HELP! My client got a DDOS Attack! Need advice
-
Here the setup:
-
Server is hosted inhouse. It got attacked using a DDOS from 20+ IP addresses spoofing in different counries. Our server overloaded and didn't work anymore.
-
URL is registered at GoDaddy.
-
Signed up at Dreamhost. We pointed DNS to Dreamhost successfully.
-
Attacks kept coming and messed up other sites on the Dreamhost shared server. We didn't know we were being followed at first. We originally thought they were attacking the IP address on our inhouse server.
-
Dreamhost noticed the attack and put us on a seperate IP and disabled our URL until the attacks 'stopped'.
MY QUESTION IS:
What do I do if they don't stop? Close shop? 99% of the business is internet driven. This has to be the blackest Blackhat SEO ever.
-
-
Thanks for sharing GKLA, Very useful information . Thanks you all!
-
Take a look at this option: http://www.cloudflare.com/features-security
-
These IP were spoofing from many countries. They would disappear in minutes. Anyway, we found the main IPs that were attacking. YES YOU ARE RIGHT about identifying the one common factor. At 1st we thought blocking IPs would work, but when that didn't work, we started blocking the 'sytle' they were using.
-
It looks like you got this resolved. We went through something similar many years ago but we were lucky because our website is for the US only. The attack was coming in from China, Russia and several other European countries.
We simply blocked all countries except the US, Mexico and Canada in our Firewall.
You just need to identify the one common factor in the attack and filter that out through your firewall.
-
Update:
Switched to Amazon Cloud and got Amazon involved. They helped out by providing some tools. Basically we filtered the attacks by not accepting IPs who were transferring a certain amount of packets. Woot Woot! We have been up and running now for about 6 days with no problem. All I know is that the attacker had a browser with a Russian Language. The site Ship Car Overseas survived!
-
Update:
We dropped Dreamhost.com since they couldn't help. They were useless in this area.
We copied the DB and pointed the URL in GoDaddy to our new host at Amazon Cloud. Well, the DDoS attacks a still coming in. The site was up for a short while (I'm talking minutes) then refreshed the pages and the ISP says the site wasn't there anymore. Damn, this attacker is relentless. I will be enabling the Amazon Balance Loader tomorrow. If this renders the DDoS attack ineffective, then Amazon solves it. But I won't find out until tomorrow.
-
Here is what dreamhost said:
" it does indeed look like you were getting attacked yet again. Unfortunately there isn't much you or myself can do in these cases.. I've disabled your domain again and will re-enable it in a week. I'm hoping that by then, the attacker has given up and moved on. If this is not the case, I regret to say that you will need to find hosting elsewhere as we do not offer a DDoS protection service. Please let me know if you have any questions.Thanks! Jason Y "
In conclusion dreamhost can't help.
-
Thanks there cowboy. Dreamhost still has not replied. I think I'll keep everything tracked here just in case other people run into this DDOS problem in the future. So far this is what has happened:
- Dreamhost disabled our URL and we are still waiting for their response.
- I took the Database and transfered all files to a new domain.
- Launching a massive Adwords Campaign to make up for the loss of 3 days revenue.
The reason I decided to transfer the DB to a new domain was I don't want to be a sitting duck if Dreamhost says they can't help. I am pretty sure they can help, but I put into place my plan B just in case. I'll keep everyone posted.
-
Hey again Francisco, upon rereading your question, it looks like I went off half cocked when I answered it. I missed that you had solved the immediate problem and that you were wondering what course of action to takke if they don't stop. the attack
If someone continues deliberately attacking your site I'm thinking the only course of action is to change your domain name. It's not a good solution so I hope someone else chimes in with a better one.
-
Hello Francisco: Really sorry to hear bout this. Bummer!
I've never personally experienced a DDOS attack ,so I called the web host I use to get his advice. He said that Dreamhost should be able to offer some kind of DDOS mitigation service.He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
He also said that if the attack continued, they'd probably not want the account after a certain point. He seemed surprised that they weren't able to block it if it was coming in from only 20+ IP addresses.
One of the main reasons I use him is that he's always been helpful when I've had problems. He said that he'd be willing to host you for a month to see if he could help. His company name is TRK hosting
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
1st Ecommerce site got penalized, can we start a 2nd one?
