|
To answer your first question, like people said already, pull a log from your servers with the IP's. If it is a lot of different IP addresses then that is a good sign of a DDOS attack of some kind. If it is a lot of requests from the same IP address or only a few IP addresses it probably is a search engine or something like which is causing the problem. You can also look up the IP addresses by simply Googling them to see who owns the IP. To fight off the attack immediately I would recommend switching your DNS over to CloudFlare's Pro or Business plan (that depends a lot though on your site's current configuration, the size of your budget, etc.) with certain settings, then configuring Sucuri CloudProxy with CloudFlare, and lastly implementing some additional security for your server on Single Hop. In terms of preventing future ones, you basically want to be proactive as possible in terms of preventing them, but that won't stop everything. The configuration I recommended above should be pretty good for most sites, but you might want to consider other DDOS mitigation companies as well and you could need something completely different depending on your business etc. Then you want to have a plan and several other things in place in case it was to get past the infrastructure you implemented to prevent it, so you can minimize the downtime you have etc. It is hard to tell whether that is a possible issue just based on the information you gave in terms of the sleeping MySQL connections. Lastly, depending on what the issue exactly is, it probably would be a good idea to make your site as static as possible, but that is difficult to do since your site is down right now. Once you get the site back up though and stable, you might consider doing this for a little bit. Lastly, having a separate site that you can deploy in the event of an attack is a good idea as well. If you want more help, shoot me an email at caleb.lane4@gmail.com. I hope that helped and you get this solved quickly. |