Threats of website being "shut down" by users (thr

If I'm receiving threats that certain people are going to try to bring down the site, what type of precautions can I take to reduce this from happening? Let's say they do… would I just contact Linode for help? I wish they had a manged service… I would pay for it.

5 Replies

Take backups now, make sure you're running up-to-date software, verify that you've got strong passwords for any web applications and that you've got the basic security changes set (like using public/private key authentication only, instead of allowing password authentication for ssh).

Scan your computer for viruses, watch your logs, etc.

Good advice on the backups.

An attack on a linode might actually get you some help since it will impact other users as well. I can't speak for Linode, though. I hope they'd help a little if a(n innocent) customer needed some serious expert help. Locking down SSH is good…maybe you should lock it down a little harder than normal for awhile (only allow yourself, or create a new user just for this time period with a totally new password). But most likely they'll just DOS or DDOS you. Are we talking script kiddies or anonymous? A good firewall might help, there's an iptables module "recent" that CSF can use to limit floods from a single IP. Not useful for DDOS though. At that point you probably need help from the guys that manage the network hardware.

Keep an ssh session open, maybe.

If you're hosting multiple sites, and you're OK with the target site going down for awhile, point the DNS somewhere else, maybe another linode with a static web page, until you can get a handle on things.

If you don't have fail2ban or CSF/LFD running, install now and limit login attempts to 3 and permblock anything above that. You can always relax it later. Wordpress->login lockdown. HTTP basic auth -> LFD can catch those. Stop if it's running…go command line for awhile.

Someone smarter will note if this is crap advice. I hope it's all an idle threat. For many of us this would be the equivalent to throwing a 6-gallon molotov cocktail of napalm through a retail store window.

If you use Ubuntu or recent Debian, ufw can block any ip after x number of bad attempts/logins.

sudo ufw limit ssh

for example.

If you're the only person who needs SSH access, it might be a good idea to turn off SSH altogether and rely on Lish until the threat is over. No service is as secure as a service that isn't running. (Use Lish over regular SSH, not the lame AJAX version in the Dashboard.)

Also, fully update whatever web app you're using, such as Drupal or WordPress. Disable unnecessary plugins and update the rest. SQL injection is by far the easiest way to attack a web site these days, so you absolutely don't want to be running a vulnerable web app.

On the other hand, if you're using an outdated app that can't be updated – such as Gallery 2 or phpBB 2 -- then you might as well turn off the site now and work on a full upgrade.

Do you run a commercial site?

If not, then what would the pay off be in taking down your site?

So laugh in their face and spit in there eye.

Post the email/ip address of the wanna be hackers and ridicule them out of your hair.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct