I woke up on Monday to discover that I wasn’t getting email on either my personal or business e-mail accounts. On top of that, my corporate website wouldn’t come up. All of this is on the same server that’s located in a datacenter in the southwestern US, so I tried to log onto the server. I could do so, but it was very slow in responding which is unusual. I started to poke around for a bit and decided to check the network traffic that was coming into the server. I soon discovered that a massive amount of network traffic was being aimed at this server. I quickly concluded that I was the victim of a Distributed Denial Of Service attack.
A DDoS is an attack method used to deny access for legitimate users of an online service. This service could be a bank or e-commerce website for example. Or in my case, my e-mail and web server. What the attacker does is use a non-trivial amount of computing resources, which they either built themselves or, more commonly, by compromising vulnerable PC’s around the world, to send bogus traffic to a site. If the attacker sends enough traffic, legitimate users of a site can’t be serviced.
So, the real question is how do I fight back? I first phoned the datacenter’s operations center to ask for their assistance. While they were aware of what was going on, they couldn’t stop it because they didn’t know how to deal with this sort of thing. Now, I kind of knew that when I first put in this server back in the late 2000’s and at the time it was a non issue as I never thought I would be the target of a DDoS attack. But now that I am the victim of one, I am rethinking whom I host my e-mail and web server with.
Seeing as the datacenter’s operations center wasn’t going to help, I escalated to the manager who ran that group. He was very responsive and started to look at the perimeter of their network. At the same time, I started to look at my server to see if there any exploits that they were leveraging. In my case there wasn’t anything serious to find. And what I did find, I patched to make sure it wasn’t an issue. In their case, they did something called over provisioning bandwidth. I had a 10 Mbps connection from that server to the Internet. That’s usually all you need for low volume e-mail and web traffic. They boosted it to a gigabit connection to get breathing room so that the server could operate. Now this turned out to be a fix that lasted a couple of hours as whomever was attacking me increased the amount of bogus traffic going to my server. The next thing that they did was engage a DDoS specialist. Now I do not know the specific company that they engaged, but what these companies do is use a variety of techniques to absorb the inbound bogus traffic so that the server who is under attack doesn’t have to. It sounds simple, but it’s actually a very complex operation that can sometimes take days to execute. In my case, it took almost two days before they were able to get me back online. I’ve also managed to stay online as well which is a good thing. If you want to get an idea of what these companies do, click here to see what Cloudflare who is the best in the business keep websites and servers online.
Now that I am back in business. There are some outstanding items. First of all I need to beef up the defenses on my server to stop this from happening. There are a variety of tools, devices and techniques that I can use to not be a victim of this sort of attack in the future. The other thing that I am doing is trying to figure out who attacked me. As I speak, data was collected on where this bogus traffic was coming from, which will hopefully lead to who was behind this. As for why I was attacked. I have no clue. Sometimes people will do this sort of thing because they are bored. Or they do this to make a point because they are “hacktivists”. Or there’s an economic reason (as in we’ll stop doing this attack if you pay us). Since I have not been contacted by whomever did this, I have no clue. At the end, it doesn’t really matter as any info related to this that points to someone will be turned over to law enforcement. I just have to focus on making sure that this never happens again.
Like this:
Like Loading...
Related
This entry was posted on May 4, 2016 at 9:34 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Two Days Of Hell Thanks To A DD0S Attack
I woke up on Monday to discover that I wasn’t getting email on either my personal or business e-mail accounts. On top of that, my corporate website wouldn’t come up. All of this is on the same server that’s located in a datacenter in the southwestern US, so I tried to log onto the server. I could do so, but it was very slow in responding which is unusual. I started to poke around for a bit and decided to check the network traffic that was coming into the server. I soon discovered that a massive amount of network traffic was being aimed at this server. I quickly concluded that I was the victim of a Distributed Denial Of Service attack.
A DDoS is an attack method used to deny access for legitimate users of an online service. This service could be a bank or e-commerce website for example. Or in my case, my e-mail and web server. What the attacker does is use a non-trivial amount of computing resources, which they either built themselves or, more commonly, by compromising vulnerable PC’s around the world, to send bogus traffic to a site. If the attacker sends enough traffic, legitimate users of a site can’t be serviced.
So, the real question is how do I fight back? I first phoned the datacenter’s operations center to ask for their assistance. While they were aware of what was going on, they couldn’t stop it because they didn’t know how to deal with this sort of thing. Now, I kind of knew that when I first put in this server back in the late 2000’s and at the time it was a non issue as I never thought I would be the target of a DDoS attack. But now that I am the victim of one, I am rethinking whom I host my e-mail and web server with.
Seeing as the datacenter’s operations center wasn’t going to help, I escalated to the manager who ran that group. He was very responsive and started to look at the perimeter of their network. At the same time, I started to look at my server to see if there any exploits that they were leveraging. In my case there wasn’t anything serious to find. And what I did find, I patched to make sure it wasn’t an issue. In their case, they did something called over provisioning bandwidth. I had a 10 Mbps connection from that server to the Internet. That’s usually all you need for low volume e-mail and web traffic. They boosted it to a gigabit connection to get breathing room so that the server could operate. Now this turned out to be a fix that lasted a couple of hours as whomever was attacking me increased the amount of bogus traffic going to my server. The next thing that they did was engage a DDoS specialist. Now I do not know the specific company that they engaged, but what these companies do is use a variety of techniques to absorb the inbound bogus traffic so that the server who is under attack doesn’t have to. It sounds simple, but it’s actually a very complex operation that can sometimes take days to execute. In my case, it took almost two days before they were able to get me back online. I’ve also managed to stay online as well which is a good thing. If you want to get an idea of what these companies do, click here to see what Cloudflare who is the best in the business keep websites and servers online.
Now that I am back in business. There are some outstanding items. First of all I need to beef up the defenses on my server to stop this from happening. There are a variety of tools, devices and techniques that I can use to not be a victim of this sort of attack in the future. The other thing that I am doing is trying to figure out who attacked me. As I speak, data was collected on where this bogus traffic was coming from, which will hopefully lead to who was behind this. As for why I was attacked. I have no clue. Sometimes people will do this sort of thing because they are bored. Or they do this to make a point because they are “hacktivists”. Or there’s an economic reason (as in we’ll stop doing this attack if you pay us). Since I have not been contacted by whomever did this, I have no clue. At the end, it doesn’t really matter as any info related to this that points to someone will be turned over to law enforcement. I just have to focus on making sure that this never happens again.
Share this:
Like this:
Related
This entry was posted on May 4, 2016 at 9:34 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.