HELP! My client got a DDOS Attack! Need advice
-
Here the setup:
-
Server is hosted inhouse. It got attacked using a DDOS from 20+ IP addresses spoofing in different counries. Our server overloaded and didn't work anymore.
-
URL is registered at GoDaddy.
-
Signed up at Dreamhost. We pointed DNS to Dreamhost successfully.
-
Attacks kept coming and messed up other sites on the Dreamhost shared server. We didn't know we were being followed at first. We originally thought they were attacking the IP address on our inhouse server.
-
Dreamhost noticed the attack and put us on a seperate IP and disabled our URL until the attacks 'stopped'.
MY QUESTION IS:
What do I do if they don't stop? Close shop? 99% of the business is internet driven. This has to be the blackest Blackhat SEO ever.
-
-
Thanks for sharing GKLA, Very useful information . Thanks you all!
-
Take a look at this option: http://www.cloudflare.com/features-security
-
These IP were spoofing from many countries. They would disappear in minutes. Anyway, we found the main IPs that were attacking. YES YOU ARE RIGHT about identifying the one common factor. At 1st we thought blocking IPs would work, but when that didn't work, we started blocking the 'sytle' they were using.
-
It looks like you got this resolved. We went through something similar many years ago but we were lucky because our website is for the US only. The attack was coming in from China, Russia and several other European countries.
We simply blocked all countries except the US, Mexico and Canada in our Firewall.
You just need to identify the one common factor in the attack and filter that out through your firewall.
-
Update:
Switched to Amazon Cloud and got Amazon involved. They helped out by providing some tools. Basically we filtered the attacks by not accepting IPs who were transferring a certain amount of packets. Woot Woot! We have been up and running now for about 6 days with no problem. All I know is that the attacker had a browser with a Russian Language. The site Ship Car Overseas survived!
-
Update:
We dropped Dreamhost.com since they couldn't help. They were useless in this area.
We copied the DB and pointed the URL in GoDaddy to our new host at Amazon Cloud. Well, the DDoS attacks a still coming in. The site was up for a short while (I'm talking minutes) then refreshed the pages and the ISP says the site wasn't there anymore. Damn, this attacker is relentless. I will be enabling the Amazon Balance Loader tomorrow. If this renders the DDoS attack ineffective, then Amazon solves it. But I won't find out until tomorrow.
-
Here is what dreamhost said:
" it does indeed look like you were getting attacked yet again. Unfortunately there isn't much you or myself can do in these cases.. I've disabled your domain again and will re-enable it in a week. I'm hoping that by then, the attacker has given up and moved on. If this is not the case, I regret to say that you will need to find hosting elsewhere as we do not offer a DDoS protection service. Please let me know if you have any questions.Thanks! Jason Y "
In conclusion dreamhost can't help.
-
Thanks there cowboy. Dreamhost still has not replied. I think I'll keep everything tracked here just in case other people run into this DDOS problem in the future. So far this is what has happened:
- Dreamhost disabled our URL and we are still waiting for their response.
- I took the Database and transfered all files to a new domain.
- Launching a massive Adwords Campaign to make up for the loss of 3 days revenue.
The reason I decided to transfer the DB to a new domain was I don't want to be a sitting duck if Dreamhost says they can't help. I am pretty sure they can help, but I put into place my plan B just in case. I'll keep everyone posted.
-
Hey again Francisco, upon rereading your question, it looks like I went off half cocked when I answered it. I missed that you had solved the immediate problem and that you were wondering what course of action to takke if they don't stop. the attack
If someone continues deliberately attacking your site I'm thinking the only course of action is to change your domain name. It's not a good solution so I hope someone else chimes in with a better one.
-
Hello Francisco: Really sorry to hear bout this. Bummer!
I've never personally experienced a DDOS attack ,so I called the web host I use to get his advice. He said that Dreamhost should be able to offer some kind of DDOS mitigation service.He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
He also said that if the attack continued, they'd probably not want the account after a certain point. He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
One of the main reasons I use him is that he's always been helpful when I've had problems. He said that he'd be willing to host you for a month to see if he could help. His company name is TRK hosting
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
I would like opinions on Brian Dean's training courses and his advice -- is it useful?
I would like opinions on Brian Dean's training courses and his advice -- has anyone used it successfully? Is it worth the cost? And useful?
White Hat / Black Hat SEO | | marketingdepartment.ch1 -
302 query - can someone help
If I were to put 302s on several reasonably ranked landing pages to drive more traffic/conversions for a period of one week to a particular page, would the pages with 302s drop from their positions in the SERPS? And is this a bad idea? I want to try and drive some conversions over the next month for a particular page… Thanks for your help!
White Hat / Black Hat SEO | | Jacksons_Fencing0 -
Strange client request
I have a client who attends an internet marketing meetup. I have been once myself. Good group of people but most seem lost when it comes to SEO and can't tell Black from White! Well today my client emailed me and in the email she mentioned doing a trick to the title tags. Client: "there is a trick to use with the title by putting keywords in quotes and parenthasis. I'm sure you know how to do that little trick. If we do it in the title and in the first few lines of the verbage it will soar us near the top and hopefully on the first page of Google." a few sentences later "We could use a tad more content on the first page ( with parantesis and quotes) to boost us up in the ratings. At least it is an easy trick to do." I have never heard of this. Has anyone else heard about this. Please share thoughts. It sounds completely bogus to me but I will be the first to admit that i don't know everything! However i would like to have more than just my opinion when I talk to my client. Let me know what you think.
White Hat / Black Hat SEO | | NateStewart0 -
Website that just got hit....Need some tips or ideas...
Hey guys, The website of the company i work hit in the PR update two days ago . A little history , the site was notice by Google about spam links around 5-6 months ago .
