HELP! My client got a DDOS Attack! Need advice
-
Here the setup:
-
Server is hosted inhouse. It got attacked using a DDOS from 20+ IP addresses spoofing in different counries. Our server overloaded and didn't work anymore.
-
URL is registered at GoDaddy.
-
Signed up at Dreamhost. We pointed DNS to Dreamhost successfully.
-
Attacks kept coming and messed up other sites on the Dreamhost shared server. We didn't know we were being followed at first. We originally thought they were attacking the IP address on our inhouse server.
-
Dreamhost noticed the attack and put us on a seperate IP and disabled our URL until the attacks 'stopped'.
MY QUESTION IS:
What do I do if they don't stop? Close shop? 99% of the business is internet driven. This has to be the blackest Blackhat SEO ever.
-
-
Thanks for sharing GKLA, Very useful information . Thanks you all!
-
Take a look at this option: http://www.cloudflare.com/features-security
-
These IP were spoofing from many countries. They would disappear in minutes. Anyway, we found the main IPs that were attacking. YES YOU ARE RIGHT about identifying the one common factor. At 1st we thought blocking IPs would work, but when that didn't work, we started blocking the 'sytle' they were using.
-
It looks like you got this resolved. We went through something similar many years ago but we were lucky because our website is for the US only. The attack was coming in from China, Russia and several other European countries.
We simply blocked all countries except the US, Mexico and Canada in our Firewall.
You just need to identify the one common factor in the attack and filter that out through your firewall.
-
Update:
Switched to Amazon Cloud and got Amazon involved. They helped out by providing some tools. Basically we filtered the attacks by not accepting IPs who were transferring a certain amount of packets. Woot Woot! We have been up and running now for about 6 days with no problem. All I know is that the attacker had a browser with a Russian Language. The site Ship Car Overseas survived!
-
Update:
We dropped Dreamhost.com since they couldn't help. They were useless in this area.
We copied the DB and pointed the URL in GoDaddy to our new host at Amazon Cloud. Well, the DDoS attacks a still coming in. The site was up for a short while (I'm talking minutes) then refreshed the pages and the ISP says the site wasn't there anymore. Damn, this attacker is relentless. I will be enabling the Amazon Balance Loader tomorrow. If this renders the DDoS attack ineffective, then Amazon solves it. But I won't find out until tomorrow.
-
Here is what dreamhost said:
" it does indeed look like you were getting attacked yet again. Unfortunately there isn't much you or myself can do in these cases.. I've disabled your domain again and will re-enable it in a week. I'm hoping that by then, the attacker has given up and moved on. If this is not the case, I regret to say that you will need to find hosting elsewhere as we do not offer a DDoS protection service. Please let me know if you have any questions.Thanks! Jason Y "
In conclusion dreamhost can't help.
-
Thanks there cowboy. Dreamhost still has not replied. I think I'll keep everything tracked here just in case other people run into this DDOS problem in the future. So far this is what has happened:
- Dreamhost disabled our URL and we are still waiting for their response.
- I took the Database and transfered all files to a new domain.
- Launching a massive Adwords Campaign to make up for the loss of 3 days revenue.
The reason I decided to transfer the DB to a new domain was I don't want to be a sitting duck if Dreamhost says they can't help. I am pretty sure they can help, but I put into place my plan B just in case. I'll keep everyone posted.
-
Hey again Francisco, upon rereading your question, it looks like I went off half cocked when I answered it. I missed that you had solved the immediate problem and that you were wondering what course of action to takke if they don't stop. the attack
If someone continues deliberately attacking your site I'm thinking the only course of action is to change your domain name. It's not a good solution so I hope someone else chimes in with a better one.
-
Hello Francisco: Really sorry to hear bout this. Bummer!
I've never personally experienced a DDOS attack ,so I called the web host I use to get his advice. He said that Dreamhost should be able to offer some kind of DDOS mitigation service.He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
He also said that if the attack continued, they'd probably not want the account after a certain point. He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
One of the main reasons I use him is that he's always been helpful when I've had problems. He said that he'd be willing to host you for a month to see if he could help. His company name is TRK hosting
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Help with a Link Building Audit
A customer wants to have a better position with a keyword (he has already a great position, but he wants more...). So he need a bit of extra link building to have better position in serp(this niche is very competitive so on page is not sufficient).
White Hat / Black Hat SEO | | Maximilian21
He asked me to do a Link Building Analysis to find good link opportunities.
How can i structure a good report? I need something like a Seo Audit for link building. That's my idea:
Identify what are the business objectives
Identify the brand strenghts and weakness
Find the strongest competitors and understand their tactics
See what are the top links that they have
Copy their best strategies
Find new strategies not used by the competitors
What else i can do for my link building audit?0 -
By changing the wordpress theme what need to take for seo consideration?
