HELP! My client got a DDOS Attack! Need advice
-
Here the setup:
-
Server is hosted inhouse. It got attacked using a DDOS from 20+ IP addresses spoofing in different counries. Our server overloaded and didn't work anymore.
-
URL is registered at GoDaddy.
-
Signed up at Dreamhost. We pointed DNS to Dreamhost successfully.
-
Attacks kept coming and messed up other sites on the Dreamhost shared server. We didn't know we were being followed at first. We originally thought they were attacking the IP address on our inhouse server.
-
Dreamhost noticed the attack and put us on a seperate IP and disabled our URL until the attacks 'stopped'.
MY QUESTION IS:
What do I do if they don't stop? Close shop? 99% of the business is internet driven. This has to be the blackest Blackhat SEO ever.
-
-
Thanks for sharing GKLA, Very useful information . Thanks you all!
-
Take a look at this option: http://www.cloudflare.com/features-security
-
These IP were spoofing from many countries. They would disappear in minutes. Anyway, we found the main IPs that were attacking. YES YOU ARE RIGHT about identifying the one common factor. At 1st we thought blocking IPs would work, but when that didn't work, we started blocking the 'sytle' they were using.
-
It looks like you got this resolved. We went through something similar many years ago but we were lucky because our website is for the US only. The attack was coming in from China, Russia and several other European countries.
We simply blocked all countries except the US, Mexico and Canada in our Firewall.
You just need to identify the one common factor in the attack and filter that out through your firewall.
-
Update:
Switched to Amazon Cloud and got Amazon involved. They helped out by providing some tools. Basically we filtered the attacks by not accepting IPs who were transferring a certain amount of packets. Woot Woot! We have been up and running now for about 6 days with no problem. All I know is that the attacker had a browser with a Russian Language. The site Ship Car Overseas survived!
-
Update:
We dropped Dreamhost.com since they couldn't help. They were useless in this area.
We copied the DB and pointed the URL in GoDaddy to our new host at Amazon Cloud. Well, the DDoS attacks a still coming in. The site was up for a short while (I'm talking minutes) then refreshed the pages and the ISP says the site wasn't there anymore. Damn, this attacker is relentless. I will be enabling the Amazon Balance Loader tomorrow. If this renders the DDoS attack ineffective, then Amazon solves it. But I won't find out until tomorrow.
-
Here is what dreamhost said:
" it does indeed look like you were getting attacked yet again. Unfortunately there isn't much you or myself can do in these cases.. I've disabled your domain again and will re-enable it in a week. I'm hoping that by then, the attacker has given up and moved on. If this is not the case, I regret to say that you will need to find hosting elsewhere as we do not offer a DDoS protection service. Please let me know if you have any questions.Thanks! Jason Y "
In conclusion dreamhost can't help.
-
Thanks there cowboy. Dreamhost still has not replied. I think I'll keep everything tracked here just in case other people run into this DDOS problem in the future. So far this is what has happened:
- Dreamhost disabled our URL and we are still waiting for their response.
- I took the Database and transfered all files to a new domain.
- Launching a massive Adwords Campaign to make up for the loss of 3 days revenue.
The reason I decided to transfer the DB to a new domain was I don't want to be a sitting duck if Dreamhost says they can't help. I am pretty sure they can help, but I put into place my plan B just in case. I'll keep everyone posted.
-
Hey again Francisco, upon rereading your question, it looks like I went off half cocked when I answered it. I missed that you had solved the immediate problem and that you were wondering what course of action to takke if they don't stop. the attack
If someone continues deliberately attacking your site I'm thinking the only course of action is to change your domain name. It's not a good solution so I hope someone else chimes in with a better one.
-
Hello Francisco: Really sorry to hear bout this. Bummer!
