HELP! My client got a DDOS Attack! Need advice
-
Here the setup:
-
Server is hosted inhouse. It got attacked using a DDOS from 20+ IP addresses spoofing in different counries. Our server overloaded and didn't work anymore.
-
URL is registered at GoDaddy.
-
Signed up at Dreamhost. We pointed DNS to Dreamhost successfully.
-
Attacks kept coming and messed up other sites on the Dreamhost shared server. We didn't know we were being followed at first. We originally thought they were attacking the IP address on our inhouse server.
-
Dreamhost noticed the attack and put us on a seperate IP and disabled our URL until the attacks 'stopped'.
MY QUESTION IS:
What do I do if they don't stop? Close shop? 99% of the business is internet driven. This has to be the blackest Blackhat SEO ever.
-
-
Thanks for sharing GKLA, Very useful information . Thanks you all!
-
Take a look at this option: http://www.cloudflare.com/features-security
-
These IP were spoofing from many countries. They would disappear in minutes. Anyway, we found the main IPs that were attacking. YES YOU ARE RIGHT about identifying the one common factor. At 1st we thought blocking IPs would work, but when that didn't work, we started blocking the 'sytle' they were using.
-
It looks like you got this resolved. We went through something similar many years ago but we were lucky because our website is for the US only. The attack was coming in from China, Russia and several other European countries.
We simply blocked all countries except the US, Mexico and Canada in our Firewall.
You just need to identify the one common factor in the attack and filter that out through your firewall.
-
Update:
Switched to Amazon Cloud and got Amazon involved. They helped out by providing some tools. Basically we filtered the attacks by not accepting IPs who were transferring a certain amount of packets. Woot Woot! We have been up and running now for about 6 days with no problem. All I know is that the attacker had a browser with a Russian Language. The site Ship Car Overseas survived!
-
Update:
We dropped Dreamhost.com since they couldn't help. They were useless in this area.
We copied the DB and pointed the URL in GoDaddy to our new host at Amazon Cloud. Well, the DDoS attacks a still coming in. The site was up for a short while (I'm talking minutes) then refreshed the pages and the ISP says the site wasn't there anymore. Damn, this attacker is relentless. I will be enabling the Amazon Balance Loader tomorrow. If this renders the DDoS attack ineffective, then Amazon solves it. But I won't find out until tomorrow.
-
Here is what dreamhost said:
" it does indeed look like you were getting attacked yet again. Unfortunately there isn't much you or myself can do in these cases.. I've disabled your domain again and will re-enable it in a week. I'm hoping that by then, the attacker has given up and moved on. If this is not the case, I regret to say that you will need to find hosting elsewhere as we do not offer a DDoS protection service. Please let me know if you have any questions.Thanks! Jason Y "
In conclusion dreamhost can't help.
-
Thanks there cowboy. Dreamhost still has not replied. I think I'll keep everything tracked here just in case other people run into this DDOS problem in the future. So far this is what has happened:
- Dreamhost disabled our URL and we are still waiting for their response.
- I took the Database and transfered all files to a new domain.
- Launching a massive Adwords Campaign to make up for the loss of 3 days revenue.
The reason I decided to transfer the DB to a new domain was I don't want to be a sitting duck if Dreamhost says they can't help. I am pretty sure they can help, but I put into place my plan B just in case. I'll keep everyone posted.
-
Hey again Francisco, upon rereading your question, it looks like I went off half cocked when I answered it. I missed that you had solved the immediate problem and that you were wondering what course of action to takke if they don't stop. the attack
If someone continues deliberately attacking your site I'm thinking the only course of action is to change your domain name. It's not a good solution so I hope someone else chimes in with a better one.
-
Hello Francisco: Really sorry to hear bout this. Bummer!
I've never personally experienced a DDOS attack ,so I called the web host I use to get his advice. He said that Dreamhost should be able to offer some kind of DDOS mitigation service.He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
He also said that if the attack continued, they'd probably not want the account after a certain point. He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
One of the main reasons I use him is that he's always been helpful when I've had problems. He said that he'd be willing to host you for a month to see if he could help. His company name is TRK hosting
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Inbound links to internal search with pharma spam anchor text. Negative seo attack
Suddenly in October I had a spike on inbound links from forums and spams sites. Each one had setup hundreds of links. The links goes to WordPress internal search. Example: mysite.com/es/?s=⚄
White Hat / Black Hat SEO | | Arlinaite470 -
New Domain Name or Keep going - Help not Recovering after Penguin
Hi Moz Friends I wonder if you can help me , a while ago we had a Penguin Penalty and lost our Rankings. After Months of work Disavow and Reconsiderations , Google sent me a message in Webmaster Tools to confirm the Penalty had been uplifted. Since then we havent recovered. I have been working with Bloggers to build relevant safe links, each having a DA of between 10-30. We have developed a Mobile Friendly Website and ios and Android Apps. We have improved Site Speed and moved to a Server within the same Country. We add lots of content and believe we have ticked all the boxes for onpage optimisation. However our DA and PA seems to have dropped slightly after Moz update today. We seem to be jumping in the serps, one day page 4 for "fancy dress" the next day nowhere to be found. I'm not sure what to do next. I'm not expecting to jump back to page 1 for the main keywords but some positive movement would be nice, especially as there are Lower DA Website, not mobile friendly or as fast above us in the serps. What I am looking for I guess is any ideas from you and also what you think about this idea A few people have mentioned that we might stand more of a chance using our domain name example.com instead of example.co.uk. example.com has never been used and is totaly clean (no penaltys ect..) Do we use example.com and move the website and content away from example.co.uk ? if so do we use redirects or would that just pass any hold thats on example.co.uk to the .com version Ideas Welcome Thanks Adam
White Hat / Black Hat SEO | | AMG1000 -
What is your opinion on link farm risks and how do I explain this to a client?
