HELP! My client got a DDOS Attack! Need advice
-
Here the setup:
-
Server is hosted inhouse. It got attacked using a DDOS from 20+ IP addresses spoofing in different counries. Our server overloaded and didn't work anymore.
-
URL is registered at GoDaddy.
-
Signed up at Dreamhost. We pointed DNS to Dreamhost successfully.
-
Attacks kept coming and messed up other sites on the Dreamhost shared server. We didn't know we were being followed at first. We originally thought they were attacking the IP address on our inhouse server.
-
Dreamhost noticed the attack and put us on a seperate IP and disabled our URL until the attacks 'stopped'.
MY QUESTION IS:
What do I do if they don't stop? Close shop? 99% of the business is internet driven. This has to be the blackest Blackhat SEO ever.
-
-
Thanks for sharing GKLA, Very useful information . Thanks you all!
-
Take a look at this option: http://www.cloudflare.com/features-security
-
These IP were spoofing from many countries. They would disappear in minutes. Anyway, we found the main IPs that were attacking. YES YOU ARE RIGHT about identifying the one common factor. At 1st we thought blocking IPs would work, but when that didn't work, we started blocking the 'sytle' they were using.
-
It looks like you got this resolved. We went through something similar many years ago but we were lucky because our website is for the US only. The attack was coming in from China, Russia and several other European countries.
We simply blocked all countries except the US, Mexico and Canada in our Firewall.
You just need to identify the one common factor in the attack and filter that out through your firewall.
-
Update:
Switched to Amazon Cloud and got Amazon involved. They helped out by providing some tools. Basically we filtered the attacks by not accepting IPs who were transferring a certain amount of packets. Woot Woot! We have been up and running now for about 6 days with no problem. All I know is that the attacker had a browser with a Russian Language. The site Ship Car Overseas survived!
-
Update:
We dropped Dreamhost.com since they couldn't help. They were useless in this area.
We copied the DB and pointed the URL in GoDaddy to our new host at Amazon Cloud. Well, the DDoS attacks a still coming in. The site was up for a short while (I'm talking minutes) then refreshed the pages and the ISP says the site wasn't there anymore. Damn, this attacker is relentless. I will be enabling the Amazon Balance Loader tomorrow. If this renders the DDoS attack ineffective, then Amazon solves it. But I won't find out until tomorrow.
-
Here is what dreamhost said:
" it does indeed look like you were getting attacked yet again. Unfortunately there isn't much you or myself can do in these cases.. I've disabled your domain again and will re-enable it in a week. I'm hoping that by then, the attacker has given up and moved on. If this is not the case, I regret to say that you will need to find hosting elsewhere as we do not offer a DDoS protection service. Please let me know if you have any questions.Thanks! Jason Y "
In conclusion dreamhost can't help.
-
Thanks there cowboy. Dreamhost still has not replied. I think I'll keep everything tracked here just in case other people run into this DDOS problem in the future. So far this is what has happened:
- Dreamhost disabled our URL and we are still waiting for their response.
- I took the Database and transfered all files to a new domain.
- Launching a massive Adwords Campaign to make up for the loss of 3 days revenue.
The reason I decided to transfer the DB to a new domain was I don't want to be a sitting duck if Dreamhost says they can't help. I am pretty sure they can help, but I put into place my plan B just in case. I'll keep everyone posted.
-
Hey again Francisco, upon rereading your question, it looks like I went off half cocked when I answered it. I missed that you had solved the immediate problem and that you were wondering what course of action to takke if they don't stop. the attack
If someone continues deliberately attacking your site I'm thinking the only course of action is to change your domain name. It's not a good solution so I hope someone else chimes in with a better one.
-
Hello Francisco: Really sorry to hear bout this. Bummer!
I've never personally experienced a DDOS attack ,so I called the web host I use to get his advice. He said that Dreamhost should be able to offer some kind of DDOS mitigation service.He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
He also said that if the attack continued, they'd probably not want the account after a certain point. He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
One of the main reasons I use him is that he's always been helpful when I've had problems. He said that he'd be willing to host you for a month to see if he could help. His company name is TRK hosting
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Curious, have you ever had a client dispute your Moz Ranking Report?
one of my international clients from China does not believe that his site is now on page #2 for a national search term. He said he had a colleague search from a location in the United States and his site did not come up in any of the top 10 Google search page results. Suggest any ways to back ranking up? Maybe use an additional rank report? appreciate any/all suggestions. THanks! Chris
White Hat / Black Hat SEO | | Sundance_Kidd0 -
Does linking older posts help?
