Question

How to effectively combat proxy attacks

Posted January 6, 2022 83 views
Nginx

https://vooboutique.com/ is using some method to load to our site https://medicalmonks.com/

We tried the solutions documented at https://stackoverflow.com/questions/47237633/nginx-restrict-domains

but somehow they weren’t effective. We’re currently using .js to redirect back to us, but it seems like there should be a better solution.

We contacted godaddy, cloudflare, and the company hosting the malicious domain, but amazingly nobody wants to take action.

The ticket we submitted to DO went completely unanswered.

Does anyone have experience with these sorts or proxy attacks? Any insights would be appreciated.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi there,

I have just checked this and it looks like that the site is no longer loading your content but instead is being redirected to your website directly. Meaning that the solution that you’ve implemented from the link that you’ve shared seems to have worked as expected.

Let me know if you have any other questions.
Regards,
Bobby

  • Hi Bobby. Thanks for this. I guess we were wondering if anyone had some suggestions on how to immediately deny the requests, as opposed to redirecting them as we are now. We tried implementing some things on nginx as the examples lay out in the stack overflow documentation I referred to, but they didn’t work for some reason. Do you have any idea why, or maybe even better, can you speak to how the attacker is doing what they’re doing. TYIA. /A

    • Hi there,

      In your case, as there is 1 specific domain, what you could do is to create a dedicated server block for it and deny the traffic as follows:

      server {
          listen 80 vooboutique.com www.vooboutique.com;
      
          location / {
              deny all;
          }
      }
      

      That way if anyone tries to visit vooboutique.com Nginx would deny the access and return a 403 Forbidden message.

      Hope that this helps!
      Best,
      Bobby