Powered by Adobe Commerce 2.4.5

ddosattackprotection.png

DDoS Attack Protection

PRODUCT:
0
TOTAL:

Overview

Back to top

These days we frequently face severe performance drop of Magento 2 stores (rarely, stores crash completely), both our clients' and ours. Some tend to blame new updates, newly implemented extensions, or DB that's known to get bigger with time. While each might be the case, often it might be a targetted and smart DDoS attack from rivals or extortioners. Generally, DDoS (Distributed Denial of Service) are divided into two types.

  1. An intense and distributed attack with 1000+ requests/second. Such requests are sourced from large zombie-networks with unique IP addresses, different geo-locations, and plausible User Agents. We will be honest here saying this kind of attacks is rather hard to withstand using our extension. What the latter could do is minimize the load by 100-200 times. This kind of attack requires much more significant measures.
  2. A small and smart attack that targets the slowest and the most sensitive non-cached pages using various parameters in URL. It would be sufficient executing from 50 to 100 heavy requests like this to make a Magento 2 website hardly accessible (tested with the latest clean Magento 2 with the latest patches and above-average server configuration). Nowadays, it doesn't take a mastermind or a zombie-network to create such a disaster. There are many proxy services using which one could commence an attack representing it as an SEO audit, e.g., semrush.com/bot.html, ahrefs.com/robot/, opensiteexplorer.org/dotbot, moz.com, you name it.

To guard you from such attacks, we built the extension capable of detecting suspicious requests aimed to your website, analyzing them, and blocking bots using filters.

 

Account & Pricing

If you don't have a Google account needed to enable Emergency mode (see detailed description below), you will need to register for one. The reCAPTCHA service is offered free of charge. 

The extension does not provide keys during the installation of the module. Since the module relies on the Google service, you must first obtain a pair of the 'Site and Secret' keys created for your domain(s) in the Google Admin Console. FYI, this is also the place to review the captcha statistics later.

 

Features

  • Emergency mode for situations when bots aren't identifiable by certain parameters – one-time reCAPTCHA (both Google reCAPTCHA v2 and v3 supported) 
  • Verifies Googlebot bypassing filters and/or reCAPTCHA
  • Monitors suspicious requests avoiding Full Page Cache
  • Filters bots and protects from DDoS attacks by user agent, IP address, specific parameters, including their maximum number, sent data size, etc.

 

Detailed Description

 

Emergency

Can be applied if bots can't be identified by certain signs. It is a special mode that lets one keep the store in a working capacity. Any customer is shown CAPTCHA once. After passing it, the Magento store should look and work as normal. CAPTCHA is represented by either Google reCAPTCHA v2 or Google reCAPTCHA v3 and doesn't affect Googlebot to make sure the store remains indexable. However, Googlebot gets verified.

Monitoring

This tool controls slow requests, max number of sent parameters, and sent data size. The requests that match the filter requirements (see below) are logged in a special grid where an admin user can find more information like full URL, referrer URL, IP address, User-Agent, execution time, GET, POST and sent files data, customer ID, date and time. This is where you can analyze incoming traffic. We do not recommend keeping the setting on to avoid an additional (~1%) load for pages.

Filtration

After monitoring and analyzing data, you can configure the filters. Requests can be blocked by User-Agent, IP address, parts of URL, certain sent parameters, their number and size.

 

Be aware that any attack against your store is always unique and has its peculiarities. Should you need tailored approach or help configuring the extension, let us know (support).

 

Demo

Store DemoAdmin Demo

Technical Specifications

Back to top

Seller profile

SafeMage

Seller contact

E-mail

Current Version

2.2.1

Adobe Commerce platform compatibility

Open Source (CE): 2.3 (current), 2.4 (current)

Commerce on prem (EE): 2.3 (current), 2.4 (current)

Type

Stable Build

Updated

31 July, 2022

Categories

Extensions, Site Optimization, Site Monitoring, Performance

Quality Report

Back to top

Installation & Varnish Tests

Passed

Coding Standard

Passed

Plagiarism Check

Passed

Malware Check

Passed

Marketing Review

Passed

Manual Testing

Passed

All tests were conducted on the latest versions of Adobe Commerce that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.

Release Notes

Back to top

2.2.1:

  • Compatible with Open Source (CE) : 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.3 2.4
  • Stability: Stable Build
  • Description:

    • Added support for Magento 2.4.4 and PHP 8.1.

2.1.0:

  • Compatible with Open Source (CE) : 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.3 2.4
  • Stability: Stable Build
  • Description:

    • Added Emergency mode.

Support

Back to top

The best place to start if you need help with a specific extension is to contact the developer. All Adobe Commerce developers have both a contact email and a support email listed.

Contact Vendor

Q & A

Back to top

Reviews

Back to top