Identified the origin of the DDoS attack. Apparently, the person was just hopping through 3 IPs so looked like a targeted attack likely from a competitor. I sent the logs with incident notification to the abuse@hostprovider.com to ask them to suspend them.

Got a prompt response but took them a week to suspend this.

We were a very small team and had to stop everything to fix this-iptables and firewall etc.

We had not even launched the product and was still under development.

  • 2
    Once any ddos reaches your hardware it is pretty much game over, could have set e.g. cloudflare up (if the ports you need allow that) and have a much easier time, since most hostings don't have proper ddos routing and just nullroute you if shit hits the threshold.
  • 0
    Set up fail2ban should help you out if you fine tune it along with a WAF such as cloudflare or AWS
Add Comment