Post · bonfire.cafe

Post

@rolle@mementomori.social · 3 months ago

How does a typical DDoS on a WordPress installation happen?

- A search-based DDoS attack by bypassing the cache
- Attacker sends a large volume of unique search queries so responses never hit the cache example ?s=something-xyz
- Each request becomes a cache miss, forwarded from network edge
- WordPress runs PHP + WP_Query for every request often triggering expensive database work.
- Repeated heavy queries exhaust CPU, memory and DB capacity so the website slows and eventually crashes.
- This is an Application-layer (Layer 7) HTTP flood that mimics normal user traffic.
- Key signals to look out for: huge spikes of /?s= requests in the logs, very high query entropy, cache-hit rate collapses.

Cache-busting search queries force every request through the database, turning cheap HTTP calls into expensive backend load.

Great Sysops lightning talk by Tiia Ohtokallio!

#WPSuomi #wpfi #WordPress #Sysops

A slide and press the presentation in WP Suomi seminar. Slide text: How does a typical DDoS on a WordPress installation happen?

- A search-based DDoS attack by bypassing the cache
- Attacker sends a large volume of unique search queries so responses never hit the cache example ?s=something-xyz
- Each request becomes a cache miss, forwarded from network edge
- WordPress runs PHP + WP_Query for every request often triggering expensive database work.
- Repeated heavy queries exhaust CPU, memory and DB capacity so the website slows and eventually crashes.
- This is an Application-layer (Layer 7) HTTP flood that mimics normal user traffic.
- Key signals to look out for: huge spikes of /?s= requests in the logs, very high query entropy, cache-hit rate collapses.

Cache-busting search queries force every request through the database, turning cheap HTTP calls into expensive backend load. — A slide and press the presentation in WP Suomi seminar. Slide text: How does a typical DDoS on a WordPress installation happen? - A search-based DDoS attack by bypassing the cache - Attacker sends a large volume of unique search queries so responses never hit the cache example ?s=something-xyz - Each request becomes a cache miss, forwarded from network edge - WordPress runs PHP + WP_Query for every request often triggering expensive database work. - Repeated heavy queries exhaust CPU, memory and DB capacity so the website slows and eventually crashes. - This is an Application-layer (Layer 7) HTTP flood that mimics normal user traffic. - Key signals to look out for: huge spikes of /?s= requests in the logs, very high query entropy, cache-hit rate collapses. Cache-busting search queries force every request through the database, turning cheap HTTP calls into expensive backend load.

msaari

@msaari@mementomori.social replied · 3 months ago

@rolle I’ve thought about this from spam perspective and the key is to stop spam search queries as fast as possible to stop WordPress from doing anything with them.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.2-alpha.2 no JS en

Automatic federation enabled