Web attacks

All of my blogs were down yesterday and I spent several hours scrambling to get things back up.

Someone started attacking the Contact Us page on one of my other blogs. I got over 76,000 spam emails from it, but the larger problem was that the page accesses were coming so fast that they blocked any legitimate traffic to my web sites (they’re all hosted under the same account). My web hosting company, vps.net, throttles the number of emails the site can send, but that number wasn’t enough to keep me from being inundated by spam, and it didn’t take any load off the site.

It wasn’t just one computer doing this. Analysis showed over 500 different IP addresses participating in the attack. (All of the ones I checked were from China.) Software on my sites blocks excessive accesses by a user, but this was hundreds of them, individually not over the limit, but collectively devastating.

To fix this, I had to put the site offline using tools outside the normal web interface. I deleted the contact form, and put a deny rule in place so that the web server won’t even pass a request for that page to my site. I replaced the contact form on all my sites with one protected by reCAPTCHA so they won’t appear ripe for abuse.

The analysis and repair was a huge effort, and the sites were down for half a day before I was even aware of it. Someone with less experience than I would probably have had to pay a consultant to fix things, and it might have taken days. As it was, my web hosting account was 40 minutes away from being disabled because of all the spam. My point is that these attacks are a big problem, and one that needs to be fixed at a higher level than the individual blogger like me.

[Update]: It happened again, only worse. Starting around the end of December, 2017, I was hit by a hotlinking attack. A web page embedded images from several sites including one of mine and then started accessing that page. In fact over 4,000 different IP addresses accessed that page, some as many as 17,000 times. I found that the IP addresses were from Amazon Web Services across the world that hosted a site uptime testing service.) The result was that I ran out of bandwidth and my host, vps.net, shut all my sites down. This resulted in a multi-day outage because my hosting plan was frozen until I upgraded the account to pay for more bandwidth. In this instance the ultimate solution was to block hotlinking altogether.

As part of the solution, I moved all my sites to another hosting company that doesn’t have a bandwidth limit on the account.

About Kevin

Just an old guy with opinions that I like to bounce off other people.
This entry was posted in Technology and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *