Víctor Falcón
Posted on November 21, 2024
MetricsWave was the target of a DDoS attack.
It receives about 750k requests per hour for 8 hours.
I don't know what the goal was; I guess it's what happens when you share your projects publicly, but now the service is faster and more stable than ever!
Let me tell your how I did it.
DDoS Attack Numbers
I don't have the exact numbers, because the server was not ready before this, but it seems that from 8 am to 18 pm the web was receiving about 750k request per hour from a single IP.
That's about 7.5 M request in 10 hours.
I know it's not too much for a big server, but take into account that MetricsWave still run in a relative small server with a simple config.
The good news is the app keep alive during the hole day and we were able to manage all the traffic, registering all the events and visits from our users pages.
Slow loading was experienced for a few hours, but the service was up at all times.
A part from that, we did some improvements and now the site is faster than ever.
How we blocked the IP
At the beginning we try to add a block on our side by the type of request and the IP, but it was not enough.
The damage one our server was mitigated but we still need to process each request and do some checks before rejecting it.
The final solution was to install Cloudflare in front of our server.
With this, I'm able to reject all the malicious requests before they even reach our server, so we can keep the CPU usage and memory healthy.
Improvements We Did
Also, it was a good opportunity to make some improvements
With this huge amount of traffic, I was able to identify some slow queries and repeated processes that we can avoid.
We improved our dashboard queries and cached some of the ones that do not change much, and we can even invalidate the cache when they do.
Now the dashboard load time is reduced by almost a 50%.
Also, with Cloudflare, now we can cache some static pages like the landing page, or some resources like the visits.js
script among others.
I still haven't been able to figure out what the objective of this attack is.
I don't understand what anyone wants to achieve by doing something like this, but oh well.
I guess that's what happens when you share your projects in public.
Posted on November 21, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.