White Hat / Black Hat SEO | | WayneRooney
Since then there is a company that cleans all the spam links and manage all the disavow process. In the last penguin update ( about two months ago ) the site jumped like crazy in the ranking and stayed there ever since... In the last three months we create less than ten links to the site, and we have focus all our work to improve
the optimization of the site.
It should be noted that the company is investing a lot in social networks and all the work in the past 3 month are White and clean... Now, two days ago in the PR update (more or less) the site just dropped , but when i say dropped , it's 200 keys that was in page 1-2 that just want out to page 5-6-7. Like the website is gone, i never see something like this... The things that pass through my head: A lot of the links the linking to the site with high PR lost their pr and now they are worthless, but still this drop ? its to extreme.
Or that Google received the disavow and just disavow a lot of links.... Does anyone have any ideas or tips on the subject ? Thank you0 -
Penguin Hit, Looking for some advice from Takeshi Young
Hello, Takeshi had the good idea to compare google analytic traffic data to penguin updates. We may have got hit by Penguin 2.0 (#4) on May 22, 2013. There's nothing in GWT indicating it though. Most of our traffic is return customers, by the way. I've attached a Google Analytic Screenshot. It just happens to be the time when we removed a bunch of paid links. Will you look at this screenshot and make sure that it was Penguin, then give me some advice about 20 little blogs with keyword rich anchor text. 2 paid links that look editorial 1 sitewide paid link w/ keyword rich alt tag 1 more paid link that's an image near the footer on a single page, keyword rich anchor text. 1 paid link site with different types of links scattered across the site - 30 links total We have 70 links total - the above 25 are paid. penguin.gif
White Hat / Black Hat SEO | | BobGW0 -
HELP - Site architecture of E-Commerce Mega Menu - Linkjuice flow
Hi everyone, I hope you have a couple of mins to give me your opinion. Ecommerce site has around 2000 products, in english and spanish, and around only 70 hits per day if that. We have done a lot of optimisation on the site - Page Titles, URL's, Content, H1's, etc.... Everything on page is pretty much under control, except I am starting to realise the site architecture could be harming our SEO efforts. Once someone arrives on site they are language detected and do a 302 to either domain.com/EN or domain.com/ES depending on their preferred language. Then on the homepage, we have the big MEGA MENU - and we have
White Hat / Black Hat SEO | | bjs2010
CAT 1
SubCat 1
SubsubCat 1
SubsubCat 2
SubsubCat 3 Overall, there are 145 "categories". Plus links to some CMS pages, like Home, Delivery terms, etc... Each Main Category, contains the products of everything related to that category - so for example:
KITCHENWARE
COOKWARE BAKINWARE
SAUCEPANS BOWLS
FRYING PANS Kitchenware contains: ALL PRODUCTS OF SUBCATS BELOW, SO COOKWARE ITEMS, SAUCEPANS, FRYING PANS, BAKINGWARE, etc... plus links to those categories through breadcrumbs and a left hand nav in addition to the mega menu above. So once the bots hit the site, immediately they have this structure to deal with. Here is what stats look like:
Domain Authority: 18 www.domain.com/EN/
PA: 27
mR: 3.99
mT: 4.90 www.domain.com/EN/CAT 1
PA: 15
mR: 3.05
mT: 4.54 www.domain.com/EN/CAT 1/SUBCAT1
PA: 15
mR: 3.05
mT: 4.54 Product pages themselves - have a PA of 1 and no mR or mT. I really need some other opinions here - I am thinking of: Removing links in Nav menu so it only contains CAT1 and SUBCAT1 but DELETE SUBSUBCATS1 which represent around 80 links Remove products within the CAT1 page - eg., the CAT 1 would "tile" graphical links to subcategories, but not display products themselves. So products are only available right at the lowest part of the chain (which will be shortened) But I am willing to hear any other ideas please - maybe another alternative is to start building links to boost DA and linkjuice? Thanks all, Ben0 -
Attacked with spam links.
Our website was hit with the "Pharma hack", "Google Cloaking Hack", or "Blackhat SEO Spam". and Google showed in the results this website may be compromised. After cleaning out the hack from the website I chacked with the Seomoz tool Open Site Explorer and I found that they hacked 1000 of other websites and created links to my website. They were building a few 1000 links to the website with the clickable text "buy cheap online pharmacy". and more like that. This website www.washington23.com has been hacked and gives over 200 links to your website for pharmacy items. And Google considers this from your impotent links as i can see in webmasters. What can I do about it?
White Hat / Black Hat SEO | | Joseph-Green-SEO0 -
Does the SEOmoz Suggested Directory List Need to be Updated?
So, since Google updated their link schemes page (http://support.google.com/webmasters/bin/answer.py?hl=en&answer=66356) with avoid using "Low-quality directories", I've been thinking a lot about what makes a directory "low-quality". Obviously, this is important, or Google wouldn't have mentioned it. I was wondering if someone could explain to me how some of the directories suggested by SEOmoz at http://www.seomoz.org/directories are NOT low-quality, specifically some of the ones marked "General". The page lists stuff like busybits.com, for instance. One that I guess many are aware of, and yea it has a high home page PageRank, and it's got some history, and it's human-edited, ok great. But does it actually add any value to anyone that's not just looking to get a link? A page like http://busybits.com/Business/Others/2/ having (dofollow) listings like "Phone cards, Calling cards" "Insurance in Canada" .... ect. It just looks like an SEO backlink hub. No value at all to a user trying to discover new sites/content. Anyway, back to my main question, how is something like this NOT "low-quality"? Thank you
White Hat / Black Hat SEO | | MadeLoud4