HELP! My client got a DDOS Attack! Need advice
-
Here the setup:
-
Server is hosted inhouse. It got attacked using a DDOS from 20+ IP addresses spoofing in different counries. Our server overloaded and didn't work anymore.
-
URL is registered at GoDaddy.
-
Signed up at Dreamhost. We pointed DNS to Dreamhost successfully.
-
Attacks kept coming and messed up other sites on the Dreamhost shared server. We didn't know we were being followed at first. We originally thought they were attacking the IP address on our inhouse server.
-
Dreamhost noticed the attack and put us on a seperate IP and disabled our URL until the attacks 'stopped'.
MY QUESTION IS:
What do I do if they don't stop? Close shop? 99% of the business is internet driven. This has to be the blackest Blackhat SEO ever.
-
-
Thanks for sharing GKLA, Very useful information . Thanks you all!
-
Take a look at this option: http://www.cloudflare.com/features-security
-
These IP were spoofing from many countries. They would disappear in minutes. Anyway, we found the main IPs that were attacking. YES YOU ARE RIGHT about identifying the one common factor. At 1st we thought blocking IPs would work, but when that didn't work, we started blocking the 'sytle' they were using.
-
It looks like you got this resolved. We went through something similar many years ago but we were lucky because our website is for the US only. The attack was coming in from China, Russia and several other European countries.
We simply blocked all countries except the US, Mexico and Canada in our Firewall.
You just need to identify the one common factor in the attack and filter that out through your firewall.
-
Update:
Switched to Amazon Cloud and got Amazon involved. They helped out by providing some tools. Basically we filtered the attacks by not accepting IPs who were transferring a certain amount of packets. Woot Woot! We have been up and running now for about 6 days with no problem. All I know is that the attacker had a browser with a Russian Language. The site Ship Car Overseas survived!
-
Update:
We dropped Dreamhost.com since they couldn't help. They were useless in this area.
We copied the DB and pointed the URL in GoDaddy to our new host at Amazon Cloud. Well, the DDoS attacks a still coming in. The site was up for a short while (I'm talking minutes) then refreshed the pages and the ISP says the site wasn't there anymore. Damn, this attacker is relentless. I will be enabling the Amazon Balance Loader tomorrow. If this renders the DDoS attack ineffective, then Amazon solves it. But I won't find out until tomorrow.
-
Here is what dreamhost said:
" it does indeed look like you were getting attacked yet again. Unfortunately there isn't much you or myself can do in these cases.. I've disabled your domain again and will re-enable it in a week. I'm hoping that by then, the attacker has given up and moved on. If this is not the case, I regret to say that you will need to find hosting elsewhere as we do not offer a DDoS protection service. Please let me know if you have any questions.Thanks! Jason Y "
In conclusion dreamhost can't help.
-
Thanks there cowboy. Dreamhost still has not replied. I think I'll keep everything tracked here just in case other people run into this DDOS problem in the future. So far this is what has happened:
- Dreamhost disabled our URL and we are still waiting for their response.
- I took the Database and transfered all files to a new domain.
- Launching a massive Adwords Campaign to make up for the loss of 3 days revenue.
The reason I decided to transfer the DB to a new domain was I don't want to be a sitting duck if Dreamhost says they can't help. I am pretty sure they can help, but I put into place my plan B just in case. I'll keep everyone posted.
-
Hey again Francisco, upon rereading your question, it looks like I went off half cocked when I answered it. I missed that you had solved the immediate problem and that you were wondering what course of action to takke if they don't stop. the attack
If someone continues deliberately attacking your site I'm thinking the only course of action is to change your domain name. It's not a good solution so I hope someone else chimes in with a better one.
-
Hello Francisco: Really sorry to hear bout this. Bummer!
I've never personally experienced a DDOS attack ,so I called the web host I use to get his advice. He said that Dreamhost should be able to offer some kind of DDOS mitigation service.He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
He also said that if the attack continued, they'd probably not want the account after a certain point. He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
One of the main reasons I use him is that he's always been helpful when I've had problems. He said that he'd be willing to host you for a month to see if he could help. His company name is TRK hosting
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Has our site been attacked?
Hello fellow mozers! I am having a problem you might be able to help me with and any thoughts on the issue will be greatly appreciated. Yesterday, I received an automated monthly report from Quill Engage, a tool that fetches data from Google Analytics and generates reports in a narrative format. Last month's 'referral traffic' section indicates two incredibly spammy websites driving more than 200 sessions to our website. Naturally, I checked out GWT and Open Site Explorer but couldn't find any traces of such activity. Futhermore, all our metrics seem ok. Can this possibly be a negative SEO attack that was only traced by the aforementioned tool? Can you propose any other way to test this and make sure we're not being attacked?
