Surviving a DDOS attack

Originally published at Benfell Blog. Please leave any comments there.

It appears I brought some trouble on myself by starting this social network.

Initially, I allowed potential users to register through an on line form, but recognizing the potential for abuse, I moderated these registrations. Within six hours–and you’ll find others who have had a similar experience–I was getting fairly blatant spammer registrations. I deleted the accounts, of course.

As this went on, I came to realize that I was going to spend a great deal of time reviewing and deleting these registrations. So I made the site invitation-only. Any authenticated user of this site may invite others and that’s how people will get in.

At some point I started noticing serious server performance issues, particularly after I posted an entry. (Guess what I’m about to do as I write this?) Watching the logs, it became apparent that my server was getting slammed by bots. Some of those bots are legitimate search engine bots that offer advice on how to reduce or eliminate their impact if you just click on the link that appears in the log file. Some of those bots were not legitimate–even if they offered advice on how to modify robots.txt, they didn’t honor the requests therein.

I eventually found Drupal’s Bad Behavior module. It seems to be working, though the only way I knew was that as bot activity seemed to drop, it became apparent that I was under a distributed denial of service (DDOS) attack on my mail server. (Both my mail and web server are on the same Linode.)

My Linode is the smallest (and cheapest) they’ve got. It’s what I can afford. So it doesn’t take much of a DDOS attack to flatten it. But I have now reconfigured my mail server both to dispense of spammer connections instantly and to limit the connections they can make.

While I was there, I fixed some things so my mother can use her email address on my server if she needs to ditch her crappy ISP (Comcast).

I’m receiving mail (though I bounced some last night because I forgot I needed to stop my fetchmail cron job while I had postfix down) and my server now seems a lot more responsive. I’m hoping that’s the end of it.