HELP! My client got a DDOS Attack! Need advice
-
Here the setup:
-
Server is hosted inhouse. It got attacked using a DDOS from 20+ IP addresses spoofing in different counries. Our server overloaded and didn't work anymore.
-
URL is registered at GoDaddy.
-
Signed up at Dreamhost. We pointed DNS to Dreamhost successfully.
-
Attacks kept coming and messed up other sites on the Dreamhost shared server. We didn't know we were being followed at first. We originally thought they were attacking the IP address on our inhouse server.
-
Dreamhost noticed the attack and put us on a seperate IP and disabled our URL until the attacks 'stopped'.
MY QUESTION IS:
What do I do if they don't stop? Close shop? 99% of the business is internet driven. This has to be the blackest Blackhat SEO ever.
-
-
Thanks for sharing GKLA, Very useful information . Thanks you all!
-
Take a look at this option: http://www.cloudflare.com/features-security
-
These IP were spoofing from many countries. They would disappear in minutes. Anyway, we found the main IPs that were attacking. YES YOU ARE RIGHT about identifying the one common factor. At 1st we thought blocking IPs would work, but when that didn't work, we started blocking the 'sytle' they were using.
-
It looks like you got this resolved. We went through something similar many years ago but we were lucky because our website is for the US only. The attack was coming in from China, Russia and several other European countries.
We simply blocked all countries except the US, Mexico and Canada in our Firewall.
You just need to identify the one common factor in the attack and filter that out through your firewall.
-
Update:
Switched to Amazon Cloud and got Amazon involved. They helped out by providing some tools. Basically we filtered the attacks by not accepting IPs who were transferring a certain amount of packets. Woot Woot! We have been up and running now for about 6 days with no problem. All I know is that the attacker had a browser with a Russian Language. The site Ship Car Overseas survived!
-
Update:
We dropped Dreamhost.com since they couldn't help. They were useless in this area.
We copied the DB and pointed the URL in GoDaddy to our new host at Amazon Cloud. Well, the DDoS attacks a still coming in. The site was up for a short while (I'm talking minutes) then refreshed the pages and the ISP says the site wasn't there anymore. Damn, this attacker is relentless. I will be enabling the Amazon Balance Loader tomorrow. If this renders the DDoS attack ineffective, then Amazon solves it. But I won't find out until tomorrow.
-
Here is what dreamhost said:
" it does indeed look like you were getting attacked yet again. Unfortunately there isn't much you or myself can do in these cases.. I've disabled your domain again and will re-enable it in a week. I'm hoping that by then, the attacker has given up and moved on. If this is not the case, I regret to say that you will need to find hosting elsewhere as we do not offer a DDoS protection service. Please let me know if you have any questions.Thanks! Jason Y "
In conclusion dreamhost can't help.
-
Thanks there cowboy. Dreamhost still has not replied. I think I'll keep everything tracked here just in case other people run into this DDOS problem in the future. So far this is what has happened:
- Dreamhost disabled our URL and we are still waiting for their response.
- I took the Database and transfered all files to a new domain.
- Launching a massive Adwords Campaign to make up for the loss of 3 days revenue.
The reason I decided to transfer the DB to a new domain was I don't want to be a sitting duck if Dreamhost says they can't help. I am pretty sure they can help, but I put into place my plan B just in case. I'll keep everyone posted.
-
Hey again Francisco, upon rereading your question, it looks like I went off half cocked when I answered it. I missed that you had solved the immediate problem and that you were wondering what course of action to takke if they don't stop. the attack
If someone continues deliberately attacking your site I'm thinking the only course of action is to change your domain name. It's not a good solution so I hope someone else chimes in with a better one.
-
Hello Francisco: Really sorry to hear bout this. Bummer!
I've never personally experienced a DDOS attack ,so I called the web host I use to get his advice. He said that Dreamhost should be able to offer some kind of DDOS mitigation service.He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
He also said that if the attack continued, they'd probably not want the account after a certain point. He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
One of the main reasons I use him is that he's always been helpful when I've had problems. He said that he'd be willing to host you for a month to see if he could help. His company name is TRK hosting
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Scraping Website and Using Our Clients Info
One of our clients on Moz has noticed that another website has been scraping their website and pulling lots of their content without permission. We would like to notify Google about this company but are not sure if that is the right remedy to correct the problem. They appear in search results on Google using the client's name so they seem to be use page titles etc with the client's name in them. Several of the SERP links link to their own website but it pulls in our client's web page. Was hoping anyone could perhaps provide some additional options on how to attack this problem?
