I am under DDoS. What can I do?

Posted by Falcon Momot on Server Fault See other posts from Server Fault or by Falcon Momot
Published on 2013-08-19T09:14:58Z Indexed on 2013/11/06 3:58 UTC
Read the original article Hit count: 399

Filed under:

This is a Canonical Question about DoS and DDoS mitigation.

I found a massive traffic spike on a website that I host today; I am getting thousands of connections a second and I see I'm using all 100Mbps of my available bandwidth. Nobody can access my site because all the requests time out, and I can't even log into the server because SSH times out too! This has happened a couple times before, and each time it's lasted a couple hours and gone away on its own.

Occasionally, my website has another distinct but related problem: my server's load average (which is usually around .25) rockets up to 20 or more and nobody can access my site just the same as the other case. It also goes away after a few hours.

Restarting my server doesn't help; what can I do to make my site accessible again, and what is happening?

Relatedly, I found once that for a day or two, every time I started my service, it got a connection from a particular IP address and then crashed. As soon as I started it up again, this happened again and it crashed again. How is that similar, and what can I do about it?

© Server Fault or respective owner

Related posts about ddos