DEV Community

Cover image for How to mitigate a DDoS attack on a small server
Víctor Falcón
Víctor Falcón

Posted on • Originally published at developerjoy.co

How to mitigate a DDoS attack on a small server

#ddos #security

MetricsWave was the target of a DDoS attack.

It receives about 750k requests per hour for 8 hours.

I don't know what the goal was; I guess it's what happens when you share your projects publicly, but now the service is faster and more stable than ever!

Let me tell your how I did it.

DDoS Attack Numbers

Server CPU usage during the attack

I don't have the exact numbers, because the server was not ready before this, but it seems that from 8 am to 18 pm the web was receiving about 750k request per hour from a single IP.

That's about 7.5 M request in 10 hours.

Request per minute since we got metrics

I know it's not too much for a big server, but take into account that MetricsWave still run in a relative small server with a simple config.

The good news is the app keep alive during the hole day and we were able to manage all the traffic, registering all the events and visits from our users pages.

Slow loading was experienced for a few hours, but the service was up at all times.

A part from that, we did some improvements and now the site is faster than ever.

How we blocked the IP

At the beginning we try to add a block on our side by the type of request and the IP, but it was not enough.

The damage one our server was mitigated but we still need to process each request and do some checks before rejecting it.

The final solution was to install Cloudflare in front of our server.

With this, I'm able to reject all the malicious requests before they even reach our server, so we can keep the CPU usage and memory healthy.

Improvements We Did

Also, it was a good opportunity to make some improvements

With this huge amount of traffic, I was able to identify some slow queries and repeated processes that we can avoid.

We improved our dashboard queries and cached some of the ones that do not change much, and we can even invalidate the cache when they do.

Now the dashboard load time is reduced by almost a 50%.

Also, with Cloudflare, now we can cache some static pages like the landing page, or some resources like the visits.js script among others.

I still haven't been able to figure out what the objective of this attack is.

I don't understand what anyone wants to achieve by doing something like this, but oh well.

I guess that's what happens when you share your projects in public.

Top comments (0)

Read next

hamza_nasir_06a03aac148a4 profile image

Implementing an AWS Client VPN Solution

Hamza Nasir -

oussamabouyahia profile image

How to Ensure Your Full Stack JavaScript Apps Meet Security Standards

Oussama Bouyahia -

palomino profile image

Opaque token vs JWT

Palomino -

exein profile image

Pulsar preventing vulnerabilities #1 — polkit (CVE-2021–4034)

Exein -