Weather the storm, do not pay the extortion. Most of these guys are shake down artists and when they realize there is not going to be a payout, they will move on to their next victim. Many of them are using rented botnets and dont want to waste their own money on a non payer, unless of course you do pay up, if you do that then they will keep at it and share/sell your info to others, things will get much worse.
From that page: "you should contact law enforcement if your organization received a threat prior to the attack, or received a demand for money in return for not being attacked"
saluki 1615 days ago [-]
One of my clients came DDoS attacks every summer three years in a row, we said we were going to print up T-shirts for the annual event but they stopped this year.
We setup copies of the site so we could quickly rotate it to new IPs during the attack and signed up for the CloudFlare business plan for a month or two during the attacks every year.
This kept the site up for us. We also posted a message on the home page so our users would know what was going on.
We were able to use under attack mode without it affecting the site too much.
Good luck riding it out.
sarcasmatwork 1615 days ago [-]
Prolly exploiting a known vulnerability. Have you patched and rebooted all of your systems? Removed accounts that you dont use? Change pw's to everything?
Windows or Linux systems?
You can do some mitigation with iptables in linux.
>He has proved that he can by taking our sites offline for a minute.
What did this person take down exactly? The web server, or did he reboot the system?
sigmaprimus 1615 days ago [-]
The fact that cloudflare was defeated shows it was a ddos and not a reboot. Most likely a bot net rented with BTC and nothing more than a fishing expedition. Unless they are being targeted for some other reason than money the problem will go away.
CloudNetworking 1615 days ago [-]
> The fact that cloudflare was defeated shows it was a ddos and not a reboot.
How?
sigmaprimus 1615 days ago [-]
It shows that it was a DDos simply by the fact that is what Cloudflare does? Protects against DDos attacks? IDK maybe your right, I supposed they could have spoofed a DDos using a small botnet and simultaneously rebooted the servers. That would require a level of sophistication but certainly possible.
thomasfromcdnjs 1615 days ago [-]
They simply hit one of our url's, and we could put url's on that but they could just hit one of many.
Our system is scalable but we also don't want to scale indefinitely because of the attacks.
thomasfromcdnjs 1614 days ago [-]
Update:
Three different people from Cloudflare reached out to resolve the problem. They are awesome!
From that page: "you should contact law enforcement if your organization received a threat prior to the attack, or received a demand for money in return for not being attacked"
We setup copies of the site so we could quickly rotate it to new IPs during the attack and signed up for the CloudFlare business plan for a month or two during the attacks every year.
This kept the site up for us. We also posted a message on the home page so our users would know what was going on.
We were able to use under attack mode without it affecting the site too much.
Good luck riding it out.
Windows or Linux systems?
You can do some mitigation with iptables in linux.
>He has proved that he can by taking our sites offline for a minute.
What did this person take down exactly? The web server, or did he reboot the system?
How?
Our system is scalable but we also don't want to scale indefinitely because of the attacks.
Three different people from Cloudflare reached out to resolve the problem. They are awesome!