Site under attack
If your site is currently under a DDoS attack, password brute-forcing, or a bot flood, follow the steps in order. Connecting protection takes 10–15 minutes; it becomes effective after the NS servers change.
1. Connect the domain to WebShield
Section titled “1. Connect the domain to WebShield”- Sign up and add the domain: Control panel → Domains → Add domain.
- In your registrar panel, replace the NS servers with:
nsbox.webshield.pronshub.webshield.pro- Create the site DNS records in the DNS section and enable Proxy for
A/AAAA/CNAMErecords — traffic will flow through the WebShield protection layer.
See the Quick start for the detailed procedure.
2. Enable the browser check
Section titled “2. Enable the browser check”In the CDN and protection section, enable bot protection (browser check) for the attacked domain. Automated botnet clients fail the check and are filtered out before the request reaches your server.
3. Hide the origin server IP
Section titled “3. Hide the origin server IP”An attack can bypass protection and hit the server IP directly if the attacker knows it:
- make sure no DNS records still point to the real IP (old subdomains,
mail.,ftp., etc.); - if possible, ask your hosting provider to change the server IP after enabling protection;
- allow inbound HTTP/HTTPS connections on the server only from WebShield addresses.
4. Monitor the attack
Section titled “4. Monitor the attack”The Statistics section shows request volume, the blocked share, sources, and target URLs. This data tells you whether the attack is subsiding and which parts of the site are being hit.
If the attack continues
Section titled “If the attack continues”- Check that the domain status is Delegated and proxying is enabled for all site records.
- Make sure the site no longer responds directly on the old IP.
- Contact support — see the About page for contacts. Include the domain and the attack start time so we can help with rule tuning faster.