Question

How to protect server from getting spammed?

Posted June 25, 2016 2.5k views
UbuntuSecurityLEMP

I have a VPS on digital ocean and running wordpress website. My server always crushes down everyday because of attacks.
I have Wordfence plugin installed on my site but it is not sufficient. I dont know how to solve this issue.

I always get 502 gateway error. can you help me?

Add a comment
letmehelpyoubro
By:
letmehelpyoubro
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
Zachary_DuBois June 26, 2016

Spam is a large issue that is never solve using one solution. I too use Wordfence on my WordPress site but that isn’t a major spam protector. There are other systems such as DNSBLs that are more effective.

  1. Try the no installation required method which is pasting a file that contains a lot of keywords that are used by WordPress spammers. Here is the link to the Github repo.
  2. Try installing and setting up Stop Spammers Spam Prevention which uses several several methods of finding and locking out spammers. Make sure to configure all of the settings as it can break things such as web hooks from 3rd parties.
  3. Try configuring in the Stop Spammers Spam Prevention DNSBL section with a Stop Forum Spam API key, a Project Honeypot API key, and a BotScout API key.
  4. If all the above don’t resolve the issues, start banning IP ranges and/or countries. This method should be avoided to enable everyone to see your site and to promote an open web.

Again, if you could stop all spam, you’d have a billion dollars in your pockets.

Reply Report
  • letmehelpyoubro June 27, 2016

    Thank you man i will give them a try

    What could be the problem on the server side?

    i have ufw enabled. but maybe my server has lack of security?

    what are the must have security applications for server?

    Reply Report
    • Zachary_DuBois June 28, 2016

      Blocking all unused ports prevents a lot already. If you’re using SSH keys with no password auth and not using the root user, you are off to a good start. There are a few tutorials on securing your system.

      Pretty much, follow Initial Server Setup with Ubuntu 16.04 (Assuming you’re on Ubuntu) and then carefully read through this.

      An Introduction to Securing your Linux VPS
      by Justin Ellingwood
      Linux security is a complex task with many different variables to consider. In this guide, we will attempt to give you a good introduction to how to secure your Linux server. We will discuss high-level concepts and areas to keep an eye on, with links to more specific advice.
      Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help