HELP! My client got a DDOS Attack! Need advice
-
Here the setup:
-
Server is hosted inhouse. It got attacked using a DDOS from 20+ IP addresses spoofing in different counries. Our server overloaded and didn't work anymore.
-
URL is registered at GoDaddy.
-
Signed up at Dreamhost. We pointed DNS to Dreamhost successfully.
-
Attacks kept coming and messed up other sites on the Dreamhost shared server. We didn't know we were being followed at first. We originally thought they were attacking the IP address on our inhouse server.
-
Dreamhost noticed the attack and put us on a seperate IP and disabled our URL until the attacks 'stopped'.
MY QUESTION IS:
What do I do if they don't stop? Close shop? 99% of the business is internet driven. This has to be the blackest Blackhat SEO ever.
-
-
Thanks for sharing GKLA, Very useful information . Thanks you all!
-
Take a look at this option: http://www.cloudflare.com/features-security
-
These IP were spoofing from many countries. They would disappear in minutes. Anyway, we found the main IPs that were attacking. YES YOU ARE RIGHT about identifying the one common factor. At 1st we thought blocking IPs would work, but when that didn't work, we started blocking the 'sytle' they were using.
-
It looks like you got this resolved. We went through something similar many years ago but we were lucky because our website is for the US only. The attack was coming in from China, Russia and several other European countries.
We simply blocked all countries except the US, Mexico and Canada in our Firewall.
You just need to identify the one common factor in the attack and filter that out through your firewall.
-
Update:
Switched to Amazon Cloud and got Amazon involved. They helped out by providing some tools. Basically we filtered the attacks by not accepting IPs who were transferring a certain amount of packets. Woot Woot! We have been up and running now for about 6 days with no problem. All I know is that the attacker had a browser with a Russian Language. The site Ship Car Overseas survived!
-
Update:
We dropped Dreamhost.com since they couldn't help. They were useless in this area.
We copied the DB and pointed the URL in GoDaddy to our new host at Amazon Cloud. Well, the DDoS attacks a still coming in. The site was up for a short while (I'm talking minutes) then refreshed the pages and the ISP says the site wasn't there anymore. Damn, this attacker is relentless. I will be enabling the Amazon Balance Loader tomorrow. If this renders the DDoS attack ineffective, then Amazon solves it. But I won't find out until tomorrow.
-
Here is what dreamhost said:
" it does indeed look like you were getting attacked yet again. Unfortunately there isn't much you or myself can do in these cases.. I've disabled your domain again and will re-enable it in a week. I'm hoping that by then, the attacker has given up and moved on. If this is not the case, I regret to say that you will need to find hosting elsewhere as we do not offer a DDoS protection service. Please let me know if you have any questions.Thanks! Jason Y "
In conclusion dreamhost can't help.
-
Thanks there cowboy. Dreamhost still has not replied. I think I'll keep everything tracked here just in case other people run into this DDOS problem in the future. So far this is what has happened:
- Dreamhost disabled our URL and we are still waiting for their response.
- I took the Database and transfered all files to a new domain.
- Launching a massive Adwords Campaign to make up for the loss of 3 days revenue.
The reason I decided to transfer the DB to a new domain was I don't want to be a sitting duck if Dreamhost says they can't help. I am pretty sure they can help, but I put into place my plan B just in case. I'll keep everyone posted.
-
Hey again Francisco, upon rereading your question, it looks like I went off half cocked when I answered it. I missed that you had solved the immediate problem and that you were wondering what course of action to takke if they don't stop. the attack
If someone continues deliberately attacking your site I'm thinking the only course of action is to change your domain name. It's not a good solution so I hope someone else chimes in with a better one.
-
Hello Francisco: Really sorry to hear bout this. Bummer!
I've never personally experienced a DDOS attack ,so I called the web host I use to get his advice. He said that Dreamhost should be able to offer some kind of DDOS mitigation service.He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
He also said that if the attack continued, they'd probably not want the account after a certain point. He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
One of the main reasons I use him is that he's always been helpful when I've had problems. He said that he'd be willing to host you for a month to see if he could help. His company name is TRK hosting
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Help! I need help with building a backlink campaign. Need best practices please.
Hello everyone. I am stuck. I need some good advice on how to build a whitehat backlinking campaign, and I need some advice regarding how to do this, and strategy. Thanks!
White Hat / Black Hat SEO | | RyanEly19860 -
Got dropped on Google rank - Tips to discover why please
Hi guys originally my website was poor ranked on Google. So, after sign in on Moz and follow their tips I achieved the 4th position for one of my keywords (amazing!). But a few days ago my page dropped to bellow the first 50th pages for this same keyword, but I didn't make any changes on it. Anybody has some tips of how can I discover/repair what happened? Thank you all in advance. Best regards Paulo
White Hat / Black Hat SEO | | phlcastro0 -
Being Link Attacked - Should I worry?
