I noticed a strange issue on one of my cloud hosting servers in the UK, where one of my sites was hit by a DDoS attack, causing many other sites on the same server to slow down or not load at all. I disabled the attacked site, which temporarily alleviated the issue, but the performance problems persisted. I'm unsure if the DDoS and the slow site performance are related.
Here's what I've tried: I attempted to block all sites not tied to an account on my server through Apache, but that didn't solve the problem. I've noticed some domains are draining massive amounts of bandwidth—around 350GB a month—most likely due to crawlers, including some from AI services. I'm planning to block these domains and add a robots.txt to restrict AI crawlers as well.
Is the DDoS attack targeting my server's IP? The host says they've blocked the problematic IPs, yet the performance issues continue. Every time I re-enable the attacked site, there's a sudden spike in traffic. Any insights or suggestions would be greatly appreciated, as it looks like a long Friday ahead for me!
3 Answers
I strongly suggest implementing a CDN like Cloudflare ASAP. That way, your server's IP won't be directly exposed in any DNS records, and all traffic can be routed through the CDN. This not only boosts your response times but also adds layers of DDoS protection.
Yeah, those costs can be a dealbreaker for many. Still, it might be worth explaining the benefits to your clients. Some might understand the necessity for robust protection.
You might want to check for any rogue DNS records or misconfigured CNAME entries leading to your server. These could be causing the slowness and excessive bandwidth usage even after the DDoS’d site was disabled.
Got it, but the domains pointing to my server aren't mine, and I can't modify their DNS. It seems like instead of handling these with a 503 error, they're routing traffic to the next site on my server. I've scanned through the settings in WHM/cPanel but couldn’t find a way to change that default behavior.
That makes sense. It can be tough dealing with misconfigured DNS from external sources. Keep digging into the settings, and if needed, consider reaching out for specialized help.
Even if you’ve disabled sites, if there’s a domain pointing to your server, the incoming traffic might still hit you. It's practically the same as being DDoSed directly. To really safeguard your network, you need standard DDoS protections in place on your server.
I thought about that. Given how much I pay for the hosting, I assumed my host would help with DDoS protection. Is it up to us to manage that?
Often, it is a shared responsibility. Your host might offer some basic protections, but having additional layers implemented on your end is a good practice.
We did look into that, but the costs were sky-high—about £200 per website! While I agree it could solve a lot of issues, I’m not sure clients will be willing to foot that bill.