Skip to content

Site under attack

If your site is currently under a DDoS attack, password brute-forcing, or a bot flood, follow the steps in order. Connecting protection takes 10–15 minutes; it becomes effective after the NS servers change.

  1. Sign up and add the domain: Control panel → Domains → Add domain.
  2. In your registrar panel, replace the NS servers with:
nsbox.webshield.pro
nshub.webshield.pro
  1. Create the site DNS records in the DNS section and enable Proxy for A/AAAA/CNAME records — traffic will flow through the WebShield protection layer.

See the Quick start for the detailed procedure.

In the CDN and protection section, enable bot protection (browser check) for the attacked domain. Automated botnet clients fail the check and are filtered out before the request reaches your server.

An attack can bypass protection and hit the server IP directly if the attacker knows it:

  • make sure no DNS records still point to the real IP (old subdomains, mail., ftp., etc.);
  • if possible, ask your hosting provider to change the server IP after enabling protection;
  • allow inbound HTTP/HTTPS connections on the server only from WebShield addresses.

The Statistics section shows request volume, the blocked share, sources, and target URLs. This data tells you whether the attack is subsiding and which parts of the site are being hit.

  • Check that the domain status is Delegated and proxying is enabled for all site records.
  • Make sure the site no longer responds directly on the old IP.
  • Contact support — see the About page for contacts. Include the domain and the attack start time so we can help with rule tuning faster.