My first DDoS attack for a $200 ransom

Roughly, a somewhat lackluster response to a somewhat lackluster DDoS attempt.<p>They tried blocking specific ip addresses, which didn&#x27;t work, because the attack was somewhat distributed. They then just turned on some caching, which allowed the site to function, albeit with an unknown excess bandwidth charge pending.<p>And, the DDoS itself can&#x27;t of been terribly impressive, as all it took to mitigate was a bit of caching. He mentions 10 requests &#x2F; sec as the scale of the attack.

The webpage[0] seems to be having issues. The best I could do was the Google cache[1] or the Markdown source[2].<p>[0]: <a href="http:&#x2F;&#x2F;lologhi.github.io&#x2F;symfony2&#x2F;2016&#x2F;04&#x2F;04&#x2F;DDoS-attack-for-ransom&#x2F;" rel="nofollow">http:&#x2F;&#x2F;lologhi.github.io&#x2F;symfony2&#x2F;2016&#x2F;04&#x2F;04&#x2F;DDoS-attack-for...</a><p>[1]: <a href="https:&#x2F;&#x2F;webcache.googleusercontent.com&#x2F;search?q=cache:J7lca_k5dWcJ:ghirardotti.fr&#x2F;symfony2&#x2F;2016&#x2F;04&#x2F;04&#x2F;DDoS-attack-for-ransom&#x2F;+&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us" rel="nofollow">https:&#x2F;&#x2F;webcache.googleusercontent.com&#x2F;search?q=cache:J7lca_...</a><p>[2]: <a href="https:&#x2F;&#x2F;github.com&#x2F;lologhi&#x2F;lologhi.github.com&#x2F;blob&#x2F;master&#x2F;_posts&#x2F;2016-05-04-DDoS-attack-for-ransom.md" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;lologhi&#x2F;lologhi.github.com&#x2F;blob&#x2F;master&#x2F;_p...</a>

This is an amazingly weak DDoS, put your site behind CloudFlare or similar free service and go take a nap. They&#x27;ll tank this without raising an eyebrow.

&gt; 40 cores [m4.10xlarge], but still unable to process 10 requests&#x2F;sec<p>my goodness.

Ummmm.... A cache layer for any web application is a must have, perhaps he could have avoided the attack all along if it were present on the system since day one?...<p>At least for this kind of attack, a more serious DDoS won&#x27;t be tamed by &quot;just adding cache&quot;

For next time you don&#x27;t want to have to copy and paste. No need for SED.<p>cat &lt;file&gt; | cut -d &#x27; &#x27; -f1 | sort | uniq -c | sort -nr

Apparently, it didn&#x27;t work. :)<p>Site not installed The site ghirardotti.fr is not yet installed<p>[Edit: it&#x27;s up now.]

Well, typical SLA for server side is 500 ms, then you have a chance to load a whole page under 3 seconds, which is recommended by google usability findings.<p>villa-bali is not even close to this, my bet that you (or your ORM) are making too many requests to database. Try to record ALL requests to database during page rendering and I bet you have about hundred. Check out following test results:<p>8 test agents: <a href="http:&#x2F;&#x2F;loadme.socialtalents.com&#x2F;Result&#x2F;ViewById&#x2F;57341f645b5f160adca6c1bc" rel="nofollow">http:&#x2F;&#x2F;loadme.socialtalents.com&#x2F;Result&#x2F;ViewById&#x2F;57341f645b5f...</a> - 5% of users have to wait more than 2 seconds 16 test agents: <a href="http:&#x2F;&#x2F;loadme.socialtalents.com&#x2F;Result&#x2F;ViewById&#x2F;57341f1a5b5f160adca6c19b" rel="nofollow">http:&#x2F;&#x2F;loadme.socialtalents.com&#x2F;Result&#x2F;ViewById&#x2F;57341f1a5b5f...</a> 5% of users need to wait for more than 4 seconds.<p>Definitely, any bot can nuke your website easily​.

How come the original post has 55 upvotes, but the karma of of original poster is only 18 (6:33 PM GMT)?

I wonder what would happen if GET &#x2F; only returned a redirect to somewhere (either an HTTP code or an HTML with window.location=&#x27;http:&#x2F;yoursite.com&#x2F;new_page&#x27;

&gt; 40 cores, but still unable to process 10 requests&#x2F;sec<p>Stopped reading after that.