Hi All, I have a new monthly retainer client who still has a $600/month "linkbuilding" contract with a large national advertising/directory organization (I won't name them but I'm sure you can guess). I just got a "linking" report and it's filled with garbage: Comment spam (on huffington post). Fake G+ Account Links from multiple sites with Domain Authority of 1 (http://encirclehealth.net/, http://livingstreamhealth.co/ , etc). These have no "about" sections, no ads, no products - just blatant link farms. I've told the client that these links pose a danger in Google, that he should get them to remove them, and that he should request a refund. Their rep is pushing back hard and saying there's absolutely nothing to worry about. Am I overestimating how bad/dangerous these are? How would you explain to the client the risks? I've already shared a report and my recommendations with the client but am really just looking for some affirmation of my position that these MUST get removed. Any advice much appreciated!
White Hat / Black Hat SEO | | PlusROI0 -
Strange client request
I have a client who attends an internet marketing meetup. I have been once myself. Good group of people but most seem lost when it comes to SEO and can't tell Black from White! Well today my client emailed me and in the email she mentioned doing a trick to the title tags. Client: "there is a trick to use with the title by putting keywords in quotes and parenthasis. I'm sure you know how to do that little trick. If we do it in the title and in the first few lines of the verbage it will soar us near the top and hopefully on the first page of Google." a few sentences later "We could use a tad more content on the first page ( with parantesis and quotes) to boost us up in the ratings. At least it is an easy trick to do." I have never heard of this. Has anyone else heard about this. Please share thoughts. It sounds completely bogus to me but I will be the first to admit that i don't know everything! However i would like to have more than just my opinion when I talk to my client. Let me know what you think.
White Hat / Black Hat SEO | | NateStewart0 -
Penguin Hit, Looking for some advice from Takeshi Young
Hello, Takeshi had the good idea to compare google analytic traffic data to penguin updates. We may have got hit by Penguin 2.0 (#4) on May 22, 2013. There's nothing in GWT indicating it though. Most of our traffic is return customers, by the way. I've attached a Google Analytic Screenshot. It just happens to be the time when we removed a bunch of paid links. Will you look at this screenshot and make sure that it was Penguin, then give me some advice about 20 little blogs with keyword rich anchor text. 2 paid links that look editorial 1 sitewide paid link w/ keyword rich alt tag 1 more paid link that's an image near the footer on a single page, keyword rich anchor text. 1 paid link site with different types of links scattered across the site - 30 links total We have 70 links total - the above 25 are paid. penguin.gif
White Hat / Black Hat SEO | | BobGW0 -
Do legitimately earned links from unrelated sites help or hurt?
We have a few charity events coming up that have offered to link back to our homepage. While we do genuinely like the charities we are going to sponsor, I'm not sure how those links will look seo-wise. For example, one is for the local high school basketball team and another is for a Pediatric Care Mud Run. To a human, these links make perfect sense, but to a robot, I'm not sure if it differentiates these links from spam/some negative link. Granted, I understand that a small percentage of links probably won't do anything either way, but I'd like to ignore that for the purposes of my question. All things being equal, do links such as these help or hurt? Thanks for your time and insight, Ruben
White Hat / Black Hat SEO | | KempRugeLawGroup0 -
Negative SEO impacting client rankings - How to combat negative linking?
I have a client which have been losing rankings for the key term "sell gold" in Google AU. However, while doing some investigating I realized that we have been receiving links from bad neighborhoods such as porn, bogus .edu sites as well as some pharmaceutical sites. We have identified this as negative SEO and have moved forward to disavow the links in Google. However, I would like to know what other measures can be taken to combat this type of negative SEO linking? Any suggestions would be appreciated!
White Hat / Black Hat SEO | | dancape0 -
Need clarification on what is a landing page vs. doorway page
Hello everyone - I just became a PRO member today and wanted to say hello and ask this question... I am launching a new product, but 6 months before I created 4 different domains with landing pages to "prime" my SEO for the keywords I am trying to pursue. Now that I have launched my new product, it resides on the main domain name (let's call it "MainDomain.com"). Here's my dilemma... I want to create landing pages on each of the different domains for my PPC and optimized organic search traffic. For example, on one of the other domains (let's call it "LandingDomain1.com"), I have created a page to optimize for the keyword "event planning software" and sending my PPC traffic for "event planning software" there as well as my email campaigns. This page has original content that I have written for it (it's not duplicate content used elsewhere), but it also has navigation and links pointing to MainDomain.com, which is where we convert and collect registrations. My question is, will this activity be considered a doorway page even though I'm using it for a landing page for a particular audience? And, if it could be considered a doorway page, would I be better off moving all these optimized landing pages to my MainDomain.com and then doing a 301 redirect from those other domains to the MainDomain.com. Your input is much appreciated ... thanks.
White Hat / Black Hat SEO | | DenverDude1