I’ve Raised the Drawbridge

I've Raised the Drawbridge blog maintenance

If there is one thing I have learned in nine years of building and fixing websites, it is that we are all equal in the eyes of hackers who will attack and try to get into any site they can.

This time, it is my turn in the hot seat.

Early this morning I was informed by a monitoring bot that my site was down. A few minutes of discussion with my hosting company revealed that the site wasn't down so much as it was under attack. Hackers are trying to get in, and have been hitting my site so hard that they had essentially taken the site offline via a DDOS attack.

DDOS is when someone (usually a hacker) uses a lot of hacked bots, websites, servers, or internet connected devices to overwhelm a target website or service with the goal of either shutting the target down or breaking in. In my case, they are trying to get in. They have not, and since I have good security I do not expect them to.

My site is up to date, my security plugin is fully set up and active, and I have enabled the "under attack" setting on Cloudflare. (This is why you saw that splash screen before visiting the site.)

Thanks to my preparations, this attack is not a dire emergency but a petty annoyance that will have to be mitigated until the hackers give up.

That is a huge improvement over the last time I came under a DDOS attack, back in 2013. I was still so new to this that I didn't know what was happening at the time, and to make matters worse my site was attacked while I was traveling back from a conference in Vancouver. There I was, trying to troubleshoot over airport wifi, and not knowing anyone I could ask for help. I did eventually thwart that attack, but it was a nightmare - and as I look back, that was the moment I decided to really learn how to take care of and protect my website.

It's funny the things you don't realize until years later, isn't it?

image by jcubic via Flickr

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader. He has been blogging about indie authors since 2010 while learning new tech skills weekly. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

12 Comments

  1. Mike Cane11 February, 2019

    Eh. There are other sites that use that drawbridge. A small speedbump for us to thwart the haXXorrz. Carry on.

    Reply
    1. Nate Hoffelder11 February, 2019

      Yep – I just thought the point about dealing with a DDOS attack might be useful.

      Reply
  2. Robert Nagle11 February, 2019

    Wow, news to me. My web server got hacked into about a decade ago — and it took a while to fix, but I hadn’t ever considered the possibility of DDOS. I’ll have to look into my cloudflare settings. What WP security plugin do you mean?

    Reply
    1. Nate Hoffelder11 February, 2019

      I use All in One WP Security

      Reply
  3. DaveMich11 February, 2019

    Do you have any idea why you’re being DDOS’d? I mean, other than for ransom.

    Reply
    1. Nate Hoffelder12 February, 2019

      I doubt it’s anything more than random bad luck.

      Reply
  4. Hannah Steenbock12 February, 2019

    Woah. I was wondering about that “checking your browser” screen. Thanks for explaining, especially as I was getting annoyed by it. Now it all makes sense and I don’t mind that little wait. I’d rather have your site. 🙂

    My site(s) are small. Little traffic. I doubt it makes sense to hack them, but I do have some security in place. What’s a size when I should start to worry?

    Reply
    1. Nate Hoffelder12 February, 2019

      It’s not how big your site is, it’s what they can do with it. A lot of the time, the hackers just want to add your site to their botnet so they can go attack someone else. I’m pretty sure that is why I was attacked in 2013, and it could be why I was attacked yesterday.

      Reply
  5. S. J. Pajonas12 February, 2019

    I was wondering about that CloudFlare screen. I’ve been through several DDOS attacks in my programming life (since 1998) so I feel for you. I feel like it’s the equivalent of locking up the house, getting into the basement, and waiting out a tornado. It’ll pass and be noisy and possibly destructive, but hopefully everything survives. Lol.

    Reply
    1. Nate Hoffelder12 February, 2019

      I think it has passed.

      Reply
  6. Lyn13 February, 2019

    Thank you for reporting this. So much I do not know about!

    I’m glad you’ve got a handle on it. If your site went down, it would be a big loss for all of us.

    Reply
  7. […] I’ve never had a serious hacking incident on my website (just a few incidents where hackers tried and failed to get in), and I was certain that I was smarter than the all the other techs who admitted in private FB […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top