Date: 17 August 14
Code Name: DDOS-X
We are now almost 2 weeks on from the start of this major attack on the site. We’ve successfully mitigated it and with technologies and services we now use, should be protected from future attacks. The attack is still probing the site at a rate of approx 10% of our total DNS requests per day… this is fairly large – however our DNS proxy is blocking most of these attacks.
Further to this, it is important to note that, this avg 10% is up from just 2% in June … a massive jump and obviously something we will be keeping an eye on.
We’ll keep posting updates as required.
Date: 05 August 14
Code Name: DDOS-X
Further update via https://seoandy.net/latest-news/seoandy-ddos-august14/
Date: 04 August 14
Code Name: DDOS-X
=================Background===================
Over the past few weeks SEOAndy has been the subject of a number of direct Denial of Service Attacks. These attacks are nothing new for the site which has been secured from such attacks for a number of years, and this was upgraded just a few months ago.
However over the past few weeks we’ve had a larger spate than usual, last weekend and today though we’ve seen the DOS attacks become Distrubted (DDOS).
- http://en.wikipedia.org/wiki/Denial-of-service_attack
The one aim of such attacks is to prevent users, such as yourself, from reaching the website – and where possible to force access to the administration system for various means.
At this point we want to assure you that the data we do collect about you, our friends, your email has not been comprimised due to security systems within the website. We also don’t store more than 100 emails within the SEOAndy website also for this reason – ultimately, We care about you and your data.
==============What We Are Doing===============
In total we’ve had a few hours down time over the past 2 weeks, this for us is a huge amount. We are used to an hour maybe once every 6 months for various reasons, but the 3 or 4 hours we’ve had recently is big for us and a concern.
Over the past few months we’ve implemented the following steps:
1. CloudLinux – allowing us to lock down server resources such that only the biggest DOS could bring down the whole server. Thus securing other sites and limiting damage within the server.
2. Loading Files via a CDN – we now use a content deliver network to deliver website files (such as images and javascript), this means the files are pretty hard to attack, but also that they load much much faster (win, win).
3. Hardened the WP Install – we’ve continued out process of reducing the surface attack area of wordpress (which can be fairly large due to the size of the site). This will be on going work to prevent future possible attacks.
4. Changed the Firewall – We have now implemented a new firewall system. The new firewall is special in that it is built for the purpose of protecting wordpress from DOS (and other) attacks. This firewall came online an hour ago and has so far blocked 100 unique IP’s from requesting files which are commonly part of a DOS and should only be used by administrators.
================Going Forward=================
As of this moment we are still feeling the tail-end of this DDOS. Ultimately, we believe that we will be attacked again – but we are pretty sure we won’t be hit by downtime as we have in the past few weeks.
There is an old saying online that says “if you site has been attacked, you’re doing something right” – and with that sentiment, I can assure you SEOAndy will not be disappearing from the web.
In the next week or so, once everything settles down, I will write a post about what has happened and how these issues have been resolved – many have requested this, so it will be done.
Finally, I’d like to thank you for your support at this time. It’s awesome to know that SEOAndy has such amazing fans as you are.
Wishing You Well
Andy Kinsey
Founder of SEOAndy
tweet: @andykinsey