The issue at hand is that the online store, which is hosted on a dedicated virtual server with a hosting company, has been experiencing errors such as 504 and 500 for the past three days. The hosting company claims that a DDoS attack is responsible and they are working to resolve it. As a result, the website has been down and orders are not being processed.
Have you ever faced a similar situation? What would you do? Our team has decided to temporarily move the site to a different hosting provider, but transferring the domain name may take some time. Additionally, we are not certain that the attack won't follow us to the new hosting provider.
Therefore, we are looking for advice on how to launch a temporary website until all issues can be resolved. Should we transfer the domain name or create a temporary one? Any recommendations on where and how to temporarily launch the website?
Share your experience if you have had similar experiences!
One suggestion is to consider investing in an anti-DDoS service, rather than relying on a cheap or stingy provider like Cloudflare. Alternatively, you may need to consider replacing your admin or paying them more to ensure a better service.
It seems that the online store has been affected by the DDoS attack for three days now and action is only just being taken. As for your queries about the domain and IP addresses, if the attack targets the domain, it will spread easily, while if it targets the IP address, it may take longer for the attack to spread.
Regarding a temporary domain, it may not be an effective solution. You could also send the data to a security specialist to determine the type and volume of the attack, as there may be a chance to resolve the issue with their expertise.
It is important to implement clear monitoring in advance to distinguish between an attack and server overload. Establishing a good relationship with the hosting provider can also prevent confusion over whether an attack is occurring or if a more powerful VPS is needed.
Despite the prevalence of DDoS attacks, some still fail to consider the technical aspects of site security, despite the direct impact on their financial success.
If dealing with a DDoS attack, consider creating a minimalistic, static website with product descriptions and contact details to continue receiving orders, even if it's inconvenient without feedback forms or chat windows. The most direct method would be to host the temporary site on your own server, but it can also be hosted elsewhere, although DNS records may need to be updated and other potential delays may arise.
It is important to prioritize website or server security measures during development and gradually increase them to reduce vulnerability.
One critical security measure is ensuring the protection of program code through secure coding standards and software testing. This can help eliminate common errors and known vulnerabilities. Additionally, regularly updating software as part of the server can improve protection and prevent attackers from using old methods of attack.
Creating control points, such as recovery checkpoints and storage snapshots, can also help mitigate the damage caused by an attack. Restricting access rights through robust protection of administrator accounts and limiting the number of people with extended access rights is another critical step.
In addition, telecom operators can offer tools to change traffic routing schemes and allocate additional channels to increase bandwidth, providing an additional layer of protection. By taking these steps, website or server owners can minimize the risk of attacks and protect their business from potential financial loss.
I would take in response to the ongoing DDoS attack affecting the online store is to assess the current hosting provider's mitigation efforts. Understanding the specific nature of the attack, the measures taken by the hosting company, and the projected timeline for resolving the issue is crucial.
In parallel, I would begin the process of setting up a temporary website on a different hosting provider. When selecting the new hosting company, I would prioritize providers with a strong track record in DDoS protection and mitigation. Researching their infrastructure, network security protocols, and available tools for handling DDoS attacks is paramount in ensuring a successful transition.
With the new hosting provider identified, I would discuss the recent DDoS attack with them and ensure that they have robust measures in place to prevent a recurrence of similar incidents. This may involve implementing a web application firewall (WAF), utilizing a content delivery network (CDN), and having the capacity to absorb and mitigate DDoS traffic.
For the temporary website, I would create it using a temporary domain or subdomain provided by the new hosting company. This would allow for the swift establishment of a functional online presence for processing orders and maintaining customer engagement while the original domain name transfer is underway.
Communicating with the new hosting provider to secure the necessary resources and support for the temporary website is essential. Additionally, implementing security best practices on the temporary website, such as strong access controls, SSL certificates, and ongoing monitoring, would be crucial to safeguarding customer data and maintaining trust.
During this challenging period, clear and transparent communication with customers is imperative. I would craft tailored messaging for email communication, social media updates, and potentially a temporary landing page on the original website to inform customers about the situation, the steps being taken to mitigate the impact, and any changes in the online shopping experience.
While the domain transfer process may introduce a degree of complexity due to the associated timelines and potential DNS propagation delays, prioritizing the operational stability of the online store during this period is paramount. Once the DDoS attack is resolved and the domain transfer is complete, the temporary website can be seamlessly redirected to the original domain, ensuring minimal disruption to the customer experience.