HELP! My client got a DDOS Attack! Need advice
-
Here the setup:
-
Server is hosted inhouse. It got attacked using a DDOS from 20+ IP addresses spoofing in different counries. Our server overloaded and didn't work anymore.
-
URL is registered at GoDaddy.
-
Signed up at Dreamhost. We pointed DNS to Dreamhost successfully.
-
Attacks kept coming and messed up other sites on the Dreamhost shared server. We didn't know we were being followed at first. We originally thought they were attacking the IP address on our inhouse server.
-
Dreamhost noticed the attack and put us on a seperate IP and disabled our URL until the attacks 'stopped'.
MY QUESTION IS:
What do I do if they don't stop? Close shop? 99% of the business is internet driven. This has to be the blackest Blackhat SEO ever.
-
-
Thanks for sharing GKLA, Very useful information . Thanks you all!
-
Take a look at this option: http://www.cloudflare.com/features-security
-
These IP were spoofing from many countries. They would disappear in minutes. Anyway, we found the main IPs that were attacking. YES YOU ARE RIGHT about identifying the one common factor. At 1st we thought blocking IPs would work, but when that didn't work, we started blocking the 'sytle' they were using.
-
It looks like you got this resolved. We went through something similar many years ago but we were lucky because our website is for the US only. The attack was coming in from China, Russia and several other European countries.
We simply blocked all countries except the US, Mexico and Canada in our Firewall.
You just need to identify the one common factor in the attack and filter that out through your firewall.
-
Update:
Switched to Amazon Cloud and got Amazon involved. They helped out by providing some tools. Basically we filtered the attacks by not accepting IPs who were transferring a certain amount of packets. Woot Woot! We have been up and running now for about 6 days with no problem. All I know is that the attacker had a browser with a Russian Language. The site Ship Car Overseas survived!
-
Update:
We dropped Dreamhost.com since they couldn't help. They were useless in this area.
We copied the DB and pointed the URL in GoDaddy to our new host at Amazon Cloud. Well, the DDoS attacks a still coming in. The site was up for a short while (I'm talking minutes) then refreshed the pages and the ISP says the site wasn't there anymore. Damn, this attacker is relentless. I will be enabling the Amazon Balance Loader tomorrow. If this renders the DDoS attack ineffective, then Amazon solves it. But I won't find out until tomorrow.
-
Here is what dreamhost said:
" it does indeed look like you were getting attacked yet again. Unfortunately there isn't much you or myself can do in these cases.. I've disabled your domain again and will re-enable it in a week. I'm hoping that by then, the attacker has given up and moved on. If this is not the case, I regret to say that you will need to find hosting elsewhere as we do not offer a DDoS protection service. Please let me know if you have any questions.Thanks! Jason Y "
In conclusion dreamhost can't help.
-
Thanks there cowboy. Dreamhost still has not replied. I think I'll keep everything tracked here just in case other people run into this DDOS problem in the future. So far this is what has happened:
- Dreamhost disabled our URL and we are still waiting for their response.
- I took the Database and transfered all files to a new domain.
- Launching a massive Adwords Campaign to make up for the loss of 3 days revenue.
The reason I decided to transfer the DB to a new domain was I don't want to be a sitting duck if Dreamhost says they can't help. I am pretty sure they can help, but I put into place my plan B just in case. I'll keep everyone posted.
-
Hey again Francisco, upon rereading your question, it looks like I went off half cocked when I answered it. I missed that you had solved the immediate problem and that you were wondering what course of action to takke if they don't stop. the attack
If someone continues deliberately attacking your site I'm thinking the only course of action is to change your domain name. It's not a good solution so I hope someone else chimes in with a better one.
-
Hello Francisco: Really sorry to hear bout this. Bummer!
I've never personally experienced a DDOS attack ,so I called the web host I use to get his advice. He said that Dreamhost should be able to offer some kind of DDOS mitigation service.He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
He also said that if the attack continued, they'd probably not want the account after a certain point. He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
One of the main reasons I use him is that he's always been helpful when I've had problems. He said that he'd be willing to host you for a month to see if he could help. His company name is TRK hosting
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
"Google chose different canonical than user" Issue Can Anyone help?
Our site https://www.travelyaari.com/ , some page are showing this error ("Google chose different canonical than user") on google webmasters. status message "Excluded from search results". Affected on our route page urls mainly. https://www.travelyaari.com/popular-routes-listing Our canonical tags are fine, rel alternate tags are fine. Can anyone help us regarding why it is happening?
White Hat / Black Hat SEO | | RobinJA0 -
Image redirection: Will it helps or hurts?
