Control Web Panel

Security => Mod_Security => Topic started by: anandmys on September 24, 2025, 12:23:12 PM

Title: Huge traffic
Post by: anandmys on September 24, 2025, 12:23:12 PM

Hi

One of my VPS is seeing sudden huge traffic and most of the accounts have got suspended with very high bandwidth usage like 500%, 1000% use etc.

I have manually unsuspended accoungts using

/scripts/cwp_api account reset_bandwidth USERNAME

Changed mod security option from

OWAS old to Comodo seems to have reduced bandwith usage in live monitoring

Any suggestions/ views on this?

Title: Re: Huge traffic
Post by: overseer on September 24, 2025, 01:04:19 PM

Are you using Cloudflare for DDoS protection? What do your sites run -- WordPress mostly? If so, are they running a web application firewall (WAF) such as Wordfence? Are all plugins up to date?

Title: Re: Huge traffic
Post by: anandmys on September 25, 2025, 06:47:11 AM

This is a server where I have given shared hosting to 15 different people.

Many have wordpress.

Difficult to monitor each instance.

But some of the accounts which used huge bandwidth are not built with wordpress

Setting Mod Sec to Comadodidnt work. It actually stopped apache and because sites were down, traffic got reduced

Title: Re: Huge traffic
Post by: Starburst on September 25, 2025, 06:48:33 AM

ModSecurity with the latest OWASP CRS ruleset takes care o allot of these.
The Comodo ruleset if now over a year old, and is dead.

Also as @overseer mentioned, Cloudflare's Proxy helps, but only if they hit the domain name.
If they try a DDoS against your IP, then it doesn't help.

Unfortunately dealing with these script kiddies is part of the job anymore.

Then you have all these scanners from the hacker groups constantly hitting stuff.
censys and leakix are really bad if you look at the logs.