HELP! My client got a DDOS Attack! Need advice
-
Here the setup:
-
Server is hosted inhouse. It got attacked using a DDOS from 20+ IP addresses spoofing in different counries. Our server overloaded and didn't work anymore.
-
URL is registered at GoDaddy.
-
Signed up at Dreamhost. We pointed DNS to Dreamhost successfully.
-
Attacks kept coming and messed up other sites on the Dreamhost shared server. We didn't know we were being followed at first. We originally thought they were attacking the IP address on our inhouse server.
-
Dreamhost noticed the attack and put us on a seperate IP and disabled our URL until the attacks 'stopped'.
MY QUESTION IS:
What do I do if they don't stop? Close shop? 99% of the business is internet driven. This has to be the blackest Blackhat SEO ever.
-
-
Thanks for sharing GKLA, Very useful information . Thanks you all!
-
Take a look at this option: http://www.cloudflare.com/features-security
-
These IP were spoofing from many countries. They would disappear in minutes. Anyway, we found the main IPs that were attacking. YES YOU ARE RIGHT about identifying the one common factor. At 1st we thought blocking IPs would work, but when that didn't work, we started blocking the 'sytle' they were using.
-
It looks like you got this resolved. We went through something similar many years ago but we were lucky because our website is for the US only. The attack was coming in from China, Russia and several other European countries.
We simply blocked all countries except the US, Mexico and Canada in our Firewall.
You just need to identify the one common factor in the attack and filter that out through your firewall.
-
Update:
Switched to Amazon Cloud and got Amazon involved. They helped out by providing some tools. Basically we filtered the attacks by not accepting IPs who were transferring a certain amount of packets. Woot Woot! We have been up and running now for about 6 days with no problem. All I know is that the attacker had a browser with a Russian Language. The site Ship Car Overseas survived!
-
Update:
We dropped Dreamhost.com since they couldn't help. They were useless in this area.
We copied the DB and pointed the URL in GoDaddy to our new host at Amazon Cloud. Well, the DDoS attacks a still coming in. The site was up for a short while (I'm talking minutes) then refreshed the pages and the ISP says the site wasn't there anymore. Damn, this attacker is relentless. I will be enabling the Amazon Balance Loader tomorrow. If this renders the DDoS attack ineffective, then Amazon solves it. But I won't find out until tomorrow.
-
Here is what dreamhost said:
" it does indeed look like you were getting attacked yet again. Unfortunately there isn't much you or myself can do in these cases.. I've disabled your domain again and will re-enable it in a week. I'm hoping that by then, the attacker has given up and moved on. If this is not the case, I regret to say that you will need to find hosting elsewhere as we do not offer a DDoS protection service. Please let me know if you have any questions.Thanks! Jason Y "
In conclusion dreamhost can't help.
-
Thanks there cowboy. Dreamhost still has not replied. I think I'll keep everything tracked here just in case other people run into this DDOS problem in the future. So far this is what has happened:
- Dreamhost disabled our URL and we are still waiting for their response.
- I took the Database and transfered all files to a new domain.
- Launching a massive Adwords Campaign to make up for the loss of 3 days revenue.
The reason I decided to transfer the DB to a new domain was I don't want to be a sitting duck if Dreamhost says they can't help. I am pretty sure they can help, but I put into place my plan B just in case. I'll keep everyone posted.
-
Hey again Francisco, upon rereading your question, it looks like I went off half cocked when I answered it. I missed that you had solved the immediate problem and that you were wondering what course of action to takke if they don't stop. the attack
If someone continues deliberately attacking your site I'm thinking the only course of action is to change your domain name. It's not a good solution so I hope someone else chimes in with a better one.
-
Hello Francisco: Really sorry to hear bout this. Bummer!
I've never personally experienced a DDOS attack ,so I called the web host I use to get his advice. He said that Dreamhost should be able to offer some kind of DDOS mitigation service.He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
He also said that if the attack continued, they'd probably not want the account after a certain point. He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
One of the main reasons I use him is that he's always been helpful when I've had problems. He said that he'd be willing to host you for a month to see if he could help. His company name is TRK hosting
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
302 query - can someone help
If I were to put 302s on several reasonably ranked landing pages to drive more traffic/conversions for a period of one week to a particular page, would the pages with 302s drop from their positions in the SERPS? And is this a bad idea? I want to try and drive some conversions over the next month for a particular page… Thanks for your help!