Hello, A client's first site got penalized by Goolge Penguin. It has recovered through cleaning up backlinks, but not to where it was before. It is 2nd and 3rd for several money keywords, but is far less successful than before penalization. We are starting a second site. Here's the important steps to mention The new site shows up first for it's domain name, and it has 30 pages indexed. It shows up NOWHERE for our leading search term. Out other site has a blog post that is 3rd for that search term. We are using new categories and new organization. We are using a different cart solution We are adding all unique content The home pages and some of the product pages are very thorough. We are adding comprehensive products like nothing else in the industry (10X) We plan on adding a very comprehensive blog, but haven't started yet. We've added the top 100 products so far. Our other store has 500. There's a lot of spam in the industry, so sites are slow to rank. Our category descriptions are 500 words Again, all unique content. No major errors in Moz Campaign tools Just a few categories so far, we're going to add many more. Same Google Analytics account as our other site It looks like we should eventually be on page 3 for our major search term. Again, we're nowhere for anything right now. ... Have you seen that Google will not rank a second site because it's from the same company and Google Analytics account, or does Google let you rank 2 sites in the same industry? We are hoping it's just slow to rank. If you can rank 2 sites, what are your best recommendations to help show up? Thanks.
White Hat / Black Hat SEO | | BobGW0 -
Advice needed! How to clear a website of a Wordpress Spam Link Injection Google penalty?
Hi Guys, I am currently working on website that has been penalised by Google for a spam link injection. The website was hacked and 17,000 hidden links were injected. All the links have been removed and the site has subsequently been redesigned and re-built. That was the easy part 🙂 The problems comes when I look on Webmaster. Google is showing 1000's of internal spam links to the homepage and other pages within the site. These pages do not actually exist as they were cleared along with all the other spam links. I do believe though this is causing problems with the websites rankings. Certain pages are not ranking on Google and the homepage keyword rankings are fluctuating massively. I have reviewed the website's external links and these are all fine. Does anyone have any experience of this and can provide any recommendations / advice for clearing the site from Google penalty? Thanks, Duncan
White Hat / Black Hat SEO | | CayenneRed890 -
I need a lot of content completed in a short amount of time. Suggestions on where to look?
I'm looking for writers to write content for 1000+ key words. 300-400 words per keyword. I would like this done by the end of July. Any suggestions or recommendations on where to find a team that can produce quality content in that amount of time? Thank you!
White Hat / Black Hat SEO | | cloudhasher0 -
Negative SEO from Spammers Killing Client Rankings
Hi - I have identified a client website which was; a ) hacked and had several fraudulent pages added e.g. www.xxx.com/images/uggaustralia.html added which have 301 redirect links to another fraudulent websites. b) had an auto generated back link campaign (over 12k back links at present) with targeted anchor text at cheap ugg boots, ugg sale etc. I've removed the dodgy redirect web pages and also undertook a link audit using Google WMT, OSE and Seo Majestic and have disavowed all the spammy links at domain level. Consequently my client has dropped from top three for the key phrase to #9. Google WMT now sees ugg boots uk, ugg boots sale etc. as some of the most popular anchor text for the site even though it's blatantly obvious that the site has nothing to do with Ugg boots. No manual webspam penalties are in place however the auto generated anchor text campaign is still ongoing and is generating more spammy links back to non existent web pages - which still Google appears to be picking up. Question is - how long do you reckon it will take for the links to disappear and is there anything I can speed Google along as this issue if not of my making? p.s. For the record I've found at least 500 sites that have been targeted by this same campaign as well.
White Hat / Black Hat SEO | | Door4seo0 -
301 Redirect Asp.net Help
Hey, we are redesigning the site and we are changing a lot of urls to make them more SEO friendly But some of the old urls have PR 4-5 What is the best way to do about this? How to do a 301 redirect for specific pages in asp.net Or do you recommend something elsE? Thanks in advance
White Hat / Black Hat SEO | | Madz0 -
Yet another Negative SEO attack question.