Hey, Hope everyone is well. Just a quick question. I hope to get an answer from Google officially (I've asked in their webmaster forums area) but any experience or opinions from the community here would be great. I noticed recently that our site started to get thousands of links from comments in random blogs from all across the web. This is nothing to do with us as we don't "build links". I can only assume it is a competitor trying to get our site hit by the algorithm for a particular search term, as all the anchor text (I estimate about 1,800 links with this anchor text) point to one page on our site that is ranking for that term. I recently removed the website from webmaster tools and re added, due to an unrelated issue about the a video rich snippet not updating, and all the links have just popped up today on there. Is this something I need to worry about? and should I start collecting all these domains and using the disavow tool to block the whole domain of these sites with the comments (some of them seem like genuine sites). There seem to be new ones everyday and it looks to be an ongoing attack as well. Thanks in advance!
White Hat / Black Hat SEO | | JonathanRolande0 -
Do pingbacks in Wordpress help or harm SEO? Or neither?
Hey everyone, Just wondering, do pingbacks in Wordpress help or harm SEO? Or neither?
White Hat / Black Hat SEO | | jhinchcliffe1 -
Web virus attack every second
Hello my wordpress has been constantly attacked every day, files were uploaded and redirections were made to others websites. I instaled sucruri pluggin paying the annual fee, and no result. They keep acessing the web. And i uploading backup security. Know i have instaled OSE wp firewall and seems that they are getting more dificulty accessing and uploading files. But still sending like 40 attacks every day. Is ther any way to stop this? were is some information of the blocked attacks LOGTIME: 2013-02-22 10:58:01 FROM IP: http://whois.domaintools.com/27.153.210.183 REFERRER: http://www.propdental.com/index.php?option=com_registration&task=register LOGTIME: 2013-02-22 10:52:09 FROM IP: http://whois.domaintools.com/2a00:1d70:c01c::69:61 URI: http://www.propdental.com/video//wp-admin.php FROM IP 40 attacks this ip every two seconds: http://whois.domaintools.com/2a00:1d70:c01c::69:61 URI: http://www.propdental.com/video//wp-admin.php ACTION: Blocked LOGTIME: 2013-02-22 10:49:10 FROM IP: http://whois.domaintools.com/103.31.186.82 URI: http://www.propdental.com/ METHOD: GET LOGTIME: 2013-02-22 10:37:10 FROM IP: http://whois.domaintools.com/120.43.11.251 URI: http://www.propdental.com/blog/tag/carillas-de-porcelana-cerinate METHOD: GET USERAGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11 REFERRER: http://www.propdental.com/blog/tag/carillas-de-porcelana-cerinate ACTION: Blocked LOGTIME: 2013-02-22 10:28:52 FROM IP: http://whois.domaintools.com/36.251.43.51 URI: http://www.propdental.com/ METHOD: GET USERAGENT: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4 REFERRER: http://www.buyclassybags.com/
White Hat / Black Hat SEO | | maestrosonrisas0 -
My website disapeared from google rankings, please help?
Our website url is http://www.phoria.com Around January 16th we disappeared from google for the keyword 'kratom' We were on page 3 for the longest time. We have no critical messages in webmaster tools however I did notice most of our links seem to be website directory links.We still rank for a couple terms like buy kratom on page 6.I think a google update occurred around this time so I've read however if we had a variety of links that went against google guidelines wouldn't we have received a message stating so in Webmaster Tools?This month has been very confusing to say the least. Any help would be appreciated.
White Hat / Black Hat SEO | | gregdotcom0 -
Black Hat? Is it really possible my new client paid someone to SEO the word "here"?
I just took on a client and first thing I saw in Webmaster Tools was the dreaded "Unnatural Link Patterns" message dated Apr 7th, 2012. MajesticSEO is reporting 212 backlinks, OSE is reporting 251. Nothing out of the ordinary, in fact they only anchor text is their brand. However, we then ran an SEO PowerSuite Crawl and found 429 backlinks with 78.1% of links use the anchor text "here" and 77.9% of all links point to the same URL. If this is indeed true I can see why they got the message from Google. The company has admitted they hired a service to do SEO for $299/mo for several months but when they saw no results they quit. Could this company really have gone after "here". It not, I can't find anything that would give them the message they got from Google Webmaster Tools.
White Hat / Black Hat SEO | | Dweber0