My website is down - Surviving a DDoS attack

Friday, 12 October 2018

So last month we had the unfortunate experience of a DDoS attack on our web server.

We've only heard about this happening to huge corporations like banks and the government, but not to a web design company in Newcastle.

What is a DDoS attack?

DDoS stands for Distributed Denial of Service and in simple terms means our network was flooded with loads of data from lots of different sources. This meant that genuine website visitors struggled to visit our customer websites on our web server.

Imagine using the turnstiles on the Metro. On a normal day, it's easy to get through, but add in a few thousand people trying to use it at the same time as you and you get the picture.

How does it happen?

In our situation, the attacker chose one of our IP address (a special number that computers use to communicate with each other) and flooded it with useless data. It was similar to pressing refresh in a web browser over and over on many different computers.

How did it affect us?

Apart from putting a crimp on an otherwise fine day, the attack saw a number of sites slow down. Still useable, but taking a tad longer to load. To put it simply, it added 10x extra to our usual server traffic. The attack wasn't on a website address, but instead the IP address that the website uses. Unfortunately multiple websites share the same IP address.

So what did we do?

We couldn't simply switch them to a new IP, as the attacker could easily find that out and continue their attack. First thing we did was block all the traffic to the IP address they were attacking meaning that all other websites using a different IP address sprang back in to life. We then set up a new IP address and then moved all of domains to sit behind a service called Cloudflare which hides the IP addresses of websites to the outside world. The websites affected were then moved to this new IP.

But what happens if they target one of our other IP addresses? So in addition we moved every domain we manage to live behind the Cloudflare platform. That was around 120 domain names migrated!!

How long did it take?

Within a few hours we had migrated the affected domains and then within 24 hours we had moved all the others. Pretty slick, considering we were new to all this! :) Big shout out to Cronos Internet who look after our server for their ace support and speedy response to get things back up and running.

What next?

As they say, these things are sent to try us, but it meant that we learned something new and our server resilience and knowledge is so much stronger. Every day is a school day!!

Speak to your own website provider so see if their server is protected against such attacks. Also if you need any help with your domains or setting up Cloudflare, we are always here to help.