Site is being ddos-attacked

Started by sebastian, Nov 24, 2022, 12:53 AM

Previous topic - Next topic

sebastianTopic starter

The problem is the following. The online store is hosted on VPS (dedicated virtual server) of one of hosting companies. Three days ago, website began to issue 504, 500, etc. errors.
The hosting said that a ddos attack is coming to our server and they are doing everything possible to solve the problem. The site has been lying for three days now, orders are not coming, managers are idle.

So I would like to ask experienced people what to do in such a situation? We decided to temporarily move the site to another hosting, but if the transfer of the site is not long, then the transfer of the domain requires some time.
Moreover, it is not a fact that the attack will not spread to the new hosting. But if we still assume that the attack on the new hosting will not spread (because there is a suspicion that this attack is completely invented), then how is it right to at least temporarily launch the site into operation? I.e. is there any advice on this, where and how to temporarily launch a broken website until the problems are solved?
If it makes sense to transfer the domain name, or is it easier to create a temporary one, and inform customers that the site will work on this temporary domain for a couple of days?

In short, has anyone encountered anything like this? Share your experience!
  •  

KellenFoster

Give money to the anti-ddos service (as an option for the poor / greedy cloudflare), kick the fuck out of your admin or start paying him a salary, the service has been lying for 3 days and you have just started moving, well, then the store is like this. According to your questions, if the attack goes to the domain, it will spread perfectly, if by IP, it will spread a little later, when the customer of the attack oversleeps and sees that you have moved.
According to the temporary domain, they have already said - useless. Well, the data is sent to the studio by volume and type of attack, maybe Kiddy ab is mastering the script there and you can close yourself.
  •  

mariastro

It should have been done earlier. Prepare clear monitoring so as not to guess whether it is an attack or the server is not coping with the load. Establish contacts with the hosting provider, so as not to guess whether an attack is really being observed or is it a subtle hint that it's time for you to rent a more powerful VPS.
I don't understand why, when they write about DDoS attacks almost in newspapers, a few of those whose financial well-being directly depends on the availability of their site try on the situation for themselves and think about the technical aspects of security.

If I were you, I would put together a minimalistic static website with a description of your products and contact details on my knee. This way you will be able to inconveniently, without a feedback form and a pop-up chat window with a consultant, but still receive orders.
You can host it on your server, this, in my opinion, is the most direct way.
You can place it somewhere on another hosting, but you will have to wait for DNS records to be updated and so on.
  •  

Cviki

Measures to protect website or server should be taken at the development stage and gradually expand them, reducing vulnerability.

Protection of the program code. In the process of writing application software, secure coding standards should be taken into account and thorough software tests should be carried out. This will help eliminate common errors and known vulnerabilities.
Timely software update. Regular improvement of the software as part of the server will improve protection and will not give attackers the opportunity to use old methods of attacks.

Creating control points. To "mitigate" the consequences, you need to have recovery checkpoints and storage snapshots to which you can roll back the system.
Restriction of access rights. Administrator accounts should have reliable protection and regularly updated complex passwords. It is also necessary to control that a limited number of people have extended access rights.
Means of protection from the provider. Telecom operators can offer tools to change the traffic routing scheme, including the allocation of additional channels to increase bandwidth.
  •