Greetings,

I am curious about how I can identify the individual or group responsible for conducting a DDoS attack on my domains and what their motive may be. Our online presence is not registered as a legal entity, and some of our websites receive only 2-3 visitors per day. Despite this, our domains are currently under a severe attack.

This situation raises several questions: What could be the reason for this attack? Who would benefit from it? It's concerning to think about the potential damage that could occur to our online reputation and infrastructure. It is imperative to seek out solutions to prevent future attacks and ensure the safety of our online presence.

Assuming that you are in charge of hosting, it is possible that your hosting services are currently facing an attack. Alternatively, if you have rented servers from a hosting provider, your domains may be impacted as well due to the nature of the disruption.

It's essential to understand that these attacks can have severe consequences for your business, ranging from significant financial losses to long-lasting reputational damage. As such, it's crucial to take immediate action to minimize the impact of these attacks and protect your online assets.

Some possible measures that can be taken include investing in stronger security solutions, thoroughly analyzing server logs to trace the source of the attack, and establishing communication channels with your hosting provider to ensure prompt responses in the event of an attack.

You most likely just got hit by a "cool mess" by accident,
because there are a lot of other sites on your hosting site with you,
which are probably the target.

I have a few theories that could potentially explain the situation at hand:

1. It's possible that the attack was not targeted specifically at your domains, but rather a result of a mistake made by the attacker. In this case, changing the IP address may be a viable solution.
2. Certain hosting providers have been known to offer "protection" services for an additional fee. Though not entirely ethical, it is possible that your provider has engaged in such practices.

Furthermore, it's important to consider the severity of the attack and the effectiveness of available protective measures. As the exact nature of the attack has yet to be determined, it may be worthwhile to invest in more robust protection solutions and explore various options for mitigating the impact of such attacks in the future.

It's also important to note that DDoS attacks can be challenging to identify and even harder to prevent. As such, it's essential to stay proactive and remain vigilant in protecting your online presence from potential threats.

Quote from: _AnnA_ on Oct 04, 2022, 11:53 AMWell, since the attack on all domains, rather than specifically one - change ip, perhaps the attacker simply made a mistake and you are not targeted.

The attack was not on all domains on the VPS, but on 7 of the two dozen. Changing IP will not do anything. The attacker makes requests to sites by domain name, not by host IP.

Quote from: _AnnA_ on Oct 04, 2022, 11:53 AMAnd how serious an attack? How much does free protection on a VPS work? And what makes you think it's a DDOS at all?
I was advised by my hoster to connect the domains under attack to CloudFlare. The attack is very serious, from 5 to 15 thousand requests per hour for some domains. Well, according to CloudFlare.

And I'm not even talking about the traffic CloudFlair helps me save. Without protection, I had 100GB of incoming traffic in 2-3 hours. For incoming traffic hoster asks money (over the limit of tariff). You see, he does some kind of protection against DDOS, and such incoming traffic, it must be paid.
If it were not for claudflair, I would have to pay 15-20 bucks a day.
CloudFlare repels about 90% of hacker requests.

Quote from: wwwmaster@ on Oct 04, 2022, 12:47 PMThe attack is very serious, from 5 to 15 thousand requests per hour for some domains.

Well, then it's easier: turn on "im under attack" there, if it did not turn on itself, and it's fine, the attack will not reach the server.
Illiterate by domain and attack, and competent hits just on ip, bypassing cloudflare, including. In your case, someone semi-literate works. It's possible.

Quote from: wwwmaster@ on Oct 04, 2022, 07:50 AMserious attack on our domains is going on.

What do you mean by "serious attack"? Not the first time I hear about such attacks, when I began to study it turned out that by serious attack meant 100-200 visits to the site per day. 

But, as I understand it, you have an anti-DDos solution, and it works, and it is able to scale. Well, let it work.
If the pressure will be increased, then we will have to think about software firewall or other options.
But I don't think it will.

Quote from: Ronny on Oct 05, 2022, 05:14 AMyou have an anti-DDos solution

Access logs, they show that requests to sites are hacked, DDOS.
A huge number of requests to certain pages of sites, but from different ip, with fake user-agents and HTTP referer.
Well, and CloudFlair shows statistics, according to it... since the DDOS attack started, already under 100 million hacker requests have been blocked.
For now, we will stay with the same host, if anything, we will increase the rate on Cloudflare.
Thank you all for the discussion.

DDoS attacks can pose serious threats to online systems and networks. It is important to understand the difference between these types of attacks and DoS attacks.

DoS attacks are aimed at causing a load on the subsystem to disrupt services, usually targeted at a specific domain or virtual machine. These attacks start from a single subnet and are noticeable in log files, making them easier to block with a brandmauser. DDoS attacks differ from this in that they use multiple hosts to direct false traffic to the target. This makes it difficult to suppress the attack, as it is almost impossible to weed out all attacking IP addresses.