White Hat / Black Hat SEO | | Jacksons_Fencing0 -
Got Google Manual penalty full Spam on my website
Here are Moz Metrics: http://prntscr.com/as3fp6 Site Url: www.financialprospect.com DA- 40 PA- 48 Spam Score - 0 RD- 68 Links No Loss in Backlink Profile I think my site is having much more spun content so can you suggest me the ways to re-index my site? How can i get my site back to google? Can you suggest any tool which give number of links already spun and then we may delete those posts. Looking for positive reply...!!!
White Hat / Black Hat SEO | | morisshibu1 -
Advice needed! How to clear a website of a Wordpress Spam Link Injection Google penalty?
Hi Guys, I am currently working on website that has been penalised by Google for a spam link injection. The website was hacked and 17,000 hidden links were injected. All the links have been removed and the site has subsequently been redesigned and re-built. That was the easy part 🙂 The problems comes when I look on Webmaster. Google is showing 1000's of internal spam links to the homepage and other pages within the site. These pages do not actually exist as they were cleared along with all the other spam links. I do believe though this is causing problems with the websites rankings. Certain pages are not ranking on Google and the homepage keyword rankings are fluctuating massively. I have reviewed the website's external links and these are all fine. Does anyone have any experience of this and can provide any recommendations / advice for clearing the site from Google penalty? Thanks, Duncan
White Hat / Black Hat SEO | | CayenneRed890 -
Help needed i have lost huge rankings
help needed guys, i run a website http://www.happyhop.co.za they sell jumping castles, and thats it, i have worked on this site for the last 3 years and its been preforming very well, after the 2.0 penguin update I lost huge rankings was 1 in google for jumping castles now on page 10... I went onto webmaster tools reviewed Manual Actions got this (No manual webspam actions found.) then reviewed my links, ran them through http://www.penguinanalysis.com and my score came back at 125% which is high, but then ran a competitor who is ranking number 1 and they are at 145%... i have now disavowed a few bad links, and have removed alt tags on my blog http://www.happyhop.co.za/News-and-Articles .... the articles I write are not bloggy and are informative. I then sent Google a manual reconsideration request, but havent heard back from them? Still nothing has changed and its been over 3 weeks. Can anyone help me.
White Hat / Black Hat SEO | | nick_pageone0 -
Please Help- Confusion about how to Avoid Keyword Self-Cannibalization and Keyword Stuffing
I am pretty much a rookie when it comes to the SEO game and to be completely honest SEO is really confusing. I just recently started using MOZ and I was looking at my On-Page report and I saw that I needed to correct some “Avoid Keyword Self-Cannibalization” errors. So I looked at the error and the fix. Here is what MOZ gave me. Cannibalizing link "How to make a fake diploma", "How to get a fake diploma", "Making a Fake High School Diploma", "Fake Diploma Template", and "Framing your fake diploma" Explanation It's a best practice in SEO to target each keyword with a single page on your site (sometimes two if you've already achieved high rankings and are seeking a second, indented listing). To prevent engines from potentially seeing a signal that this page is not the intended ranking target and creating additional competition for your page, we suggest staying away from linking internally to another page with the target keyword(s) as the exact anchor text. Note that using modified versions is sometimes fine (for example, if this page targeted the word 'elephants', using 'baby elephants' in anchor text would be just fine). Recommendation Unless there is intent to rank multiple pages for the target keyword, it may be wise to modify the anchor text of this link so it is not an exact match. This error is for my Hompage(http://www.fake-diploma.com) for the keyword Fake Diploma. My understanding is that for Self-Cannibalization to occur I would have to have a link on this page pointing to another page using "Fake Diploma" as my anchor text since I want this page to rank for Fake Diploma. I do have the right hand sidebar which contains my most recent posts and some of my titles do include Fake Diploma. How to make a Fake Diploma
White Hat / Black Hat SEO | | diplomajim
Fake Diploma Template
Framing your Fake Diploma
To me theses are separate longtail keywords. While they do include Fake Diploma in them I thought theses were fine because they are not an Exact Match to each other nor are they an Exact Match to “Fake Diploma”. Am I wrong about this? Secondly I reached out on another Forum trying to get a better understanding of this and just got even more confused. I was told that I am also Keyword Stuffing and could be penalized. They said because I have Fake Diploma in most of my article titles that I am Stuffing Fake Diploma. I am in a Niche Market and of course most of my titles include Fake Diploma because that is what my entire site is about. I used the Google Keyword Tool and searched Fake Diploma and it gave me a list of about 79 related keywords like: Make a Fake Diploma Online
Create a Fake Diploma
Fake Diploma Software This is just a few of the many that I have. I thought the best way to rank for a keyword was to actually write a post about that Keyword and use it as the title of the article. I am not over using the Keyword in the actual article and I maybe have a Keyword density of about 2-5%. I thought Keyword Stuffing was where you actually used the Keyword like 50 times and also just added random Keywords to the article that did not belong. Please help me with any insights you can offer. I feel like I am doing all of this completely wrong.0 -
SEO expert advice needed :)
So I have a niche site that I'm pretty sure has received an over-optimization penalty. This was about nine months ago or so. I haven’t really done much with the site since however I’d like the site to start appearing in the serps again, as I am adding fresh content and trying to create a really useful resource. I don't appear in the serps for any keywords related to my niche anymore. The site IS still indexed though. I didn't get any messages telling me that I was penalized so I don't think it was manual. I didn't use any spam or anything like that but I believe the penalty was probably for anchor text over-optimization and/or too many links to non-home page urls in comparison to the total amount of links the site had. I know removing these links or changing the anchor can help but the thing is the site only has about 30 total linking root domains pointed at it. So I was wondering if I could just add more links to other pages/the home page and add more links with varied anchors/naked urls to change the ratios and make it appear more natural. Now, would/could this fix my penalty? I am frustrated that I even received a penalty at all because much of my competition is ranking for fairly competitive terms with no real solid links pointed at their site and tons of comment spam. I have some relevant links/quality links so I am hoping that fixing this penalty could help put me back where I was before I got knocked into oblivion. There is one example of a competitor with a PR0 site getting good traffic and ranking for some nice keywords with only a bunch of self-set up web properties (and some comment spam) containing one only page for the purpose of linking back to their money site (blogspot, wordpress, weebly, mywebstarts ect). On top of that a lot of the sites I'm competing again are MFA, garbage sites that are written by non-native English speakers that offer zero value to the visitor. I need to start out ranking these spammers again. What should I do? thanks!
White Hat / Black Hat SEO | | jmckiernan86_gmail.com0 -
Anybody have useful advice to fix a very bad link profile?
Hello fellow mozzers. I am interested in getting the communities opinion on how to fix an extremely bad link profile, or whether it would be easier to start over on a new domain. This is for an e-commerce site that sells wedding rings. Prior to coming to our agency, the client had been using a different service that was doing some serious black hat linkbuilding on a truly staggering scale. Of the roughly 53,000 links that show up in OSE, 16,500 of them have the anchor text "wedding rings", 1,300 "wedding ring sets", etc. For contrast, there are only two "visit website", and just one domain name anchor text. So it is about the farthest from natural you can get. Anyway, the site traffic was doing great until the end of February, when it took a massive hit and lost over half the day to day traffic volume, and steadily declined until April 24th (Penguin), when it took another huge hit and lost almost 70% of traffic from Google. Note that the traffic from Yahoo/Bing stayed the same. So the question is, is it worth trying to clean up this mess of a backlink profile or would it be smarter to start fresh with a new domain?
White Hat / Black Hat SEO | | CustomCreatives0 -
My Google PR is Decreasing HELP!
We have just started in on an SEO campaign after a year or so break from engaging in active SEO efforts. Our rankings and organic traffic seems to be increasing but we just dropped from a PR 5 to a PR 4 after being a PR 5 for probably a couple years. We are not doing anything black hat or sketchy and try hard to make sure all of our links are relevant and quality links. Does anyone know why this might have happened or if it is an indication of anything?
White Hat / Black Hat SEO | | MyNet0