Skip to main content

I’ve Raised the Drawbridge

If there is one thing I have learned in nine years of building and fixing websites, it is that we are all equal in the eyes of hackers who will attack and try to get into any site they can.

This time, it is my turn in the hot seat.

Early this morning I was informed by a monitoring bot that my site was down. A few minutes of discussion with my hosting company revealed that the site wasn’t down so much as it was under attack. Hackers are trying to get in, and have been hitting my site so hard that they had essentially taken the site offline via a DDOS attack.

DDOS is when someone (usually a hacker) uses a lot of hacked bots, websites, servers, or internet connected devices to overwhelm a target website or service with the goal of either shutting the target down or breaking in. In my case, they are trying to get in. They have not, and since I have good security I do not expect them to.

My site is up to date, my security plugin is fully set up and active, and I have enabled the "under attack" setting on Cloudflare. (This is why you saw that splash screen before visiting the site.)

Thanks to my preparations, this attack is not a dire emergency but a petty annoyance that will have to be mitigated until the hackers give up.

That is a huge improvement over the last time I came under a DDOS attack, back in 2013. I was still so new to this that I didn’t know what was happening at the time, and to make matters worse my site was attacked while I was traveling back from a conference in Vancouver. There I was, trying to troubleshoot over airport wifi, and not knowing anyone I could ask for help. I did eventually thwart that attack, but it was a nightmare – and as I look back, that was the moment I decided to really learn how to take care of and protect my website.

It’s funny the things you don’t realize until years later, isn’t it?

image by jcubic via Flickr

Similar Articles


Mike Cane February 11, 2019 um 3:16 pm

Eh. There are other sites that use that drawbridge. A small speedbump for us to thwart the haXXorrz. Carry on.

Nate Hoffelder February 11, 2019 um 6:12 pm

Yep – I just thought the point about dealing with a DDOS attack might be useful.

Robert Nagle February 11, 2019 um 6:55 pm

Wow, news to me. My web server got hacked into about a decade ago — and it took a while to fix, but I hadn’t ever considered the possibility of DDOS. I’ll have to look into my cloudflare settings. What WP security plugin do you mean?

Nate Hoffelder February 11, 2019 um 6:57 pm

I use All in One WP Security

DaveMich February 11, 2019 um 11:54 pm

Do you have any idea why you’re being DDOS’d? I mean, other than for ransom.

Nate Hoffelder February 12, 2019 um 8:06 am

I doubt it’s anything more than random bad luck.

Hannah Steenbock February 12, 2019 um 4:13 am

Woah. I was wondering about that "checking your browser" screen. Thanks for explaining, especially as I was getting annoyed by it. Now it all makes sense and I don’t mind that little wait. I’d rather have your site. 🙂

My site(s) are small. Little traffic. I doubt it makes sense to hack them, but I do have some security in place. What’s a size when I should start to worry?

Nate Hoffelder February 12, 2019 um 8:47 am

It’s not how big your site is, it’s what they can do with it. A lot of the time, the hackers just want to add your site to their botnet so they can go attack someone else. I’m pretty sure that is why I was attacked in 2013, and it could be why I was attacked yesterday.

S. J. Pajonas February 12, 2019 um 9:25 am

I was wondering about that CloudFlare screen. I’ve been through several DDOS attacks in my programming life (since 1998) so I feel for you. I feel like it’s the equivalent of locking up the house, getting into the basement, and waiting out a tornado. It’ll pass and be noisy and possibly destructive, but hopefully everything survives. Lol.

Nate Hoffelder February 12, 2019 um 9:51 am

I think it has passed.

Lyn February 13, 2019 um 1:07 pm

Thank you for reporting this. So much I do not know about!

I’m glad you’ve got a handle on it. If your site went down, it would be a big loss for all of us.

Six Things I Learned When My Websites Got Hacked | Nate Hoffelder July 28, 2019 um 9:34 pm

[…] I’ve never had a serious hacking incident on my website (just a few incidents where hackers tried and failed to get in), and I was certain that I was smarter than the all the other techs who admitted in private FB […]

Write a Comment