Luxembourg, – January 22, 2026 – WEDOS has deployed a new generation of Layer 7 attack detection and automated filtering rules based on the JA4 fingerprinting methodology, further strengthening the protection capabilities of its global security infrastructure. The new system is already being used in production to defend Czech government websites currently facing an ongoing multi-day attack campaign.
During the past days, multiple Czech government-operated websites protected by WEDOS have been exposed to sustained application-layer attacks combining HTTP/3 and TCP-based traffic patterns. Two such websites have been under active attack today, while another Czech government customer was targeted earlier this week on January 19, 2026.
“These are not simple high-volume floods. We are seeing a distributed and heterogeneous attack pattern, where part of the botnet operates at very low intensity. This makes the traffic harder to distinguish from legitimate users using traditional rate limits alone.”
Josef Grill, founder of WEDOS
Combining proven defenses with faster identification
WEDOS traditionally mitigates similar attacks using a multi-layered defense stack that includes:
- intelligent traffic filtering
- adaptive rate limiting
- behavioral rules
- and proprietary reputation and anomaly-detection systems
These mechanisms are already sufficient to keep customer services online. However, the newly deployed JA4-based detection significantly accelerates the identification of malicious clients at the TLS and application level.
JA4 allows WEDOS to fingerprint client behavior and TLS characteristics with much higher precision, making it possible to:
- quickly group malicious traffic generated by large botnets
- identify low-rate “stealth” attackers that try to blend in with legitimate traffic
- and apply precise, automated filtering rules with minimal impact on real users
“In practice, this means faster reaction times, lower collateral damage, and a more surgical approach to mitigation – even in complex Layer 7 scenarios.”
Josef Grill, founder of WEDOS
Real-world validation during live attacks
The new detection and filtering logic is being deployed and fine-tuned directly in response to the current DDoS attack campaign. Internal telemetry confirms that the attacks combine multiple techniques, including HTTP/3 requests, classic TCP-based patterns, and application-layer exhaustion attempts, all originating from a distributed set of sources.
Thanks to the combination of existing protection layers and the new JA4-based system, the affected Czech government websites have remained operational throughout the attacks.
Part of long-term strategy
The deployment of JA4-based detection is part of WEDOS long-term strategy to continuously improve automated attack mitigation, especially against modern application-layer threats that rely on:
- large distributed botnets
- enumeration attacks
- low-and-slow attack techniques
“Layer 7 attacks are evolving. Defense systems must evolve faster”
Josef Grill, founder of WEDOS
More information about WEDOS Global Protection is available at:
https://wedos.protection