• Created on:2021-08-22 15:51:47
  • Help! I am currently under attack

Help! I'm currently under attack! Introduction

This article is for new customers who are transitioning to eFlame services as a direct result of currently being under attack. While every case is different we hope the following basic steps will be of use. These steps assume a Reverse Proxy style of setup (most simple). If you are an existing customer and are currently experiencing issues with mitigation (e.g leaking traffic) please open a ticket.

Basic Steps Step 1

: Get a new IP. Keep this IP secret, do not share it with anyone, do not make it public via DNS.

Step 2

: Get your currently under attack IP null-routed if it is not already. If this is your main IP you may need to get the SSH or other remote access software adjusted for continued access at a new IP.

Step 3

: Setup your backend services to be exclusively bound to this new IP address.

Step 4

: Buy eFlame DDOS Mitigation services, There are tutorials for many common setups in this Knowledgebase.

Additional Notes Please be aware:

We can't mitigate traffic that is currently hitting your backend IP. Similarly, we can't connect/route traffic to a null routed or offline backend server. Your server will need to be online to begin using our services. Your attacker already knows your backend address. This should now be changed, for this speak to your backend service provider. Good mitigation systems respond dynamically to attacks, detecting a difference between the learnt "clean" traffic and then new "attack" traffic. Routing traffic to us while already under attack does not allow the system to learn a profile for clean traffic, limiting its effectiveness. Your backend provider may not be willing to provide you with additional IPs for free, normal fees for additional IPs are $1-3 per IP. Try not to expose your backend service IP inadvertently through poorly secured software or services.