I’m sure all of you noticed that the last time I posted an article was on early December. During that time, I’d say that it was the busiest moment in my life. I had to rush the contractor to finish renovating my house because the owner of the rented apartment decided to sell it off and we had to move as soon as possible. At the end of December, we moved but the house wasn’t ready and it was still in a huge mess. Moreover there was no Internet connection. Sometime around Christmas, this website started to get really slow and subsequently inaccessible for nearly a week.

The reason for the down time was because of DDoS attack. Our previous webhost NetDepot was not capable of mitigating DDoS attacks and their only solution is to null route my server’s IP address and wait for the attack to subside. Well the attack didn’t stop and I had to look for solutions to block the attacks. Basically DDoS attacks comes from many different sources (computers). These sources are hacked computers where the user accidentally installed trojan or bot without their knowledge that allows the attacker to command and control.

The image below shows an example of how DDoS works.

Many years ago, DDoS are not common and launching a DDoS attack wasn’t easy. Nowadays it’s very easy as long as you have some money. First you buy a tool such as BlackShades NET which has DDoS capability, then you need a crypter that can make it fully undetectable (FUD), and finally get people that provide service to do the install or updates. With around $200, you probably can get thousands of bots to control and bring down any websites that are not protected against DDoS.

Getting the zombies are easy but maintaining them are tough. Reason is some of the top antivirus brands are very good in detecting malwares, and secondly there is a thing called “botkilling” which allows another attacker to remove any bot/trojan on the hacked computers while keeping only theirs available so that the particular attacker is the only person who can command and control.

Unfortunately there is no free and easy way to fend off DDoS attacks. One way is to use LiteSpeed Web Server where it has anti-DDoS capabilities. Their latest 4.1 development version has even better DDoS attack auto detection and filtering. However LiteSpeed is not the answer for all DDoS attacks because if the TCP attack is really huge, then your data center will need to absorb the attacks and they normally won’t. Only companies such as Staminus and GigeNET willing to absorb the attacks which doesn’t come cheap.

I’ve switched from Apache to LiteSpeed Web Server and moved my website to Staminus where they use SecurePort DDoS Mitigation Technology to protect against DoS and DDoS (Distributed Denial of Service) attacks. The total cost to keep this website up is $750 per month inclusive of LiteSpeed Web Server, SecurePort and server management by LinuxAdmin. It’s a lot but I think it’s worth it. Anyway I’ve missed so much during my time away and I’m trying to catch up. I’m back in the forums and will get back to writing as soon as possible. I also noticed that Google has increased the pagerank of this blog to 5 and the forums to 4. The blog was at PR2 and forum at PR0 for a very long time.