How to mitigate a DDoS attack on a small server

victoor

Víctor Falcón

Posted on November 21, 2024

How to mitigate a DDoS attack on a small server

MetricsWave was the target of a DDoS attack.

It receives about 750k requests per hour for 8 hours.

I don't know what the goal was; I guess it's what happens when you share your projects publicly, but now the service is faster and more stable than ever!

Let me tell your how I did it.

DDoS Attack Numbers

Server CPU usage during the attack

I don't have the exact numbers, because the server was not ready before this, but it seems that from 8 am to 18 pm the web was receiving about 750k request per hour from a single IP.

That's about 7.5 M request in 10 hours.

Request per minute since we got metrics

I know it's not too much for a big server, but take into account that MetricsWave still run in a relative small server with a simple config.

The good news is the app keep alive during the hole day and we were able to manage all the traffic, registering all the events and visits from our users pages.

Slow loading was experienced for a few hours, but the service was up at all times.

A part from that, we did some improvements and now the site is faster than ever.

How we blocked the IP

At the beginning we try to add a block on our side by the type of request and the IP, but it was not enough.

The damage one our server was mitigated but we still need to process each request and do some checks before rejecting it.

The final solution was to install Cloudflare in front of our server.

With this, I'm able to reject all the malicious requests before they even reach our server, so we can keep the CPU usage and memory healthy.

Improvements We Did

Also, it was a good opportunity to make some improvements

With this huge amount of traffic, I was able to identify some slow queries and repeated processes that we can avoid.

We improved our dashboard queries and cached some of the ones that do not change much, and we can even invalidate the cache when they do.

Now the dashboard load time is reduced by almost a 50%.

Also, with Cloudflare, now we can cache some static pages like the landing page, or some resources like the visits.js script among others.


I still haven't been able to figure out what the objective of this attack is.

I don't understand what anyone wants to achieve by doing something like this, but oh well.

I guess that's what happens when you share your projects in public.

💖 💪 🙅 🚩
victoor
Víctor Falcón

Posted on November 21, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related