How to defend my sites vs Hackers

[nicoocattaa]

Hellos guys, I wonder if anyone can give me some advice, or place where I should start (since online security has so many information that I dont know where to start)
I use vesta+ubuntu and then I have a web page with Prestashop plataform, sometimes I get some kind of DDOS, people or bots click at an option in my site to Share with a friend via email, they clicked 6 times every second to mails that are not real.
I just cancel that butom in my site,... but then I dont know how its gona be next.
Already live when someone exploit VESACP in april and my site was down 2 days, and I run an Ecommerce. I cant let that things happen.

Any info will be thankful!

[Prime_]

Hellos guys, I wonder if anyone can give me some advice, or place where I should start (since online security has so many information that I dont know where to start)
I use vesta+ubuntu and then I have a web page with Prestashop plataform, sometimes I get some kind of DDOS, people or bots click at an option in my site to Share with a friend via email, they clicked 6 times every second to mails that are not real.
I just cancel that butom in my site,... but then I dont know how its gona be next.
Already live when someone exploit VESACP in april and my site was down 2 days, and I run an Ecommerce. I cant let that things happen.

Any info will be thankful!

There is no definite solution to your problem, but here comes a checklist of what you can do to prevent it from happening:

* Write a custom rule for Fail2Ban that bans a user that does a certain action, such as trying to bruteforce login page or so.

* Change to a provider that have a reliable DDoS-protection that filter out the traffic upstream - you won't be able to block it on the server itself as it clogs up the bandwidth.

* Install ModSecurity with the Owasp ruleset to prevent SQL-injections, XSS attacks and such.

* Update your server to Linux kernel 4.x and change to FQ traffic scheduler.

* Install CSF to detect attacks on the server

[mehargags]

Hellos guys, I wonder if anyone can give me some advice, or place where I should start (since online security has so many information that I dont know where to start)
I use vesta+ubuntu and then I have a web page with Prestashop plataform, sometimes I get some kind of DDOS, people or bots click at an option in my site to Share with a friend via email, they clicked 6 times every second to mails that are not real.
I just cancel that butom in my site,... but then I dont know how its gona be next.
Already live when someone exploit VESACP in april and my site was down 2 days, and I run an Ecommerce. I cant let that things happen.

Any info will be thankful!

The problem of "too many clicks on your site" is not DDos, this happens when you do marketing stuff and promote your site, many people receive your site's links through referrals and try to click randomly. You may want to use "Negative keywords" and optimize your marketing, plus secure your mail sending function for accidental clicks.

It is also not related to the VestaCP April 09 hack, please don't mix conclusions without having sound knowledge about webservers and how things work. This misleads many more new users and readers on the forum.

This forums has enormous links and discussions to secure your server and sites, however please know that Security is a process, not a product. It needs to be constantly monitored and hardened at many levels, your app, server, DNS and more. It needs patience and research to learn, there isn't a magic set of rules anyone can give you in straight reply.