Asking a blogger to add an anchor text into their old post that relates to my niche. does that help with backlinks? does the quality of backlinks determine by how new the post is or the page rank determines all? for example a new post with lesser page rank vs a old post with higher page rank which one is better to put your link on?
White Hat / Black Hat SEO | | andzon0 -
Does showing the date published for an article in the SERPS help or hurt click-through rate?
Does showing the date published for an article in the SERPS help or hurt click-through rate?
White Hat / Black Hat SEO | | WebServiceConsulting.com1 -
I'm Getting Attacked, What Can I Do?
I recently noticed a jump in my Crawl Errors in Google Webmaster Tools. Upon further investigation I found hundreds of the most spammy web pages I've ever seen pointing to my domain (although all going to 404 errors): http://blurchelsanog1980.blog.com/ http://lenitsky.wordpress.com/ These are all created within the last week. A. What the hell is going on? B. Should I be very concerned? (because they are 404 errors) C. What should my next steps be? Any help would be greatly appreciated.
White Hat / Black Hat SEO | | CleanEdisonInc0 -
My Website Just Got Penalized
I had a website that recently got penalized. The pagerank dropped to zero on the homepage and moved to page 200 on google. I checked manual actions on my site in web mastertools and it says that no webspam is found. I am curious to find out why my website would drop. I had a a network of 5 blogs that I was linking to the site that also lost page rank but theres is N/A now. I am thinking thats where the trouble started because i did not use no follow. Question 1 My question is if I remove all the links to the other site or make them no follow will the penalty lift. I am thinking that the penalty is an automated on and not a manual one. Does any one have experience with automated penalties? Did they lift after you fixed the issues. Did you regain most of your original rankings? Question 2 What happens to all my blogs. I spent all lot of money on have posts written for it. Can any of the content be salvaged. I have over 1000 pages written on 5 different blogs. I can send you a list of the urls so you can see what I am talking about.
White Hat / Black Hat SEO | | WindshieldGuy-2762210 -
Do legitimately earned links from unrelated sites help or hurt?
We have a few charity events coming up that have offered to link back to our homepage. While we do genuinely like the charities we are going to sponsor, I'm not sure how those links will look seo-wise. For example, one is for the local high school basketball team and another is for a Pediatric Care Mud Run. To a human, these links make perfect sense, but to a robot, I'm not sure if it differentiates these links from spam/some negative link. Granted, I understand that a small percentage of links probably won't do anything either way, but I'd like to ignore that for the purposes of my question. All things being equal, do links such as these help or hurt? Thanks for your time and insight, Ruben
White Hat / Black Hat SEO | | KempRugeLawGroup0 -
NEED HELP, Figuring Out Ranking Drop!
Hello, I need help from somebody, anybody, in trying to figure out why my site dropped so much for the keyword “wildblue” and “wild blue”. On the week of Feb. 13, 2012, my website jumped from middle of the first page to the fourth page, and then a week or two later jumped completely out of the index (or at least off the top 5 pages). We do not engage in any deceptive practices. Our entire website is centered around this keyword, and we are very relevant, and have informative and continually updated content for visitors. I thought at first we got hit by Panda, but our overall organic traffic has not decreased, it has actually been steadily increasing compared to same time last year. I have tried over the past several months to get us back up, or at least figure out what happened, with no luck. If anyone could advise me on what might have happened, how to correct it, or even has any ideas of how I could figure out what happened I would greatly appreciate it. Website is: http://www.mybluedish.com
White Hat / Black Hat SEO | | MyNet0 -
My Google PR is Decreasing HELP!
We have just started in on an SEO campaign after a year or so break from engaging in active SEO efforts. Our rankings and organic traffic seems to be increasing but we just dropped from a PR 5 to a PR 4 after being a PR 5 for probably a couple years. We are not doing anything black hat or sketchy and try hard to make sure all of our links are relevant and quality links. Does anyone know why this might have happened or if it is an indication of anything?
White Hat / Black Hat SEO | | MyNet0