My site has a member section protected by .htpasswd/.htaccess. We occasionally get brute force attacks guessing logins, and yesterday was the worst so far lasting 6 hours. At its peak our VPS load went over 40 (it sits around 1 to 3 in normal operation). As a result, the site ran too slow to use during those hours e.g. a page that usually loads in 1 second taking 12-20 seconds instead.
Would upgrading to a dedicated server improve things, i.e. allow the site to operate at a usable speed even when under such an attack? My thinking is that a dedicated server would give us the full CPU available rather than a portion as we have now, so we would have much more processing power and the load would be a lot less (depending on how many customers are on each VPS, and the spec of a dedicated server v. VPS)
BTW we already have third-party software in place that detects such attacks and blocks those IP addresses automatically. This attack used 320 IP addresses, so I’m guessing not much more can be done on that side. We would willingly switch to a dedicated server if it means these attacks would not slow down the site so greatly.
Many thanks for your comments.