HELP! My client got a DDOS Attack! Need advice
-
Here the setup:
-
Server is hosted inhouse. It got attacked using a DDOS from 20+ IP addresses spoofing in different counries. Our server overloaded and didn't work anymore.
-
URL is registered at GoDaddy.
-
Signed up at Dreamhost. We pointed DNS to Dreamhost successfully.
-
Attacks kept coming and messed up other sites on the Dreamhost shared server. We didn't know we were being followed at first. We originally thought they were attacking the IP address on our inhouse server.
-
Dreamhost noticed the attack and put us on a seperate IP and disabled our URL until the attacks 'stopped'.
MY QUESTION IS:
What do I do if they don't stop? Close shop? 99% of the business is internet driven. This has to be the blackest Blackhat SEO ever.
-
-
Thanks for sharing GKLA, Very useful information . Thanks you all!
-
Take a look at this option: http://www.cloudflare.com/features-security
-
These IP were spoofing from many countries. They would disappear in minutes. Anyway, we found the main IPs that were attacking. YES YOU ARE RIGHT about identifying the one common factor. At 1st we thought blocking IPs would work, but when that didn't work, we started blocking the 'sytle' they were using.
-
It looks like you got this resolved. We went through something similar many years ago but we were lucky because our website is for the US only. The attack was coming in from China, Russia and several other European countries.
We simply blocked all countries except the US, Mexico and Canada in our Firewall.
You just need to identify the one common factor in the attack and filter that out through your firewall.
-
Update:
Switched to Amazon Cloud and got Amazon involved. They helped out by providing some tools. Basically we filtered the attacks by not accepting IPs who were transferring a certain amount of packets. Woot Woot! We have been up and running now for about 6 days with no problem. All I know is that the attacker had a browser with a Russian Language. The site Ship Car Overseas survived!
-
Update:
We dropped Dreamhost.com since they couldn't help. They were useless in this area.
We copied the DB and pointed the URL in GoDaddy to our new host at Amazon Cloud. Well, the DDoS attacks a still coming in. The site was up for a short while (I'm talking minutes) then refreshed the pages and the ISP says the site wasn't there anymore. Damn, this attacker is relentless. I will be enabling the Amazon Balance Loader tomorrow. If this renders the DDoS attack ineffective, then Amazon solves it. But I won't find out until tomorrow.
-
Here is what dreamhost said:
" it does indeed look like you were getting attacked yet again. Unfortunately there isn't much you or myself can do in these cases.. I've disabled your domain again and will re-enable it in a week. I'm hoping that by then, the attacker has given up and moved on. If this is not the case, I regret to say that you will need to find hosting elsewhere as we do not offer a DDoS protection service. Please let me know if you have any questions.Thanks! Jason Y "
In conclusion dreamhost can't help.
-
Thanks there cowboy. Dreamhost still has not replied. I think I'll keep everything tracked here just in case other people run into this DDOS problem in the future. So far this is what has happened:
- Dreamhost disabled our URL and we are still waiting for their response.
- I took the Database and transfered all files to a new domain.
- Launching a massive Adwords Campaign to make up for the loss of 3 days revenue.
The reason I decided to transfer the DB to a new domain was I don't want to be a sitting duck if Dreamhost says they can't help. I am pretty sure they can help, but I put into place my plan B just in case. I'll keep everyone posted.
-
Hey again Francisco, upon rereading your question, it looks like I went off half cocked when I answered it. I missed that you had solved the immediate problem and that you were wondering what course of action to takke if they don't stop. the attack
If someone continues deliberately attacking your site I'm thinking the only course of action is to change your domain name. It's not a good solution so I hope someone else chimes in with a better one.
-
Hello Francisco: Really sorry to hear bout this. Bummer!
I've never personally experienced a DDOS attack ,so I called the web host I use to get his advice. He said that Dreamhost should be able to offer some kind of DDOS mitigation service.He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
He also said that if the attack continued, they'd probably not want the account after a certain point. He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
One of the main reasons I use him is that he's always been helpful when I've had problems. He said that he'd be willing to host you for a month to see if he could help. His company name is TRK hosting
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
HELP! My website has been penalized - what did I do wrong?
I have been working on a website Zing.co.nz and have made a sub domain blog.zing.co.nz. The website is for a company that is yet to launch, so I have been boosting traffic by writing blog posts about the topic (loans) on the subdomain. I pushed some traffic to the actual website too. We were climbing the rankings for our brand name but have all of a sudden started to drop. The domain authority was something like 0.9 and has dropped to 0.3. (Using SEO Spyglass) The blog was somewhere similar, but has dropped to 0.0!!! Please help in anyway you can. These changes have happened within the last 48 hours. Zing.co.nz Blog.zing.co.nz
White Hat / Black Hat SEO | | Startupfactory0 -
What is your SEO agency doing in terms of link building for clients?
