Mitigating DDOS to minimize SEO damage

Forum Moderators: open

Message Too Old, No Replies

Mitigating DDOS to minimize SEO damage

302 redirect?

darkroom

6:34 pm on Oct 16, 2020 (gmt 0)

Hey guys,

My company's site is under heavy DDOS attack and am wondering if we can 302 redirect the whole domain to a subdomain which is on a different server just to show users that we are active. In the process, is 302 redirect fine? Will we lose rankings for main domain by doing a 302 redirect till ddos attack is taken care of? If 302 will causes issues for rankings more so than the ddos attack, then we'll remove the redirect right now.

Many thanks in advance.

[edited by: darkroom at 7:20 pm (utc) on Oct 16, 2020]

Steven29

6:58 pm on Oct 16, 2020 (gmt 0)

Wouldn't the DDOS attack just follow the redirect? Does it follow cookies?

Why not add the second server ip address into the regular DNS to give the website more power?

Here is something I would try, instead of redirecting to a subdomain. You may need to adjust your firewall to stop connections after x hits in x time.

if(!$_COOKIE['DDOS']){
//usleep(1000);
setcookie('DDOS', '1', time()+(60*60*6), "/", $_SERVER["HTTP_HOST"]); //6 hours
header("Location: ".$_SERVER['REQUEST_URI'], 302);
//include('mybotmetarefreshpage.php');
die();
}

darkroom

7:01 pm on Oct 16, 2020 (gmt 0)

Thanks for your reply Steven. I believe the redirect is being done at the cloudfare level. The subdomain seems to be fine and the primary server has tons of power. Worried about if the 302 redirect the whole domain to sub domain will impact rankings till ddos attack is taken care of.

not2easy

7:44 pm on Oct 16, 2020 (gmt 0)

A 302 is clearly a temporary change and though I have never done that, it is because I haven't been in your shoes. I've only dealt with abusive bots by blocking them, and have not suffered though a DDoS event. Annoyances, yes, nothing that had me look for a way to continue during attack.

NickMNS

7:49 pm on Oct 16, 2020 (gmt 0)

I believe the redirect is being done at the cloudfare level.

Doesn't Cloudflare have other techniques to mitigiate the DDOS attack? Have you clicked the "I'm under Attack" button on the Cloudflare dash board?

edit: link to Cloudflares support on DDOS attacks.
[support.cloudflare.com...]

JorgeV

8:33 am on Oct 17, 2020 (gmt 0)

Hello,

If you are using Cloudflare, then thy have an anti DDOS system. Are you sure your backend server is not directly hit ?

JorgeV

11:57 am on Oct 17, 2020 (gmt 0)

Also, how do you know this is a DDos? And not just spike of legitimate traffic?

darkroom

2:29 pm on Oct 17, 2020 (gmt 0)

@jorgeV - Yes this is the case. Backend servers being directly hit.

JorgeV

2:57 pm on Oct 17, 2020 (gmt 0)

Then, there is certainly a way to block all requests at the firewall level, and allowing only IPs from Cloudflare's servers. I am not using Cloudflare for this, so I cant' help more.

archiweb

1:21 pm on Oct 18, 2020 (gmt 0)

1. Allow traffic only from the Cloudflare edge addresses and block everything else, like already suggested above.

2. If possible � deploy a proper load-balancer, like HAProxy in front of your webserver, set some rate-limits for your webheads, a stack like HAProxy -> Varnish -> webserver; should be able to keep you safe even without 3rd party WAF/CDN like Cloudflare.

3. If you webhost is no protected against DDoS attacks � consider a move to something more adequate for 2020 � plenty of options out there.

lammert

1:33 pm on Oct 18, 2020 (gmt 0)

Check the Cloudflare IP address range [cloudflare.com] and implement them in your iptables firewall (assuming you are on Linux). Drop all traffic that is not from Cloudflare's IP set or your own development location.

Be sure to just drop packets you don't want, not reject because with a reject there will still be a response sent back to the attacker, so they'll know your server is still alive.

That will fix the problem. DDOS attackers will get no response and eventually die out.