[akassover]

We got hit by a DDoS about a year ago. Rackspace (who normally has amazing support) quietly null routed us and went about their day. No heads-up, trouble ticket, or any other form of notification. They didn't even put a note in our account so when we contacted their support to figure out why our servers were unresponsive outside their network the poor guy who answered the phone was just as confused as I was.

We've taken some steps since then to hopefully reduce our vulnerability. I'd be really interested in a DDoS protection best practices guide for small SaaS businesses.

[akassover]

It's worth adding that when we got hit, we were relying on "security through obscurity". I slept well at night because I thought nobody would be interested in DDoS'ing little ol' us when there are plenty of big fish out there to go after.

I'm sure a few of you out there are readying this thinking "too bad for Basecamp, but this will never happen to us because we aren't an interesting target." That's what we thought too...

[gk1]

I'm running a small SaaS business. I'm curious to hear what steps you took to reduce your vulnerability. Could you please share so others can take the same steps?

[akassover]

The biggest thing we did was remove our dependency to a single IP (this was a unique requirement of our business). We also improved our firewall and upped our managed service level. We're not 100% bullet proof now, but definitely better than we were. I'd be happy to go into more detail offline.

[gk1]

Thanks! I'm on managed service as well, so I may be able to request some of those things. I've never been hit but sounds like I should be proactive about this.

[alexcroox]

Yep Rackspace did little to nothing to help us but null routing.