White Hat / Black Hat SEO | | SMD_0 -
I'm seeing thousands of no-follow links on spam sites. Can you help figure it out?
I noticed that we are receiving thousands of links from many different sites that are obviously disguised as something else. The strange part is that some of them are legitimate sites when you go to the root. I would say 99% of the page titles read something like : 1 Hour Loan Approval No Credit Check Vermont, go cash advance - africanamericanadaa.com. Can someone please help me? Here are some of the URL's we are looking at: http://africanamericanadaa.com/genialt/100-dollar-loans-for-people-with-no-credit-colorado.html http://muratmakara.com/sickn/index.php?recipe-for-cone-06-crackle-glaze http://semtechblog.com/tacoa/index.php?chilis-blue-raspberry-margarita http://wesleygcook.com/rearc/guaranteed-personal-loans-oregon.html
White Hat / Black Hat SEO | | TicketCity0 -
Need help determining how toxic this backlinking is
Okay, so my company has an SEO company already. However, we're trying to get people internally cross-trained on SEO, so I've been selected to kind of do a crash-course in SEO and look at our site from a new perspective. We are in the process of getting our old site ported over to a new one we've also created on Wordpress. I've been doing a LOT of online research, but this is definitely a very new field for me. Here's our current site: www.cedrsolutions.com So, here's my question: While doing some SEO-optimizing automatic tests on our site, I came across some weird backlinks to one of our pages: http://www.cedrsolutions.com/dental-office-manual/ http://en.calameo.com/read/003415063525a885728e7 Here's the thing: We didn't make this. It looks HORRIBLE, the copy is gibberish, and it looks weird. Doing some more searching, I started finding stuff like this https://lessons.engrade.com/dentalofficemanual/1 http://pumosust.over-blog.com/2014/09/how-to-get-customized-dental-office-manuals-online.html https://www.youtube.com/watch?v=egMonqa5eRo (???? I don't even understand how someone did this, the photo in the book is just the photo from our page) http://www.tuugo.in/Companies/cedr-hr-solutions/0150008267958#! http://www.webjam.com/dental_office_manual/$my_blog/2014/09/12/how_to_get_customized_dental_office_manuals_online Conservatively, I'd say there's at least 100 of these types of pages out there linking to us, maybe more Then I started finding comments on blogs http://blog.kenexa.com/hr-focus-on-increasing-revenue-not-just-managing-costs/ http://geekologie.com/2012/05/bad-ideas-boyfriend-visits-dentist-ex-da.php (some NSFW language on that one) So, my first thought is obviously "Okay, these are gibberish, over-optimized, and ALL of them are trying to bump our relevancy for something along the lines "Dental office manual" EDIT: I should also mention these links ALL just appeared out of thin air. A whole bunch in early July, and more in mid-September. They didn't just slowly accumulate. So (finally) here's my questions: 1. Did our current SEO company probably do this? The only thing they've mentioned before is that they were going to create some backlinks for us, with an assurance they'd be genuine links that would build Pagerank without getting us slapped by Google. 2. Am I correct in my opinion that these are toxic links that could get manual action taken against us by Google? I'm not sure how LIKELY it is (as again, there's only about 100 or so) but they seem to be violating multiple Google principles. With how often Google pushes out algorithm updates I feel like we could still get busted for this even if the links are like 6-7 months old and not sending us much traffic. I'm asking because I've been told to set up a conference call with the account manager at our current SEO place, and I want to know what I'm getting into. I might be wildly over-reacting about nothing, I might be kind of right but it's not that bad, or I might be 100% right and what they are doing is not cool at all, and could kill our SEO if we get busted by Google. I'm not sure which it is. Checking Google webmaster tools and analytics, I don't see any drops in organic traffic between July '14 and now, so I don't think we've been smacked by Google algorithm-wise. And there's no notice from Google of manual action being taken, or anything being wrong with our backlinks, so I'm fairly confident these links haven't hurt us at least as of today. I'm just worried going forward (especially when we finish the new site and submit it to Google to get crawled, the URLs will be the same) Sorry this was so long. I'm kind of nervous, honestly. On the one hand, these backlinks seem SUPER sketchy to me, but on the other hand, I don't KNOW any of this stuff. It sounds kind of ridiculous for me, someone with maybe 3 weeks of intense Google-education in SEO, to be questioning something a real, established SEO company is doing. I mean, I kind of have to assume they know better, right?