White Hat / Black Hat SEO | | InTouchMK0 -
New Domain Name or Keep going - Help not Recovering after Penguin
Hi Moz Friends I wonder if you can help me , a while ago we had a Penguin Penalty and lost our Rankings. After Months of work Disavow and Reconsiderations , Google sent me a message in Webmaster Tools to confirm the Penalty had been uplifted. Since then we havent recovered. I have been working with Bloggers to build relevant safe links, each having a DA of between 10-30. We have developed a Mobile Friendly Website and ios and Android Apps. We have improved Site Speed and moved to a Server within the same Country. We add lots of content and believe we have ticked all the boxes for onpage optimisation. However our DA and PA seems to have dropped slightly after Moz update today. We seem to be jumping in the serps, one day page 4 for "fancy dress" the next day nowhere to be found. I'm not sure what to do next. I'm not expecting to jump back to page 1 for the main keywords but some positive movement would be nice, especially as there are Lower DA Website, not mobile friendly or as fast above us in the serps. What I am looking for I guess is any ideas from you and also what you think about this idea A few people have mentioned that we might stand more of a chance using our domain name example.com instead of example.co.uk. example.com has never been used and is totaly clean (no penaltys ect..) Do we use example.com and move the website and content away from example.co.uk ? if so do we use redirects or would that just pass any hold thats on example.co.uk to the .com version Ideas Welcome Thanks Adam
White Hat / Black Hat SEO | | AMG1000 -
Got dropped on Google rank - Tips to discover why please
Hi guys originally my website was poor ranked on Google. So, after sign in on Moz and follow their tips I achieved the 4th position for one of my keywords (amazing!). But a few days ago my page dropped to bellow the first 50th pages for this same keyword, but I didn't make any changes on it. Anybody has some tips of how can I discover/repair what happened? Thank you all in advance. Best regards Paulo
White Hat / Black Hat SEO | | phlcastro0 -
Attacked with spam links.
Our website was hit with the "Pharma hack", "Google Cloaking Hack", or "Blackhat SEO Spam". and Google showed in the results this website may be compromised. After cleaning out the hack from the website I chacked with the Seomoz tool Open Site Explorer and I found that they hacked 1000 of other websites and created links to my website. They were building a few 1000 links to the website with the clickable text "buy cheap online pharmacy". and more like that. This website www.washington23.com has been hacked and gives over 200 links to your website for pharmacy items. And Google considers this from your impotent links as i can see in webmasters. What can I do about it?
White Hat / Black Hat SEO | | Joseph-Green-SEO0 -
Abused seo unintentionally, now need a way out
Hello, I have been in contact with a smo to optimize my site for search engines and social media sites. my site was doing great from last 4 years. but suddenly it started dropping in ranking. then i came and joined seomoz pro to find a way out. i was suggested to categories content in form of subdomains ... well that put a huge toll on my rankings.. thanks to suggestions here i have 301 them to sub directories. Now another huge question arises. i found out that my smo guy was taking artificial votes or whatever youc all them on twitter, facebook and g+ ...twitter and facebook's are understandable but i am getting to think that these votings on g+ might have affected my site's ranking ? here is a sample url http://www.designzzz.com/cutest-puppy-pictures-pet-photography-tips/ if you scroll below you will see 56 google plus 1s... now the big question is, i have been creating genuince content. but nowt hat i am stuck in this situation, how to get out of it ? changing urls will be bad for readers.. will a 301 will fix it ? or any other method. thanks in advance
White Hat / Black Hat SEO | | wickedsunny10 -
NEED HELP, Figuring Out Ranking Drop!
Hello, I need help from somebody, anybody, in trying to figure out why my site dropped so much for the keyword “wildblue” and “wild blue”. On the week of Feb. 13, 2012, my website jumped from middle of the first page to the fourth page, and then a week or two later jumped completely out of the index (or at least off the top 5 pages). We do not engage in any deceptive practices. Our entire website is centered around this keyword, and we are very relevant, and have informative and continually updated content for visitors. I thought at first we got hit by Panda, but our overall organic traffic has not decreased, it has actually been steadily increasing compared to same time last year. I have tried over the past several months to get us back up, or at least figure out what happened, with no luck. If anyone could advise me on what might have happened, how to correct it, or even has any ideas of how I could figure out what happened I would greatly appreciate it. Website is: http://www.mybluedish.com
White Hat / Black Hat SEO | | MyNet0 -
Massive rank drop for 'unnatural links' . Help!
Hi Everyone, I work for a company called Danbro - www.danbro.co.uk Recently a massive penalty lead to a huge drop across all keywords in Google including the brand name. Since we have conducted a massive clean up; (requesting competitors to remove duplicate content, removing some poor quality links etc etc) We still have not seen any improvement whatsoever nor has Google responded. Has anyone ever received a positive response from Google? Since we sent a reconsideration request our ranks actually went worse!! Any advice would be great
White Hat / Black Hat SEO | | Townpages0 -
Being dragged to look spammy? Rand please help!
From nowhere a backlink to our website has appeared that looks creepy and spammy to us. More astonishing is the fact that our analytics has recorded 477 visits within one day and all the visits are from different places in Vietnam. Here's the link http://erpsoftware99.com/batchmaster-erp-software.htmlWhat should we do? Will Google hold us responsible for this?Thanks & Regards
White Hat / Black Hat SEO | | IM_Learner0