What are you or your SEO agency doing for your client's link building efforts? What are you (or the agency) doing yourself, or out-sourcing, or having the client do for link building? If a new client needs some serious link building done, what do you prescribe and implement straight off the bat? What are your go-to link building tactics for clients? What are the link building challenges faced by your agency in 2013/2014? What's working for your agency and what's not? Does your agency work closely with the client's marketing department to gain link traction? If so, what are collaborating on? What else might you be willing to share about your agencies link building practices? Thanks
White Hat / Black Hat SEO | | Martin_S0 -
Small help with title tags
Hello all, this is my first question on Moz, i can see lots of people use it. Overall great community. I have a question, about title tags, ive done some keyword re-searches via Adwords-Keyword planner. And i need help combining the title tag for my pages. This are my most searched keywords:
White Hat / Black Hat SEO | | legendz
Main keyword - ACE Online Related keywords : Private Server Top 100 Download Gameplay Guide Now ive combined my title :
ACE Online Private Server - Top 100, Download, Gameplay, Guide Do you think this is good writen title or something its bad, i really cant deside. Please help0 -
A client/Spam penalty issue
Wondering if I could pick the brains of those with more wisdom than me... Firstly, sorry but unable to give the client's url on this topic. I know that will not help with people giving answers but the client would prefer it if this thread etc didn't appear when people type their name in google. Right, to cut a long story short..gained a new client a few months back, did the usual things when starting the project of reviewing the backlinks using OSE and Majestic. There were a few iffy links but got most of those removed. In the last couple of months have been building backlinks via guest blogging and using bloggerlinkup and myblogguest (and some industry specific directories found using linkprospector tool). All way going well, the client were getting about 2.5k hits a day, on about 13k impressions. Then came the last Google update. The client were hit, but not massively. Seemed to drop from top 3 for a lot of keywords to average position of 5-8, so still first page. The traffic went down after this. All the sites which replaced the client were the big name brands in the niche (home improvement, sites such as BandQ, Homebase, for the fellow UK'ers). This was annoying but understandable. However, on 27th June. We got the following message in WMT - Google has detected a pattern of artificial or unnatural links pointing to your site. Buying links or participating in link schemes in order to manipulate PageRank are violations of Google's Webmaster Guidelines.
White Hat / Black Hat SEO | | GrumpyCarl
As a result, Google has applied a manual spam action to xxxx.co.uk/. There may be other actions on your site or parts of your site. This was a shock to say the least. A few days later the traffic on the site went down more and the impressions dropped to about 10k a day (oddly the rankings seem to be where they were after the Google update so perhaps a delayed message). To get back up to date....after digging around more it appears there are a lot of SENUKE type links to the site - links on poor wiki sites,a lot of blog commenting links, mostly from irrelevant sites, i enclose a couple of examples below. I have broken the links so they don't get any link benefit from this site. They are all safe for work http:// jonnyhetherington. com/2012/02/i-need-a-new-bbq/?replytocom=984 http:// www.acgworld. cn/archives/529/comment-page-3 In addition to this there is a lot of forum spam, links from porn sites and links from sites with Malware warnings. To be honest, it is almost perfect negative seo!! I contacted several of the sites in question (about 450) and requested they remove the links, the vast majority of the sites have no contact on them so I cannot get the links removed. I did a disavow on these links and then a reconsideration request but was told that this is unsuccessful as the site still was being naughty. Given that I can neither remove the links myself or get Google to ignore them, my options for lifting this penalty are limited. What would be the course of action others would take, please. Thanks and sorry for overally long post0 -
Help figuring out if certain paid directories are worth it
The person in my position previously had quite a few paid directories our site was listed on. What is the best resources you guys have used or know of to figure out which ones are good to keep? For instance one that is up for renewal this week is site-sift.com. I know the person previous to me did some not so ethical stuff and I'm trying to clean up messes. Any advice on directories would be much appreciated.
White Hat / Black Hat SEO | | inhouseninja0 -
Build Backlinks on this site? - Advice Please
Hello, I am trying to build some backlinks to my E-Commerce site and was wondering how you all view sites like this: http://www.bookmark4you.com/ If I were to put a listing for my company/site on that site, would that be considered a good backlink or a bad backlink (in terms of Google's guidelines)... There are a bunch of sites like these, online directory or bookmark sites, and i was wondering what the general opinion is on using them for backlinking purposes. Any help or advice would be greatly appreciated. THANKS!!
White Hat / Black Hat SEO | | Prime850 -
Black Hat? Is it really possible my new client paid someone to SEO the word "here"?
I just took on a client and first thing I saw in Webmaster Tools was the dreaded "Unnatural Link Patterns" message dated Apr 7th, 2012. MajesticSEO is reporting 212 backlinks, OSE is reporting 251. Nothing out of the ordinary, in fact they only anchor text is their brand. However, we then ran an SEO PowerSuite Crawl and found 429 backlinks with 78.1% of links use the anchor text "here" and 77.9% of all links point to the same URL. If this is indeed true I can see why they got the message from Google. The company has admitted they hired a service to do SEO for $299/mo for several months but when they saw no results they quit. Could this company really have gone after "here". It not, I can't find anything that would give them the message they got from Google Webmaster Tools.
White Hat / Black Hat SEO | | Dweber0 -
Would the same template landing page (placed on 50+ targeted domains) help or hurt my ranking?
Scenario: Company ABC has 50 related domains that are being forwarding to the main company URL. Q1: Would there be SEO value by creating a template landing page for each domain that includes product info, photos and keyword links to the main URL? Q2: If all 50+ landing pages were the same, would that penalize the main site due to duplicate content?
White Hat / Black Hat SEO | | brianmeert0