[luckyshot]

I would be very grateful if you could share any info about this.

Our small company's site got DDoSed a month ago and we just let it pass since we're not too convinced that the authorities will take us seriously. We don't even know where to start, just saved the logs with a few hundred random IPs from different countries hoping some day we can do something about it...

[slothsarecool]

We report each DDoS attack our company receives to a special department our police has, your country likely has something similar and I guess it doesn't hurt reaching out to them.

From my experience they will get back to you quickly (usually in <1-2 hour) and they can try helping out if you are still under attack / need some consultation.

Will we ever get compensated for the wasted engineering time to stop these attacks? probably not, but if the police ever finds them and they have extra logs of companies that reported issues, its likely an aggravation of the case.

[luckyshot]

You're right, I guess I'm still thinking on a few experiences I had way in the past when the Internet was still early and contacting them was a waste of time: they couldn't understand you nor had the time to do so. It's true they now have many more resources and experts in their departments and, as you say, may at least give some good advice on what to do during the panic stage to try and at least mitigate it. Providing them with logs and proof would have been a good idea too.

Oh my, the attack caused so much wasted time and stress that it's still haunting me and the team, specially when thinking that it may not stop there and the attacker/s is just waiting for the next chance to hit us. The days after the attack the first thing I did after waking up was check the servers to see everything was safe. And our roadmap was severely affected too, prioritizing many security features we had in the backlog.

Thank you so much.

[slothsarecool]

Things are significantly better now, I can't comment on how good the aid is if you are under attack since we always had a team ready to handle DDoS, however, their follow-up has always been fast.

Regarding security features, if you are on a cloud such as GCP, AWS or Azure things are complicated since you can't easily route the traffic elsewhere(you can have BGP connections to DDoS mitigation inside GRE/L2TP tunnels only when attacks occur and it would be cheap to rent on a monthly/yearly basis). Voxility is an example that comes to mind and they are very affordable in general terms.

HTTP or HTTPs attacks are easier to handle with Cloudflare, however, there are other interesting solutions such as Stackpath.

[bornfreddy]

We were under a DDoS attack about a month ago too, but were lucky that it didn't manage to affect our business. With that in mind, we took it as a (precious) learning experience - how often do you get the chance to learn about DDoS defence 1st hand?

I realize we were lucky that the attacker didn't find any of the soft spots (or at least none that hurt us). We do prioritize security though, always.

I hope all goes well for you and that in time this is just another learning experience. Maybe next time you'll smile when an attack is thwarted because of what you've all learned.

[slothsarecool]

We get attacked several times a month, we rely on Cloudflare & Corero to mitigate attacks. Cloudflare handles HTTP/s attacks and Corero handles network level attacks.

Both require tweaking and are far from being 1-click setup tools (despite some marketing attempts that try to make it seem that way), however, if you can manage them, they are very powerful and considerably cheaper than other alternatives.

[bornfreddy]

Thank you, I didn't know about Corero, will check them out. CF we use, and as you said, they are a tool. Plenty of ways they could be better, but they are still the best (in moderate price range) we know.

[jacquesm]

Link from the article: https://krebsonsecurity.com/2019/02/250-webstresser-users-to...

It helps if you have a suspect, typically your local LE will have a cyber division that will know what the next steps are.

[luckyshot]

Glad to hear there's hefty sentences, many attackers don't realize how much damage they're doing and all the stress and effort that goes into trying to mitigate such attacks.

Thank you!

[jacquesm]

You're welcome. Good luck with your problems!

[creeble]

You might want to look into using Cloudflare for your infrastructure - the same folks that provided DDoS protection for most of the now-busted Ddos-for-hire sites!