Hi guys! we have a site that been using a theme for a year now and we decided to change to a new one, the question here is, does it affect seo? or it is possible to remain 100% for the seo? What caution tips that you guys can share for changing the theme? Does just remaining the same URL works?
White Hat / Black Hat SEO | | andrewwatson922 -
I need a lot of content completed in a short amount of time. Suggestions on where to look?
I'm looking for writers to write content for 1000+ key words. 300-400 words per keyword. I would like this done by the end of July. Any suggestions or recommendations on where to find a team that can produce quality content in that amount of time? Thank you!
White Hat / Black Hat SEO | | cloudhasher0 -
Can image links help improve my backlinking profile?
I recently spent some time looking at the backlink profile of a leading UK food & clothing retailer and noticed that a high number of their backlinks for very competitive search phrase's consisted entirely of image backlinks. 50% of the links contained no alt text and other 50% contained a mix of just the targeted keyword or a phase containig one mention of the targeted keyword. Has anyone had any experiance of this type of marketing producing any positive effect on SEO or search engine rankings?
White Hat / Black Hat SEO | | BigJonOne0 -
Spamlink attack wat to do
Since today we had a spamlink attack. Just 150 dirty links in one morning and probably more to follow. Last year we also had an attack and we used the disalow. But this domain had a much stronger histrory and a PR of 6. The new domain has an authority (DA36) and PR1. The domain is very valuable and we rank on page on one of the most competitive words. Should I use the disalow tool, or just hope that the spam links don't hurt my ranking. I have some (150) valuable incoming links. Example of bad link: http://lamevabarcelona.com/una-exposicio-ens-guia-per-barcelona/dscn0756/ I think X Rumer/ pingback is used. I hope somebody can help us with this.
White Hat / Black Hat SEO | | remkoallertz0 -
Detective needed to investigate a mystery lack of ranking
My URL is: www.graduate-jobs.com/graduate-schemesAfter ranking on page 1 for the search term 'graduate schemes' for over 4 months, the page then disappeared completely from the SERPS for over 6. I've been assured it isn't a Penguin/ Panda problem, as this is the only page on our site that has seen this sort of drop. When checking backlink profiles of the ranking pages, our page is as strong if not stronger and it receives a good amount of traffic with decent user metrics.If anyone could take a look at the page and have a guess at why it isn't moving anywhere, it would be really appreciated.Thanks.
White Hat / Black Hat SEO | | whis0 -
Anybody have useful advice to fix a very bad link profile?
Hello fellow mozzers. I am interested in getting the communities opinion on how to fix an extremely bad link profile, or whether it would be easier to start over on a new domain. This is for an e-commerce site that sells wedding rings. Prior to coming to our agency, the client had been using a different service that was doing some serious black hat linkbuilding on a truly staggering scale. Of the roughly 53,000 links that show up in OSE, 16,500 of them have the anchor text "wedding rings", 1,300 "wedding ring sets", etc. For contrast, there are only two "visit website", and just one domain name anchor text. So it is about the farthest from natural you can get. Anyway, the site traffic was doing great until the end of February, when it took a massive hit and lost over half the day to day traffic volume, and steadily declined until April 24th (Penguin), when it took another huge hit and lost almost 70% of traffic from Google. Note that the traffic from Yahoo/Bing stayed the same. So the question is, is it worth trying to clean up this mess of a backlink profile or would it be smarter to start fresh with a new domain?
White Hat / Black Hat SEO | | CustomCreatives0 -
Help for a complete SEO newbie!
Hi all, I've just joined seomoz today to try and further my very young education on SEO. My major problem is i need my site to rank high in local search engines but feel that none of the customers read much of the content as i am a landscaper and feel they just search "landscaping in Newcastle" and are immediatly looking for a contact number to arrange a free estimate. I dont do any online sales, its just to generate leads. I've spent alot of time building a better site than my local competitors but they still out rank me on alot of keywords i.e. "Driveways in Gateshead" My question is do i keep adding more and more content hoping this will work long term or do i link build with anchor text etc or both? I cannot believe they still out rank me when i feel i have more links more anchor text and a load more origional content and images. I think it may be that my site is still under 1 year old. I feel i am boucing from content to link building then trying something else without any real knowlegde of what i really should be doing or what should be the priority at this young stage for my site. I have managed to get on page 1 of google for most of my keywords in local searches ( obviously not national) but still feel its been more down to luck and effort than actually knowing what i am doing when it comes to site and offsite optimization Any help, tips etc would be greatly appreciated. Many thanks John
White Hat / Black Hat SEO | | totaldriveways0