Good news — faster websites and CiviCRM performance is here!
If you’ve noticed your website or CiviCRM running slower than you’d like at times, one of the main causes has been the sharp rise in unwanted traffic from bots, scrapers and hackers. We’re continuing to improve our hosting services to boost performance and defend against that rise, using best-practice AWS security tools, especially AWS WAF, along with custom rules designed around the actual traffic patterns we see.
What’s been happening
Websites and CiviCRM perform fantastically on AWS servers when they are free from bad traffic, but over the last few years the volume of hostile and unwanted traffic has increased dramatically. What can look like a hosting problem or random slowdown is often something quite different: repeated automated requests hitting sensitive parts of a site, dragging down performance and creating unnecessary load.
How we’re responding
We’ve had some recent success with this work at MelbPC. What first looked like outages or ordinary performance issues turned out to be hostile traffic repeatedly hitting sensitive parts of the site. We used AWS WAF at the edge, backed by managed protections such as Bot Control, IP reputation, anonymous IP and Anti-DDoS rules, then used our own log analytics tools and ELK-based monitoring to identify traffic behaviour, separate real users from bad actors, and work out exactly what was still getting through. From there we created custom rules, some applied in WAF and some at the server level, because WAF is powerful but not always enough on its own.
Why website traffic is increasing
Website traffic is rising across the board, but a growing share of it is not from normal human visitors. Bots, scrapers, hackers, AI services and other digital platforms are increasingly crawling websites to gather content, build indexes and feed their own systems. Even when that traffic is not directly malicious, it still adds load, and combined with hostile traffic it can drag down website and CiviCRM performance.
The outlook
We’re continuing to invest in AWS so our clients benefit from its global defences, early detection capabilities and best-practice security tools. On top of that, we apply our own monitoring, log analytics and custom rules at both WAF and server level to manage both hostile traffic and other high-volume unwanted activity. Combined with BobCares’ 24/7 monitoring and support, this helps our Support Team stay vigilant and keep client sites safe, stable and performing well.