- Go Hiking
- Get Involved
- Be Informed
- Trail Store
- Our Community
- About Us
DDOS attack January 2014
On January 20th, our server crashed due to overload and this turned out to be our first indication that we were the target of a Distributed Denial of Service attack (DDOS) on our site. Our website runs on a dedicated machine provided by A2hosting, who provide technical support to keep the machine running and secure. They analyzed the crash and reported that it was caused by a DDOS attack. They suggested, and we assisted in implementing, several ways of mitigating the attack. As things progressed, we instituted additional changes to fend off the attack and help prevent another one from occurring.
The first step we took was to install CloudFlare as a front end to our website. CloudFlare can handle much larger loads than our small server. Moreover, it sorts though all the incoming requests and throws away any coming from sources that it suspects are malicious. If for some unlikely reason your machine is flagged as suspicious, you may get prompted to respond with a CAPTCHA, a simple check to prove that you are a human and not a bot (short for roboot).
CloudFlare is also a Content Distribution Network (CDN) and serves as a front end cache of our webpages. This results in a faster website because it eliminates the time and effort our machine uses to dynamically construct every page from a database. CloudFlare stores the constructed pages in its cache and serves it directly to the end user. That saves processing time on our machine, so our site can handle more simultaneous users. In addition, they have caches around the world and deliver webpages to your computer from the nearest one (Newark in our case). It is closer, and hence responds faster (by a few milliseconds), than A2hosting in Michigan where our machine is located.
Analysis of the attack indicated that a large percentage of the traffic was coming from Russia, China and a few other countries. As a result, A2Hosting further put into place specific rules to limit requests from these countries, where we probably have no legitimate users. Once we are sure the attack is over, we can remove these rules and again allow traffic to our server from these countries. Even with these requests blocked, there are still many other countries providing unwanted traffic. But it is traffic that we can handle, approximately the same amount the search engines use indexing our website for Google, Bing, Yahoo, etc.
It should be pointed out there were no privacy or security issue related to the attack only denial of service.
As of January 24, 2014 12:00pm we think the attack is over and we are operating normally.