How to Survive a 48 Hour Layer 7 DDOS Worldwide Botnet Attack

How to Survive a 48 Hour Layer 7 DDOS Worldwide Botnet Attack

Martin Starkie Online Security, Server Side & Web Technical, Web Specialists Blog

Hacks happen. That’s part and parcel of the online world nowadays. Initial prevention is, of course, the best line of defence, but if an adept hacker still manages to slip in through the cracks, you need to understand how to battle back.

At CMS Live, we know what it takes to quell even the most sophisticated kind of onslaughts, and earlier this year we successfully fought off a 48-hour layer 7 DDOS worldwide botnet attack on one of our hosted websites.

Initially, the problem appeared to be relatively basic. A layer 3 & 4 DDOS attack was flagged as it attempted to overwhelm the firewall, server hardware and OS. But as the network system admins picked up the load and started to rate-limit requests, the attack quickly morphed into a layer 7 application, with thousands of single URL requests from unique IP, ASN and countries.

Defending against an intelligent enemy

After six hours, the botnet increased its payload, and we were forced to re-think our defensive strategy. The Cisco hardware firewall was becoming saturated due to the heavy traffic, so we decided to temporarily re-route to a new IP address for our customers URL. This botnet was an intelligent adversary, and within sixty minutes it discovered what we were doing and followed us to the new IP, pushing traffic with various real-time DNS lookups and more simultaneous requests.

Evidently, specific DDOS Protection on a larger scale was required. After re-routing the DNS through the DDOS platform, we realised the severity of this smart attack, as the platform handled over 1.2 billion requests and over 5.47TB in bandwidth in under 24 hours.

The botnet DDOS lasted almost 48 hours to the minute, which is a real rarity, as many botnets are typically active for between 15 and 30 minutes. This is usually enough time for the attacker to take a website or server offline, or flood pages with harmful data that slows speeds down to a crawl, so a two-day blitz was indicative of an unusually adroit and determined hack.

Once the Advanced DDOS Protection was in front of the hardware firewall and dedicated server, we continued with business as usual, operating this server under normal load. This was such a success that site visitors and customers didn’t notice a hint of trouble at any point during the defensive process. We were being hit with over 1.2 billion web requests containing over 5.5TB of bandwidth, but thanks to the Advanced DDOS Protection, the user experience and integrity of the website were never compromised, and nobody was ever put in any danger.

Botnet attacks are on the rise thanks to the low costs of hacker-hiring, but with a knowledgeable defence team guarding your website, you’ll never have to worry about your server falling – no matter how intelligent the DDOS may be.

Get in touch today

If you’d like to learn more about how to keep our websites safe, or what we can do to help, give us a call

Share this Post