A couple of days ago, you may have noticed that our website was offline. The site itself was still running (the servers were still up), it was just that our domain registrar, 123-reg had suffered a Distributed Denial of Service (DDoS) atttack, which they attempted to stop by making various changes to their core network configuration.
Now, as most people know, there really isn't much you can do to stop a DDoS attack, as it is usually impossible to distinguish the attack traffic from your normal legitimate users traffic. Any attempt you make to block what you feel to be malicious traffic may inadvertently prevent legitimate users from accessing your services.
The Problem With DDoS Mitigation
Attempting DDoS mitigation yourself, by altering firewall and IDS rules in an attempt to detect and block the mass of malicious traffic hitting your servers is a fruitless exercise, and is quite likely, as it did to 123-reg, to help the attackers by preventing your services from being accessed by legitimate users. Now 123-reg took the step to block access to their network from the IP addresses they identified as being part of the attack, however, this also prevented people from accessing their DNS servers, where the details of the IP addresses that each website or mail server is located at were contained.
The result? No one could access any website that used 123-reg as their name servers! Including ours.
CloudFlare to the Rescue
CloudFlare operates a network of name servers, and web caches that attempt to protect your website from known threats by using the combined knowledge of every attack launched against websites they host the DNS for.
Should a website come under attack, all the other websites protected by CloudFlare will have the malicious traffic blocked automatically, while still allowing legitimate users access.
Their caching feature even keeps your website online should your server fail, by serving a cached copy of your most popular pages, identified by the number of requests CloudFlare has received for them.
Their protection doesn't end there however, they will even present a CAPTCHA challenge to users who are acting suspiciously in order to prove that they are real users!
For more information about CloudFlare and their services, visit www.cloudflare.com. Their basic plan is Free, however, if you need advanced functionality, such as SSL support, or more frequent analytics (the free account's data is generated every 24 hours), their Pro account starts at $20/month for the first domain, and $5/month for each domain after that.
Leave a Reply