I need help reconciling two points of view on spammy links. On one hand, Google seems to say, "Don't build spammy links to your website - it will hurt your ranking." Of course, we've seen the consequences of this from the Penguin update, of those who built bad links got whacked. From the Penguin update, there was then lots of speculation of Negative SEO attacks. From this, Google is saying, "We're smart enough to detect a negative SEO attack.", i.e: http://youtu.be/HWJUU-g5U_I So, its seems like Google is saying, "Build spammy links to your website in an attempt to game rank, and you'll be penalized; build spammy links to a competitors website, and we'll detect it and not let it hurt them." Well, to me, it doesn't seem like Google can have it both ways, can they? Really, I don't understand why Competitor A doesn't just go to Fiverr and buy a boatload of crappy exact match anchor links to Competitor B in an attempt to hurt Competitor B. Sure, Competitor B can disavow those links, but that still takes time and effort. Furthermore, the analysis needed for an unsophisticated webmaster could be daunting. Your thoughts here? Can Google have their cake and eat it too?
White Hat / Black Hat SEO | | ExploreConsulting0 -
NEED HELP, Figuring Out Ranking Drop!
Hello, I need help from somebody, anybody, in trying to figure out why my site dropped so much for the keyword “wildblue” and “wild blue”. On the week of Feb. 13, 2012, my website jumped from middle of the first page to the fourth page, and then a week or two later jumped completely out of the index (or at least off the top 5 pages). We do not engage in any deceptive practices. Our entire website is centered around this keyword, and we are very relevant, and have informative and continually updated content for visitors. I thought at first we got hit by Panda, but our overall organic traffic has not decreased, it has actually been steadily increasing compared to same time last year. I have tried over the past several months to get us back up, or at least figure out what happened, with no luck. If anyone could advise me on what might have happened, how to correct it, or even has any ideas of how I could figure out what happened I would greatly appreciate it. Website is: http://www.mybluedish.com
White Hat / Black Hat SEO | | MyNet0 -
My attempt to reduce duplicate content got me slapped with a doorway page penalty. Halp!
On Friday, 4/29, we noticed that we suddenly lost all rankings for all of our keywords, including searches like "bbq guys". This indicated to us that we are being penalized for something. We immediately went through the list of things that changed, and the most obvious is that we were migrating domains. On Thursday, we turned off one of our older sites, http://www.thegrillstoreandmore.com/, and 301 redirected each page on it to the same page on bbqguys.com. Our intent was to eliminate duplicate content issues. When we realized that something bad was happening, we immediately turned off the redirects and put thegrillstoreandmore.com back online. This did not unpenalize bbqguys. We've been looking for things for two days, and have not been able to find what we did wrong, at least not until tonight. I just logged back in to webmaster tools to do some more digging, and I saw that I had a new message. "Google Webmaster Tools notice of detected doorway pages on http://www.bbqguys.com/" It is my understanding that doorway pages are pages jammed with keywords and links and devoid of any real content. We don't do those pages. The message does link me to Google's definition of doorway pages, but it does not give me a list of pages on my site that it does not like. If I could even see one or two pages, I could probably figure out what I am doing wrong. I find this most shocking since we go out of our way to try not to do anything spammy or sneaky. Since we try hard not to do anything that is even grey hat, I have no idea what could possibly have triggered this message and the penalty. Does anyone know how to go about figuring out what pages specifically are causing the problem so I can change them or take them down? We are slowly canonical-izing urls and changing the way different parts of the sites build links to make them all the same, and I am aware that these things need work. We were in the process of discontinuing some sites and 301 redirecting pages to a more centralized location to try to stop duplicate content. The day after we instituted the 301 redirects, the site we were redirecting all of the traffic to (the main site) got blacklisted. Because of this, we immediately took down the 301 redirects. Since the webmaster tools notifications are different (ie: too many urls is a notice level message and doorway pages is a separate alert level message), and the too many urls has been triggering for a while now, I am guessing that the doorway pages problem has nothing to do with url structure. According to the help files, doorway pages is a content problem with a specific page. The architecture suggestions are helpful and they reassure us they we should be working on them, but they don't help me solve my immediate problem. I would really be thankful for any help we could get identifying the pages that Google thinks are "doorway pages", since this is what I am getting immediately and severely penalized for. I want to stop doing whatever it is I am doing wrong, I just don't know what it is! Thanks for any help identifying the problem! It feels like we got penalized for trying to do what we think Google wants. If we could figure out what a "doorway page" is, and how our 301 redirects triggered Googlebot into saying we have them, we could more appropriately reduce duplicate content. As it stands now, we are not sure what we did wrong. We know we have duplicate content issues, but we also thought we were following webmaster guidelines on how to reduce the problem and we got nailed almost immediately when we instituted the 301 redirects.
White Hat / Black Hat SEO | | CoreyTisdale0