These attacks typically occur after an attacker gains control of a large number of devices by infecting them with a Trojan-type virus. Infected computers, or "zombies," are then used to execute commands from the main server that coordinates the botnet, ultimately directed by the ddoes.

Reasons for committing DDoS attacks include political orders, competition, blackmail, and personal reasons.

Infrastructure-level attacks such as SYN-flood or UDP-flood are more common, while application-level attacks that target valuable parts of the app are less so but more complex.

It is important to stay informed about different types of DDoS attacks and to implement appropriate security measures to prevent such attacks from occurring.

DDoS attacks can be motivated by various reasons. Some attackers may be seeking financial gain through extortion, demanding a ransom to stop the attack. Others may have ideological motives, aiming to disrupt or take down websites that they disagree with politically or socially. Sometimes, attacks are carried out by competitors who want to gain a competitive edge by eliminating or damaging a rival's online presence. Additionally, some attacks are simply motivated by the desire to cause chaos and disruption without any specific target in mind.

Considering the low traffic on your domains, it is possible that the attack may not specifically target you but rather be part of a larger campaign against multiple websites. In such cases, attackers may indiscriminately target any vulnerable website they come across.

To prevent future attacks and ensure the safety of your online presence, there are steps you can take. First, consider contacting your internet service provider (ISP) for assistance. They may be able to help you mitigate the attack or provide guidance on securing your domains.

You should also consider implementing security measures such as firewalls, intrusion detection systems, and content delivery networks (CDNs). These can help protect your infrastructure from DDoS attacks by filtering out malicious traffic and distributing legitimate traffic more effectively.

Regularly updating your website's software and plugins is crucial, as vulnerabilities in outdated software can be exploited by attackers. Finally, consider working with cybersecurity professionals who can assess your infrastructure, identify vulnerabilities, and recommend specific solutions tailored to your needs.

things you can consider to address and prevent future DDoS attacks:

1. Traffic Analysis: Analyze your network traffic to identify any patterns or anomalies that could indicate a potential DDoS attack. Implementing network monitoring tools can help you detect and respond to such attacks in a timely manner.

2. Scalability and Redundancy: Ensure that your infrastructure has the capacity to handle increased traffic during an attack. Consider using load balancers and distributed systems to distribute traffic across multiple servers, making it more difficult for attackers to overwhelm your resources.

3. Content Delivery Networks (CDNs): Utilize CDNs to cache and distribute your website content across multiple servers and locations. This can help absorb some of the attack traffic and provide a layer of protection against DDoS attacks.

4. Bandwidth and ISP Protections: Contact your ISP to discuss available protections they may offer against DDoS attacks. They may have services, such as traffic filtering, that can help mitigate the impact of an attack.

5. Incident Response Plan: Develop an incident response plan that outlines the steps to take during and after a DDoS attack. This helps ensure a coordinated and efficient response to minimize damage and downtime.

6. DDoS Mitigation Services: Explore the possibility of working with a DDoS mitigation service provider. They specialize in detecting and mitigating attacks, providing an additional layer of protection for your online presence.


 few more strategies to consider when preventing and mitigating DDoS attacks:

1. Implement rate limiting and traffic shaping: Set up rate limiting and traffic shaping mechanisms to control and limit the amount of incoming traffic to your websites or applications. This can help prevent your resources from being overwhelmed by excessive requests during an attack.

2. Use a Web Application Firewall (WAF): Implementing a WAF can help filter out malicious traffic and protect against application layer attacks, which are common in DDoS attacks. A WAF can detect and block suspicious patterns or behavior, providing an extra layer of defense.

3. Employ Intrusion Detection and Prevention Systems (IDS/IPS): IDS/IPS systems continuously monitor network traffic and can detect and block malicious activity, including DDoS attacks. They can provide real-time alerts and automatically respond to potential threats.

4. Regularly back up data: Make regular backups of your website and databases to ensure that even if your infrastructure is compromised or damaged, you can restore your services quickly. Store backups in a secure location that is separate from your primary infrastructure.

5. Educate employees and users: Train your employees on security best practices to prevent social engineering attacks that could lead to a DDoS attack. Educate your users and customers about basic security measures, such as strong passwords and avoiding suspicious links or downloads, to reduce the risk of their devices being compromised and used in DDoS botnets.

6. Stay up to date with security patches and updates: Regularly update and patch your systems, software, and applications to fix any vulnerabilities that could be exploited by attackers. Vulnerable software is often targeted in DDoS attacks, so keeping everything up to date is crucial.

7. Develop an incident response plan: Prepare an incident response plan that outlines the steps to take when under a DDoS attack, including communication channels, roles and responsibilities, and contact information for key personnel. This will help minimize confusion and enable a coordinated response.