> 
> 
> _______________________________________________
> interchange-users mailing list
> interchange-users at interchangecommerce.org
> https://www.interchangecommerce.org/mailman/listinfo/interchange-users

_______________________________________________
interchange-users mailing list
interchange-users at interchangecommerce.org
https://www.interchangecommerce.org/mailman/listinfo/interchange-users

More information about the interchange-users mailing list