Ever wondered what a DDoS attack actually looks like?

Ever wondered what a DDoS attack actually looks like?

The year is 2018, former Russian double agent Sergei Skripal and daughter Yulia are poisoned with a publicly unidentified nerve agent in Salisbury and 2 of our main servers just came under attack through an unforgiving DDoS Attack that lasted for days.

Before this time I had only heard about DDoS (Denial Of Service) attacks, I had never experienced one or witnessed one. I got the odd email from Africa or some spotty teenagers bedroom periodically…

“We are the wrecking crew, deposit 100 trillion BitCoin to this wallet or pay the price of a DDoS attack”

..but as most perfectly normal people do these messages just got spammed.

Then it happened, clients getting in contact “Is the server down?”, this news always gets my attention.

What did we do to stop the DDoS attack?

We went through the full range of emotions and swear words. The first thing we did was reboot the server, no change. We changed the domain to a new server, no change. Then we made a script that banned IP addresses that created these time out requests.

It was a very basic DDoS attack that would create random IP addresses to connect to our server requesting something that did not exist, the server would be overloaded with these requests blocking the good traffic from coming through. There you have it denial of service.

The script worked well except for the fact that for every IP that we banned the attack would just create new ones. So the attacks would come and go in waves as the script banned the IP addresses and the attack created new ones.

This is what our DDoS attack looked like in XShell

DDoS Attack

The 408 responses from the server are the server timeouts from the DDoS attack. In real time the screen would just be spewing out thousands of these every second with the odd good bit of traffic getting through.

We were powerless against this attack and in the end had to update every clients app to a system whereby we could edit the server it connects to remotely so there would be no downtime ever again. Once we had moved the clients software away from the server under attack we could focus on getting this put behind us.

What do you do to stop a DDoS attack?

We tried CloudFlare but that did nothing and their support was terrible. Then I stumbled upon Sucuri. Paid the fees, got everything set up and bam, the attack was over.

We still use Sucuri to this day and we wouldn’t live without it. Having the confidence to say our servers are protected against all DDoS attacks is very important for clients old and new.

People still try to DDoS attack us all the time but Sucuri deals with them instantly.

Attempted DDoS attack

We have never had a DDoS problem since 2018 and long will it continue. I struggle to comprehend why people do this. It’s a crime akin to keying a car or slashing a tyre. Cowardly way of dealing with competition or personal issues.

It’s nice that we were considered a high enough threat to someone else’s business for them to dedicate some time to DDoS attacking us but really this isn’t how you compete with a rival. To complete with a rival just be better than them and if you can’t be better than them you should commend them not resort to underhand tactics.

I didn’t really want to do this post because it was all dealt with behind the doors at the time and never mentioned again but if this post helps one business or person out that is going through the same thing then I am very satisfied.


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>