What happens during a DDoS attack and how to respond

When your VPS is targeted by a DDoS attack, it's crucial to know what to expect and how to respond to minimise disruption and restore service. This guide outlines the immediate steps you can take if your server is affected by a DDoS attack and explains how BinaryLane helps mitigate the impact

For guidance and information on how to secure your servers on BinaryLane or your BinaryLane account, please review these helpdesk articles: 

Securing your account | BinaryLane

Securing your servers | BinaryLane

What happens if my server is being DDoSed?

A DDoS (Distributed Denial of Service) attack floods your server with excessive traffic, overwhelming its resources and potentially disrupting service. When such an attack exceeds your server’s network capacity or packet threshold, our systems automatically 'black-hole' the targeted IP. This means that all incoming traffic to the targeted IP is discarded (or 'dropped') upstream, preventing the malicious traffic from reaching our network or your server. This effectively isolates the server from the internet, ensuring that the attack doesn’t impact your server’s availability or overload the network infrastructure.

• You’ll receive an email notifying you of the suspected DDoS attack.
  
  
• Our system will check every 10 minutes to see if the attack has ceased.
  
  
• Once the attack stops, the targeted IP will be automatically restored, and you will be notified.

Please note that while BinaryLane automatically handles the black-holing and mitigation, we do not provide logs of the DDoS attack itself. If you need more granular insights into the attack or further monitoring, we recommend using your own monitoring and logging tools.

To prevent network threats, ensure your VPS is properly configured with external firewalls, regularly monitor logs, and audit your security setup. More information can be found in our Securing your servers article.

Immediate actions you should take

Review and update your codebase

Regularly audit your application codebase(s) to identify and patch vulnerabilities. This process includes:

• Conducting a thorough review of all recent code changes.
  
  
• Checking for any unexpected modifications or additions.
  
  
• Using version control systems to track and manage changes efficiently.
  
  
  

Rollbacks (snapshots and Backups)

While rolling back to a previous state can restore service, it may not address underlying vulnerabilities. Therefore:

• Immediately update and secure the codebase after a rollback.
  
  
• Ensure backups are encrypted and stored securely.
  
  
• Regularly test backups to confirm they can be restored successfully.

If your VPS has been compromised and you’re unable to connect via standard methods, you can still interact with it through the 'Recovery Console' in mPanel:

If your operating system fails to load due to corruption or another issue, switch the 'Distribution Kernel' to 'Finnix Recovery' to gain access to your system (this feature is only available on non-BYO ISO Linux-based VPS plans):

You can use the Finnix recovery environment to troubleshoot issues, recover corrupted systems, and perform critical maintenance on your VPS. Finnix is a bootable Linux distribution designed specifically for system administrators, offering a wide range of utilities for recovery, file system repair, and diagnostics. Finnix is especially useful if your VPS becomes unresponsive or encounters file system issues that prevent it from booting properly.

For more detailed instructions and usage examples, you can refer to the official Finnix documentation or explore their GitHub documentation for further guidance on kernel command line options, troubleshooting tips, and available utilities.

If you require assistance, feel free to submit a support ticket at our helpdesk here: Submit a ticket | BinaryLane