I've never personally experienced a DDOS attack ,so I called the web host I use to get his advice. He said that Dreamhost should be able to offer some kind of DDOS mitigation service.He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
He also said that if the attack continued, they'd probably not want the account after a certain point. He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
One of the main reasons I use him is that he's always been helpful when I've had problems. He said that he'd be willing to host you for a month to see if he could help. His company name is TRK hosting
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Need help determining how toxic this backlinking is
Okay, so my company has an SEO company already. However, we're trying to get people internally cross-trained on SEO, so I've been selected to kind of do a crash-course in SEO and look at our site from a new perspective. We are in the process of getting our old site ported over to a new one we've also created on Wordpress. I've been doing a LOT of online research, but this is definitely a very new field for me. Here's our current site: www.cedrsolutions.com So, here's my question: While doing some SEO-optimizing automatic tests on our site, I came across some weird backlinks to one of our pages: http://www.cedrsolutions.com/dental-office-manual/ http://en.calameo.com/read/003415063525a885728e7 Here's the thing: We didn't make this. It looks HORRIBLE, the copy is gibberish, and it looks weird. Doing some more searching, I started finding stuff like this https://lessons.engrade.com/dentalofficemanual/1 http://pumosust.over-blog.com/2014/09/how-to-get-customized-dental-office-manuals-online.html https://www.youtube.com/watch?v=egMonqa5eRo (???? I don't even understand how someone did this, the photo in the book is just the photo from our page) http://www.tuugo.in/Companies/cedr-hr-solutions/0150008267958#! http://www.webjam.com/dental_office_manual/$my_blog/2014/09/12/how_to_get_customized_dental_office_manuals_online Conservatively, I'd say there's at least 100 of these types of pages out there linking to us, maybe more Then I started finding comments on blogs http://blog.kenexa.com/hr-focus-on-increasing-revenue-not-just-managing-costs/ http://geekologie.com/2012/05/bad-ideas-boyfriend-visits-dentist-ex-da.php (some NSFW language on that one) So, my first thought is obviously "Okay, these are gibberish, over-optimized, and ALL of them are trying to bump our relevancy for something along the lines "Dental office manual" EDIT: I should also mention these links ALL just appeared out of thin air. A whole bunch in early July, and more in mid-September. They didn't just slowly accumulate. So (finally) here's my questions: 1. Did our current SEO company probably do this? The only thing they've mentioned before is that they were going to create some backlinks for us, with an assurance they'd be genuine links that would build Pagerank without getting us slapped by Google. 2. Am I correct in my opinion that these are toxic links that could get manual action taken against us by Google? I'm not sure how LIKELY it is (as again, there's only about 100 or so) but they seem to be violating multiple Google principles. With how often Google pushes out algorithm updates I feel like we could still get busted for this even if the links are like 6-7 months old and not sending us much traffic. I'm asking because I've been told to set up a conference call with the account manager at our current SEO place, and I want to know what I'm getting into. I might be wildly over-reacting about nothing, I might be kind of right but it's not that bad, or I might be 100% right and what they are doing is not cool at all, and could kill our SEO if we get busted by Google. I'm not sure which it is. Checking Google webmaster tools and analytics, I don't see any drops in organic traffic between July '14 and now, so I don't think we've been smacked by Google algorithm-wise. And there's no notice from Google of manual action being taken, or anything being wrong with our backlinks, so I'm fairly confident these links haven't hurt us at least as of today. I'm just worried going forward (especially when we finish the new site and submit it to Google to get crawled, the URLs will be the same) Sorry this was so long. I'm kind of nervous, honestly. On the one hand, these backlinks seem SUPER sketchy to me, but on the other hand, I don't KNOW any of this stuff. It sounds kind of ridiculous for me, someone with maybe 3 weeks of intense Google-education in SEO, to be questioning something a real, established SEO company is doing. I mean, I kind of have to assume they know better, right?
White Hat / Black Hat SEO | | CEDRSolutions1 -
E-Commerce Cart Migration SEO Advice
Hi all, First time post here. We operate a small ecommerce store and plan on moving cart, most likely from Interspire to Magento or possibly Prestashop. We want to be sure not to damage our current search rankings when making this move and ideally improve our rankings at the same time by utilizing the new cart’s <acronym title="Search Engine Optimization">seo</acronym> functionality as best we can. Stage 1 of the project will see us simply move our current store from one cart to another. For this move we are keeping our existing single domain and intend on moving our current set up without making many, if any changes to content, product descriptions , URL’s etc as we believe this best practice for ensuring our current rankings remain as they are- is such thinking correct? Or should we do otherwise Stage 2 would see us operate a multi lingual, multistore, with 4 domains operating with 1 back end. For the 3 new domains we are looking to set up these storefronts in whichever manner will be most beneficial from an <acronym title="Search Engine Optimization">seo</acronym> perspective We welcome any advice as to what we should consider? What we should and shouldn’t do? and best practices for this project Please advise if any other information is required to best answer our query Thanks for taking the time to read our post, any forthcoming tips and advice will be greatly appreciated
White Hat / Black Hat SEO | | StuSol0 -
Strange client request
I have a client who attends an internet marketing meetup. I have been once myself. Good group of people but most seem lost when it comes to SEO and can't tell Black from White! Well today my client emailed me and in the email she mentioned doing a trick to the title tags. Client: "there is a trick to use with the title by putting keywords in quotes and parenthasis. I'm sure you know how to do that little trick. If we do it in the title and in the first few lines of the verbage it will soar us near the top and hopefully on the first page of Google." a few sentences later "We could use a tad more content on the first page ( with parantesis and quotes) to boost us up in the ratings. At least it is an easy trick to do." I have never heard of this. Has anyone else heard about this. Please share thoughts. It sounds completely bogus to me but I will be the first to admit that i don't know everything! However i would like to have more than just my opinion when I talk to my client. Let me know what you think.
