Monitoring ?
In order to detect a DDOS attack (and other types of attacks) we closely monitor all activity on our web servers using a variety of tools:
Netdata: real-time server resources and web traffic monitoring. In the event of abnormal traffic, the development team receives an alert on our communications and messaging platform; Slack.
StatusCake: our website uptime monitoring system. Checks that each website in our care is up, at regular intervals. Multiple members of our team receive alerts through multiple channels including; email, Slack and SMS when a website goes down.
Automated error reporting: all errors on our web servers are relayed to our Slack account, allowing us to quickly detect and react if something is going wrong with a website/web application.
Prevention ?
When we manage your DNS records for you, your domain is on Cloudflare.
Cloudflare DDoS protection secures websites, applications and entire networks while ensuring the performance of legitimate traffic is not compromised. It is our primary layer of defense against DDOS attacks and will prevent a large majority of smaller-scale attacks without you or us even noticing.
Cloudflare hides your website behind their network by hiding our servers’ IP addresses and monitors all traffic going to your website. It checks that all visitors to your website are legitimate and blocks them if not.
All our web servers also have security modules installed to automatically block malicious visitors, based on the number of requests per minute from a single IP address (and other factors, we call this our secret sauce).
Our cloud provider also provides a layer of security from within their firewall.
All our servers are protected by TrendMicro DeepSecurity. It is used for Intrusion Detection/Prevention, real-time anti-malware and integrity monitoring.
Mitigation ⚔
When we detect an ongoing DDOS attack that was not blocked by Cloudflare we take the following steps to mitigate the impact of the attack:
If your website is on Cloudflare, we enable the “Under Attack” mode. Cloudflare Under Attack Mode performs additional security checks to help mitigate Layer 7 DDoS attacks. Validated users access your website and suspicious traffic is blocked. When enabled, visitors see an interstitial page. The "Checking your browser before accessing..." page challenge determines whether to block or allow a visitor within 5 seconds. This action will contain most small to medium attacks and should leave your website accessible.
Whether your website is on Cloudflare or not we will start blocking attackers at the network level (in our cloud provider’s firewall) as we collect their IP addresses from our logs.
Our web servers’ security modules will also start blocking attackers at the application level automatically. Depending on the scale of the attack, we would make the modules more aggressive in how they block attackers to keep the website alive.
Impact ⏱
If your website is under a DDOS attack it might go down initially for a few minutes while we start mitigation. For small scale DDOS attacks, we should have it back up and running within minutes. For medium and large scale attacks, it could take up to a few hours, even days for traffic to resume to the website. That heavily depends on whether your website is on Cloudflare, how much resources the attackers are putting into the attack, how smart the attackers are, how much information they have on our network etc.
While no one can be 100% DDOS proof, as demonstrated in the news recently, you can trust that we at Firebrand are doing everything we can to protect you.
If you have any questions about this or your services specifically please feel free to get in touch. If you aren't a client please, feel free to use this information to ensure your provider are doing all they can to protect your digital presence and/or platforms.
Team Firebrand ?