On Friday 6th May, 5 am GMT our servers were hit with an extremely heavy DDoS attack. We were getting about 120,000 queries per second on each of our servers (about 40 times the usual peak load).
|Snapshot of the increased traffic we received||An early investigation revealed that the attack originated from China and we immediately placed our IPs under TMS guard (it filters the incoming malicious traffic, and lets the genuine traffic through, although it is prone to false positives). The TMS guard started blocking all the traffic from China.|
We tried returning the servers back to normal at 10 am GMT but found that we were still receiving abnormally large traffic. To mitigate this we had to leave our DNS IPs in the TMS guard for the entire weekend.
In fact, the attack has still not completely subsided but we have been able to restrict it to a manageable state where all services remain unaffected.
I wanted to share some facts with you:
- We have multiple DNS Servers with complete redundancy
- We regularly face DDoS attacks but our systems manage to prevent our services from being affected. Our resellers are therefore never inconvenienced
- This particular attack was abnormally large due to which we had to take preventive measures leading to our services being unavailable for a few hours
Steps we are taking to prevent such outages in the future:
- Adding additional dynamic firewalls which will proactively mitigate such attacks
- We are increasing our server redundancy even further to buffer against similar situations
I am extremely sorry for the inconvenience caused to all our resellers and their customers. I can assure you that we are taking every possible step to ensure that our system is not affected by such malicious attacks.