Hi all, There are some old images (non-existing now) from our website which have backlinks. We would like to redirect them to some live images to reclaim the backlinks. Is this Okay or sounds suspicious to Google? Thanks
White Hat / Black Hat SEO | | vtmoz0 -
Help with ranking
Hi Board users! I have a site that I don't understand why its not ranking. Its called JohnnyJet.com It has great domain authority and plenty of links. Looking at google webmaster tools I don't think there is a penalty. I have not done black hat stuff, so I am puzzled. I have a subdomain that stores some of my old content (some of it is duplicate) http://vintage.johnnyjet.com/home.asp The site has been around for ever, and I need help with a site audit to see what it is that I am missing. I know my long tail should rank much better. 2 questions: 1. Can you guys (board members) send me any insights if you take a peek 2. Can you tell me where to go to get an in-depth audit on my site -- I need a deep dive to get to the bottom of this 🙂 Thanks all!!
White Hat / Black Hat SEO | | coolhand19800 -
Got Google Manual penalty full Spam on my website
Here are Moz Metrics: http://prntscr.com/as3fp6 Site Url: www.financialprospect.com DA- 40 PA- 48 Spam Score - 0 RD- 68 Links No Loss in Backlink Profile I think my site is having much more spun content so can you suggest me the ways to re-index my site? How can i get my site back to google? Can you suggest any tool which give number of links already spun and then we may delete those posts. Looking for positive reply...!!!
White Hat / Black Hat SEO | | morisshibu1 -
A doorway-page vendor has made my SEO life a nightmare! Advice anyone!?
Hey Everyone, So I am the SEO at a mid-sized nationwide retailer and have been working there for almost a year and half. This retailer is an SEO nightmare. Imagine the worst possible SEO nightmare, and that is my unfortunate yet challenging everyday reality. In light of the new algorithm update that seems to be on the horizon from Google to further crack down on the usage of doorway pages, I am coming to the Moz community for some desperately needed help. Before I was employed here, the eCommerce director and SEM Manager connected with a vendor that told them basically that they can do a PPC version of SEO for long-tail keywords. This vendor sold them on the idea that they will never compete with our own organic content and can bring in incremental traffic and revenue due to all of this wonderful technology they have that is essentially just a scraper. So for the past three years, this vendor has been creating thousands of doorway pages that are hosted on their own server but our masked as our own pages. They do have a massive index / directory in HTML attached to our website and even upload their own XML site maps to our Google Web Master Tools. So even though they “own” the pages, they masquerade as our own organic pages. So what we have today is thousands upon thousands of product and category pages that are essentially built dynamically and regurgitated through their scraper / platform, whatever. ALL of these pages are incredibly thin in content and it’s beyond me how Panda has not exterminated them. ALL of these pages are built entirely for search engines, to the point that you would feel like the year was 1998. All of these pages are incredibly over- optimized with spam that really is equivalent to just stuffing in a ton of meta keywords. (like I said – 1998) Almost ALL of these scraped doorway pages cause an incredible amount of duplicate content issues even though the “account rep” swears up and down to the SEM Manager (who oversees all paid programs) that they do not. Many of the pages use other shady tactics such as meta refresh style bait and switching. For example: The page title in the SERP shows as: Personalized Watch Boxes When you click the SERP and land on the doorway page the title changes to: Personalized Wrist Watches. Not one actual watch box is listed. They are ALL simply the most god awful pages in terms of UX that you will ever come across BUT because of the sheer volume of this pages spammed deep within the site, they create revenue just playing the odds game. Executives LOVE revenue. Also, one of this vendor’s tactics when our budget spend is reduced for this program is to randomly pull a certain amount of their pages and return numerous 404 server errors until spend bumps back up. This causes a massive nightmare for me. I can go on and on but I think you get where I am going. I have spent a year and half campaigning to get rid of this black-hat vendor and I am finally right on the brink of making it happen. The only problem is, it will be almost impossible to not drop in revenue for quite some time when these pages are pulled. Even though I have helped create several organic pages and product categories that will pick-up the slack when these are pulled, it will still be awhile before the dust settles and stabilizes. I am going to stop here because I can write a novel and the millions of issues I have with this vendor and what they have done. I know this was a very long and open-ended essay of this problem I have presented to you guys in the Moz community and I apologize and would love to clarify anything I can. My actual questions would be: Has anyone gone through a similar situation as this or have experience dealing with a vendor that employs this type of black-hat tactic? Is there any advice at all that you can offer me or experiences that you can share that can help be as armed as I can when I eventually convince the higher-ups they need to pull the plug? How can I limit the bleeding and can I even remotely rely on Google LSI to serve my organic pages for the related terms of the pages that are now gone? Thank you guys so much in advance, -Ben
White Hat / Black Hat SEO | | VBlue1 -
Help with E-Commerce Product Pages
Hi, I need to find the best way to put my products on our e-commerce website. I have researched and researched but I thought I'd gather a range of ideas in here. Basically I have the following fields: Product Title
White Hat / Black Hat SEO | | YNWA
Product Description
Product Short Description SEO Title
Focus Keyword(s) (this is a feature of our CMS)
Meta Description The problem we have is we have a lot of duplicate content eg. 10 Armani Polos but then each one will be a different colour (but the model number is the same). I don't want to miss out on rankings because of this. What would you say is the best way to do this? My idea is this: Product Title: Armani Jeans Polo Shirt Blue
Product Description: Armani Jeans Polo Shirt in Blue Made from 100% cotton Armani Jeans Polo with Short Sleeves, Pique Collar and Button Up Collar. Designer Boutique Menswear are official stockists of Armani Jeans Polos.
