DDoS attacks

[ayz1]

Has anybody been hit by a DDoS attack recently and if so has anyone any advice on how best to deal with it?

[bsmither]

Professional hosting providers have two solutions:

* wait it out

* pay for a service (somewhat expensive) to intercept the bogus page requests

 

I have a Wordpress site (and I have looked at logs of others) and have seen thousands of requests a day to log in.

 

You will be given advice that suggests this is most likely not personal.

[SimChris]

Bsmithers advice is good.

 

We have our own server, and we look at the daily logs to see who might be attacking us. Last big attack was during the superbowl.

 

Basically the firewall/CSF etc. will try to blog port scans and minor port floods, but a big attack requires you to switch on some special software, monitor it and then manually block the offending "ranges" of IPs (often in Russia, China, etc.).

 

Your web hosting provider should be able to look at your logs and see who/what is messing with you. Often one big robot can take down your site.

 

Port scans, port floods ... these are normal automated hack attempts wihich will try to get into any well known ecom system, wordpress site, etc.

 

For best practices, make sure you've changed your admin script from admin.php to something else.

[ayz1]

Thanks for the replies. This attack has been ongoing since the second week in December so quite a sustained attack.

 

I've played the waiting game and I have protection on the website from a third party.

 

Our Google ranking is shot to bits because I have such a high protection level on the site load time is very slow as it has to go through security checks before allowing access to the website. If I take the security off or reduce it the server crashes instantly and brings down all our other websites with it.

 

We had a 1st page ranking for all of our main keywords and now we are back on page 2 and 3 so might as well not exist. So this is serious.

 

I'm wondering if I take the website down completely for a few days might this stop the attack.  Would moving to a new server make any difference?

 

We have another website that is on another server and that was hit recently too but it was another website on its server that was attacked but the protection that the host has put in place seems to have had a detrimentale impact on our google rankings too so in the process of moving that one.

 

I really need to solve this so looking to find a solution we can all implement if it happens to any of us hard working Cubecarters.

 

This can seriously hit an online business and cost people their jobs.

[havenswift-hosting]

Thanks for the replies. This attack has been ongoing since the second week in December so quite a sustained attack.

I've played the waiting game and I have protection on the website from a third party.

A DDoS attack going on since December ? That sounds very unlikely - what evidence do you have that it is a DDoS attack and that it is directed at your website ?

Our Google ranking is shot to bits because I have such a high protection level on the site load time is very slow as it has to go through security checks before allowing access to the website. If I take the security off or reduce it the server crashes instantly and brings down all our other websites with it.

 

We had a 1st page ranking for all of our main keywords and now we are back on page 2 and 3 so might as well not exist. So this is serious.

What "protection" do you have installed on your site / server that causes this - no correctly configured protection should ever have this sort of effect. That being said, while site speed is one of the several hundred ranking factors that Google uses, it is extremely unlikely that this by itself would have caused the ranking drop - this is much more likely caused by other factors such as being hit by one of the Google ranking algorithm changes or incurring a penalty for having a bad backlink profile !

I'm wondering if I take the website down completely for a few days might this stop the attack.  Would moving to a new server make any difference?

 

We have another website that is on another server and that was hit recently too but it was another website on its server that was attacked but the protection that the host has put in place seems to have had a detrimentale impact on our google rankings too so in the process of moving that one.

Without details of how the attack is being conducted, what "measures" the host has put in place, who the host is, what your setup is (Shared hosting or dedicated server) it is impossible. We run a large number of shared hosting servers and some dedicated servers for larger clients and while all are subject to the normal background scanning (this can number in the tens per second attempts 24/7) standard firewall measures easily cope with this. If you are on a shared hosting platform then the hosting company would not allow such DDoS attacks to continue as it would affect all users on that server and could affect their network as a whole. If you are on an unmanaged dedicated server then they are less likely to help unless it is having a detrimental effect on their network as a whole.

For a targeted attack then there are other measures that can be put into place some of which incur some fees but large scale targeted attacks are generally only directed against large, very busy websites.

If you would like to message me offline to discuss more specific details then please do - this should be something that should be easily fixable

Thanks

Ian