Get the most out of your Centmin Mod LEMP stack
Become a Member

Forum DDOS Attacked - Linode null routed

Discussion in 'Forum News' started by eva2000, Apr 18, 2016.

Thread Status:
Not open for further replies.
  1. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,567
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,747
    Local Time:
    7:57 PM
    Nginx 1.13.x
    MariaDB 5.5
    I experienced first hand my first ever DDOS attack in the 16+ yrs I have been running servers. Very bad timing wise as my mother will be undergoing quad bypass heart surgery soon so mental energies are partially elsewhere.

    The DDOS Attacks



    Approximately 16 hrs ago, the forum's hosting provider, Linode had to null route the forum server's IP address due to a DDOS attack which network traffic size was beyond what was acceptable to Linode as it would impact other Linode VPS servers.

    This attack originally started another 7-9 hrs prior to being null routed and was the second of such attacks. The first was approximately 2 days earlier. Both attacks seem to be wordpress pingback DDOS attack with between 4k to 10k compromised and/or wordpress pingback enabled wordpress blogs with the target being my forum's server at Linode. The second attack was much larger, and from what I could see was around 1.5Gbps in size before Linode null routed my forum server's IP address.

    The Wordpress pingback DDOS attack profile for logged Nginx hits on a per minute basis had around up to 55,000 hits per minute. This was prior to being null routed

    access-log-hits-chart-2.png

    Up to 1.5Gbps inbound and peak of 200k packets/second was measured on my end. It could of been higher by the time Linode null routed but can't confirm. Linode network has 40Gbps in support, but for my mid size Linode plan, probably 1.5Gbps was beyond what Linode can accept despite my 4GB Linode only running at 37% cpu utilisation and <50% memory utilisation throughout the attack due to measures I put in place at Nginx and CSF firewall levels on the server.

    linode-longview-network-1041am-00-inbound.png

    Dealing with DDOS Attacks



    I guess it was a matter of when and not if I would experience a DDOS attack myself. I've ran the situation through my mind many times as to what I would do. The gist is I will not be forking out larger amounts of $$$ for DDOS protection beyond what the site makes in return in terms of incoming revenues.

    Paying $100s or $1000s per month for DDOS protection which may go unused for majority of a 12 month period would be wasting thousands of dollars per year for a site which makes little in return. Centmin Mod only has incoming revenues from Adsense advertising, web hosting affiliate commissions, Paypal Donations and Premium Use Membership options. All of which don't make enough to cover such elaborate DDOS protections right now.

    Whichever DDOS protections I do decide on will be within the budget I can afford based on the incoming revenues that Centmin Mod has. However, with my mother undergoing major heart surgery soon, understandably my mental energies are elsewhere.

    If folks have suggestions for DDOS protection etc, best to privately start a conversation with me on the forums rather than post them on the forums for the attackers to see.

    George
     
    Last edited: Apr 18, 2016
    • Friendly Friendly x 4
    • Like Like x 1
    • Dislike Dislike x 1
    • Optimistic Optimistic x 1
Thread Status:
Not open for further replies.