Short Description: Blue Armani Jeans Polo SEO Title: Armani Jeans Polo Shirt Blue MA001 | Designer Boutique Menswear
Focus Keywords: Armani Jeans Polo Shirt
Meta Description: Blue Armani Jeans Polo Shirt. Made from 100% cotton. Designer Boutique Menswear are official stockists of Armani Polos. What are peoples thoughts on this? I would then run the same format across each of the different colours. Another question is on the product title and seo title, should these be exactly the same? And does it matter if I put the colour at the beginning or end of the title? Any help would be great.0 -
Please help? unique penguin problem with a blogger template
**Can any one help? The problem: **There is a free blogger template on this site http://btemplates.com/2012/blogger-template-crystalweb/ that has a anchor text link to our site using the keyword "wholesale" in the footer, that is the main course of our site being hit with a penguin penalty.**The story so far:**On the 24th April our website dropped out of the serps for our main keywords, traffic has been down 90% ever since, we are a small family run business that relies on the inter-net and goggle for our site to work. Goggle organic serps is about 30% of our turnover and have already had no choice to let 3 people go, problem now is we are left with Me, my Dad and Mum, Both my Brothers and nephew and my wife and my brothers wife so unless we can turn this around I can see us going bankrupt.**What I have done so far:**After the 24th I have learnt a lot about S.E.O , and managed to remove 99% of all bad/spammy links and have now come to a dead end. I have been promoting what we do as a company and promoting our blog over the last 4 months and also built a great twitter/facebook following with lots of re-tweets and shares which we have made some good sales from. We have re-designed most parts of our website and managed to up the conversion rate by 300% We have worked on all aspects of our website to make sure we have little/no duplicate content , have worked on ways to speed up the site and fixed most dead links/404 problems.<var id="yiv904548185yui-ie-cursor"></var>**Now onto our main problem:**After a few weeks of removing links I found a blogger page that kept coming up with the same link, after some detective work I found the template was originally designed by http://www.deluxetemplates.com/ after a few emails we found out that someone paid deluxetemplates to add the link to the site, I'm guessing it was a S.E.O. company we used for 2 years, but they did not admit to this and could not help. A guy called Klodian from deluxtemplates was really helpful and helped remove from his site, also he agreed to a cost of $250 to remove all the pictures on his server to force the blogger's to update, this is what the template from deluxtemplates now looks like vozconuncion.blogspot.co.uk .Now this was only helping fix this issue a small bit as a different site called btemplates also used the template and added it to there website as a free download and hosted the template pictures on there servers. I have emailed a few times, I have sent them twitter messages and also added messages to lots of there templates on there site in the hope they can help, I have also contacted the owner directly on his goggle+1 page but no reply. This template is being downloaded once or twice a day, with no way to get hold of the blogger's using it. As a last resort I offered the owner $1000 to help me remove the template but still no luck.Does anyone have any ideas how to resolve? we are willing to pay to resolve this and will do what ever needs to be done.Thank-you for taking the time to read.Karl.
White Hat / Black Hat SEO | | wcuk0 -
Anybody have useful advice to fix a very bad link profile?
Hello fellow mozzers. I am interested in getting the communities opinion on how to fix an extremely bad link profile, or whether it would be easier to start over on a new domain. This is for an e-commerce site that sells wedding rings. Prior to coming to our agency, the client had been using a different service that was doing some serious black hat linkbuilding on a truly staggering scale. Of the roughly 53,000 links that show up in OSE, 16,500 of them have the anchor text "wedding rings", 1,300 "wedding ring sets", etc. For contrast, there are only two "visit website", and just one domain name anchor text. So it is about the farthest from natural you can get. Anyway, the site traffic was doing great until the end of February, when it took a massive hit and lost over half the day to day traffic volume, and steadily declined until April 24th (Penguin), when it took another huge hit and lost almost 70% of traffic from Google. Note that the traffic from Yahoo/Bing stayed the same. So the question is, is it worth trying to clean up this mess of a backlink profile or would it be smarter to start fresh with a new domain?
White Hat / Black Hat SEO | | CustomCreatives0