White Hat / Black Hat SEO | | CEDRSolutions1 -
By changing the wordpress theme what need to take for seo consideration?
Hi guys! we have a site that been using a theme for a year now and we decided to change to a new one, the question here is, does it affect seo? or it is possible to remain 100% for the seo? What caution tips that you guys can share for changing the theme? Does just remaining the same URL works?
White Hat / Black Hat SEO | | andrewwatson922 -
SERPs Help
Hey Mozzers, Please can someone advise? I manage the on-line content for an estate of Gyms in the UK. We had an existing gym location in Birmingham - www.nuffieldhealth.com/gyms/birmingham and 5 months ago we opened a new location in Birmingham - www.nuffieldhealth.com/gyms/birmingham-central. The 2 pages have different in-page content, different H1's, different title tags, different citations in page both have a few back links from different root domains, however the 2nd page (birmingham-central) does not rank in the top 50 results even though our domain is strong that the vast majority of results? Our original page (/gyms/birmingham) also slipped from page 1 in SERPs to the bottom of page 2 when the second Birmingham gym page was deployed?? I am guessing Google does not know which page to serve in SERPs, bud i am at a lose as to how to fix this issue. Can anyone please advise?? Regards Ben
White Hat / Black Hat SEO | | Bendall0 -
Do rss feeds help seo in 2013?
I have seen answers for this back in 2012 but as we all now things have changed in 2013. My question is Do rss feeds help seo in 2013? Or does google see it as duplicate content (I see that the moz site has RSS ...)
White Hat / Black Hat SEO | | Llanero0 -
HELP - Site architecture of E-Commerce Mega Menu - Linkjuice flow
Hi everyone, I hope you have a couple of mins to give me your opinion. Ecommerce site has around 2000 products, in english and spanish, and around only 70 hits per day if that. We have done a lot of optimisation on the site - Page Titles, URL's, Content, H1's, etc.... Everything on page is pretty much under control, except I am starting to realise the site architecture could be harming our SEO efforts. Once someone arrives on site they are language detected and do a 302 to either domain.com/EN or domain.com/ES depending on their preferred language. Then on the homepage, we have the big MEGA MENU - and we have
White Hat / Black Hat SEO | | bjs2010
CAT 1
SubCat 1
SubsubCat 1
SubsubCat 2
SubsubCat 3 Overall, there are 145 "categories". Plus links to some CMS pages, like Home, Delivery terms, etc... Each Main Category, contains the products of everything related to that category - so for example:
KITCHENWARE
COOKWARE BAKINWARE
SAUCEPANS BOWLS
FRYING PANS Kitchenware contains: ALL PRODUCTS OF SUBCATS BELOW, SO COOKWARE ITEMS, SAUCEPANS, FRYING PANS, BAKINGWARE, etc... plus links to those categories through breadcrumbs and a left hand nav in addition to the mega menu above. So once the bots hit the site, immediately they have this structure to deal with. Here is what stats look like:
Domain Authority: 18 www.domain.com/EN/
PA: 27
mR: 3.99
mT: 4.90 www.domain.com/EN/CAT 1
PA: 15
mR: 3.05
mT: 4.54 www.domain.com/EN/CAT 1/SUBCAT1
PA: 15
mR: 3.05
mT: 4.54 Product pages themselves - have a PA of 1 and no mR or mT. I really need some other opinions here - I am thinking of: Removing links in Nav menu so it only contains CAT1 and SUBCAT1 but DELETE SUBSUBCATS1 which represent around 80 links Remove products within the CAT1 page - eg., the CAT 1 would "tile" graphical links to subcategories, but not display products themselves. So products are only available right at the lowest part of the chain (which will be shortened) But I am willing to hear any other ideas please - maybe another alternative is to start building links to boost DA and linkjuice? Thanks all, Ben0 -
Article submission, and how to build backlinks for Ecommerce? [HELP]
Hi guys, I have a question, for high quality backlinks apparently you go to these article websites where you submit your site such as Ezine etc etc, however is it just one article you submit to these as it'll look like duplicate content? Also can I have it on my site first? How does it work? Also I run an ecommerce website, how can I build backlinks to each product, theres over 200+ products and 1.6k subcategories. I would like to rank for as many as possible but getting an SEO company to do this would cost to much. Any ideas on how I should go about it?
White Hat / Black Hat SEO | | InkCartridgesFast1