The issue at hand is that the online store, which is hosted on a dedicated virtual server with a hosting company, has been experiencing errors such as 504 and 500 for the past three days. The hosting company claims that a DDoS attack is responsible and they are working to resolve it. As a result, the website has been down and orders are not being processed.
 
Have you ever faced a similar situation? What would you do? Our team has decided to temporarily move the site to a different hosting provider, but transferring the domain name may take some time. Additionally, we are not certain that the attack won't follow us to the new hosting provider.

Therefore, we are looking for advice on how to launch a temporary website until all issues can be resolved. Should we transfer the domain name or create a temporary one? Any recommendations on where and how to temporarily launch the website?
Share your experience if you have had similar experiences!

One suggestion is to consider investing in an anti-DDoS service, rather than relying on a cheap or stingy provider like Cloudflare. Alternatively, you may need to consider replacing your admin or paying them more to ensure a better service.

It seems that the online store has been affected by the DDoS attack for three days now and action is only just being taken. As for your queries about the domain and IP addresses, if the attack targets the domain, it will spread easily, while if it targets the IP address, it may take longer for the attack to spread.

Regarding a temporary domain, it may not be an effective solution. You could also send the data to a security specialist to determine the type and volume of the attack, as there may be a chance to resolve the issue with their expertise.

It is important to implement clear monitoring in advance to distinguish between an attack and server overload. Establishing a good relationship with the hosting provider can also prevent confusion over whether an attack is occurring or if a more powerful VPS is needed.

Despite the prevalence of DDoS attacks, some still fail to consider the technical aspects of site security, despite the direct impact on their financial success.

If dealing with a DDoS attack, consider creating a minimalistic, static website with product descriptions and contact details to continue receiving orders, even if it's inconvenient without feedback forms or chat windows. The most direct method would be to host the temporary site on your own server, but it can also be hosted elsewhere, although DNS records may need to be updated and other potential delays may arise.

It is important to prioritize website or server security measures during development and gradually increase them to reduce vulnerability.

One critical security measure is ensuring the protection of program code through secure coding standards and software testing. This can help eliminate common errors and known vulnerabilities. Additionally, regularly updating software as part of the server can improve protection and prevent attackers from using old methods of attack.

Creating control points, such as recovery checkpoints and storage snapshots, can also help mitigate the damage caused by an attack. Restricting access rights through robust protection of administrator accounts and limiting the number of people with extended access rights is another critical step.

In addition, telecom operators can offer tools to change traffic routing schemes and allocate additional channels to increase bandwidth, providing an additional layer of protection. By taking these steps, website or server owners can minimize the risk of attacks and protect their business from potential financial loss.