White Hat / Black Hat SEO | | NateStewart0 -
Do I need to use meta noindex for my new website before migration?
I just want to know your thoughts if it is necessary to add meta noindex nofollow tag in each page of my new website before migrating the old pages to new pages under a new domain? Would it be better if I'll just add a blockage in my robots.txt then remove it once we launch the new website? Thanks!
White Hat / Black Hat SEO | | esiow20130 -
Thin Content Pages: Adding more content really help?
Hello all, So I have a website that was hit hard by Panda back in 2012 November, and ever since the traffic continues to die week by week. The site doesnt have any major moz errors (aside from too many on page links). The site has about 2,700 articles and the text to html ratio is about 14.38%, so clearly we need more text in our articles and we need to relax a little on the number of pictures/links we add. We have increased the text to html ratio for all of our new articles that we put out, but I was wondering how beneficial it is to go back and add more text content to the 2,700 old articles that we have just sitting. Would this really be worth the time and investment? Could this help the drastic decline in traffic and maybe even help it grow?
White Hat / Black Hat SEO | | WebServiceConsulting.com0 -
Can image links help improve my backlinking profile?
I recently spent some time looking at the backlink profile of a leading UK food & clothing retailer and noticed that a high number of their backlinks for very competitive search phrase's consisted entirely of image backlinks. 50% of the links contained no alt text and other 50% contained a mix of just the targeted keyword or a phase containig one mention of the targeted keyword. Has anyone had any experiance of this type of marketing producing any positive effect on SEO or search engine rankings?
White Hat / Black Hat SEO | | BigJonOne0 -
Build Backlinks on this site? - Advice Please
Hello, I am trying to build some backlinks to my E-Commerce site and was wondering how you all view sites like this: http://www.bookmark4you.com/ If I were to put a listing for my company/site on that site, would that be considered a good backlink or a bad backlink (in terms of Google's guidelines)... There are a bunch of sites like these, online directory or bookmark sites, and i was wondering what the general opinion is on using them for backlinking purposes. Any help or advice would be greatly appreciated. THANKS!!
White Hat / Black Hat SEO | | Prime850 -
Please help? unique penguin problem with a blogger template
**Can any one help? The problem: **There is a free blogger template on this site http://btemplates.com/2012/blogger-template-crystalweb/ that has a anchor text link to our site using the keyword "wholesale" in the footer, that is the main course of our site being hit with a penguin penalty.**The story so far:**On the 24th April our website dropped out of the serps for our main keywords, traffic has been down 90% ever since, we are a small family run business that relies on the inter-net and goggle for our site to work. Goggle organic serps is about 30% of our turnover and have already had no choice to let 3 people go, problem now is we are left with Me, my Dad and Mum, Both my Brothers and nephew and my wife and my brothers wife so unless we can turn this around I can see us going bankrupt.**What I have done so far:**After the 24th I have learnt a lot about S.E.O , and managed to remove 99% of all bad/spammy links and have now come to a dead end. I have been promoting what we do as a company and promoting our blog over the last 4 months and also built a great twitter/facebook following with lots of re-tweets and shares which we have made some good sales from. We have re-designed most parts of our website and managed to up the conversion rate by 300% We have worked on all aspects of our website to make sure we have little/no duplicate content , have worked on ways to speed up the site and fixed most dead links/404 problems.<var id="yiv904548185yui-ie-cursor"></var>**Now onto our main problem:**After a few weeks of removing links I found a blogger page that kept coming up with the same link, after some detective work I found the template was originally designed by http://www.deluxetemplates.com/ after a few emails we found out that someone paid deluxetemplates to add the link to the site, I'm guessing it was a S.E.O. company we used for 2 years, but they did not admit to this and could not help. A guy called Klodian from deluxtemplates was really helpful and helped remove from his site, also he agreed to a cost of $250 to remove all the pictures on his server to force the blogger's to update, this is what the template from deluxtemplates now looks like vozconuncion.blogspot.co.uk .Now this was only helping fix this issue a small bit as a different site called btemplates also used the template and added it to there website as a free download and hosted the template pictures on there servers. I have emailed a few times, I have sent them twitter messages and also added messages to lots of there templates on there site in the hope they can help, I have also contacted the owner directly on his goggle+1 page but no reply. This template is being downloaded once or twice a day, with no way to get hold of the blogger's using it. As a last resort I offered the owner $1000 to help me remove the template but still no luck.Does anyone have any ideas how to resolve? we are willing to pay to resolve this and will do what ever needs to be done.Thank-you for taking the time to read.Karl.
White Hat / Black Hat SEO | | wcuk0
