• LOGIN
  • No products in the cart.

Profile Photo

The Day We Faced A DDOS Attack on BlogsnClicks

Today just a few hours back  BlogsnClicks faced a massive DDOS Attack. The attack was massive and we survived. Today I felt like all my attention and investment to security and backups paid off. It was such a peace of mind. I’m sharing this information cause I’ve seen many Bloggers taking security and backups lightly. They rely on their Hosting provider to provide security and backups.


The Midnight Alert

Right now It’s 3:00am in the morning and the attack started somewhere after midnight and lasted a few hours. I normally work overnight and was finalising the key points for my next post. That’s when suddenly my mailbox started showing 60 unread emails. I had checked my emails a few minutes back and there was no reason to expect so many emails. Curiously I switched to Outlook and what I saw skipped a heartbeat.

Here’s what I saw –

ddos_alert
I just took the screen shot after deleting around 1600 of such DDOS attack. alerts.

There were simultaneous Login attempts to BlogsNclicks. I receive 5-10 such alerts every day. But today it was massive. By the time I was going through these emails I refreshed the mailbox and now outlook was receiving another 1600 emails.

DDOS_attack_alerts
The list was endless. Every refresh received another few hundred emails.

The next reaction was to check the Blog. The worst of the scenarios were spinning in the head. Will I be able to retrieve my Blog if it’s hacked, will I loose the data, what will happen to my search rankings etc. To my relief – everything was working as normal. I just can’t express what I went through in those few minutes. Wordfence was Blocking all fake Login attempts. Thanks to some simple configuration I had done after installing the plugin.

Wordfence-configuration
Wordfence Firewall Configuration that blocked all fake login attempts

The Reaction

The first thing I did after checking the website was – I logged into my CloudFlare CDN Account and just enabled the I’m Under Attack mode on the CloudFlare dashboard .

ddos3

The effect was simple. Cloudflare started verifying each and every request to the website and started showing an interstitial for five seconds before delivering the actual page.

cloudflare-protection-ddos-attack
Blogsnclicks.com after enabling the I’m Under Attack.

Within a few minutes, Cloudflare was taking care of the attack and only verified traffic was reaching the Website.

ddos-attack-log-worfence
Wordfence Log showing the attack wasn’t reaching the Site.

What Saved The Day For BlogsnClicks

logo

banner-772x250

I have always been a curious reader and had read a lot about securing WordPress, DDOS attacks, hacking attempts and other Blackhat tactics that are used by hackers and data thieves. My hosting provider  (Namecheap) has robust security setup, but I always like to be double sure. I had read through many blog posts about recovering from Hacked sites and the pain of recovering data and rankings. With all that research I wanted to be double sure and had zeroed in on Wordfence as my Security plugin and Cloudflare for content distribution and protection.

All that research had paid off today. Thanks to Wordfence and Cloudflarewe had repelled a massive attack.


Advice to Fellow Bloggers

After going through today’s experience, I would like to give one simple advice to my fellow Bloggers and newcomers –

 Never Ignore Security and Backups

Do not just rely on your Hosting provider to do these things for you. Even if it is offered by default, set your own second line of defence. If you don’t have much knowledge about DDOS attacks and its implications – here’s an article by Tony Perez from Sucuri   which deals with the Impacts Of A Hacked Website . Also, remember it’s not just data that you’re gonna lose (which can be recovered if you have regular Backups), you will also loose your rankings for a long term. I will share with you this excellent post by Matt Morgan from Search Engine Watch that shows how search engine rankings of hacked websites get affected.

So How To Secure Your Cherished Dream

  1. Choose your Hosting Provider wisely – (Here’s The Ultimate Guide To Web Hosting )
  2. Don’t rely on the Hosting provider for Security and Backups
  3. Install Wordfence or similar plugin which has an active firewall (even a free version works well)
  4. Use a CDN such as CloudFlare to deliver cached pages and protecting your website from unwanted bots.
  5. Use a professional Backup plugin. Go for the professional ones like BackupBuddy or Indeed Super Backup.
  6. Save an offsite copy of your Backup on the cloud – You can store it to Dropbox, Google Drive or Amazon AWS.
  7. Do not install Themes, Plugins or Scripts from unverified sources.
  8. Always keep your Plugins, Themes and WordPress Installation updated. (How a non-Updated Rev Slider plugin caused the Worlds Biggest Data Hack At Mossack Fonseca)
  9. Lastly, don’t just install the plugins – put some time to read the documentation and set the right options.

 


 

Off To You

This was an experience which proved me the importance of security and taught me the lessons without burning my fingers. It’s up to you now how you secure your Blog or WordPress site. But I would advise – Don’t get your fingers burned.

Stay Wise – Stay Safe 

No comments, be the first one to comment !

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright Xero Talent 2017
Stay Updated

Login

Register

Create an Account
Create an Account Back to login/register
X