Our first DDOS attack, what happened and what we’ve learned…

DDOS, or distributed denial of service attacks are becoming more common place on the internet. There are a large list of articles online telling you everything you need to know about what these attacks are, so we’re not going to re-invent the wheel.

According to Digital Attack Map a DDOS attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.

They go on to say that you can currently buy a DDoS for as little as a $150, there are more than 2000 daily attacks, and 1/3 of all server downtime is due to a DDoS attack. So they are incredibly serious and very difficult to avoid, in our case we had a 10gb attack that lasted just short of 2 hours started on the 24th January 2018. This attack was aimed at one of our shared hosting servers’ shared IP addresses and effectively overloaded its ability to handle the data incoming.

We did prepare for this…

We had prepared as much as we thought but even with a Fortigate firewall with specs including 200Mbps Threat Protection and 2.5 Gbps protection, 4 separate Gb cables to each server combined into a active/passive bind, and monthly maintenance windows, there was no way to prevent such a devastating attack.

Reviewing the firewalls we pulled the following images to show you the effect of the attack;

firewall attack


You can see the difference in the traffic to the server, it was drastic compared to our normal traffic, but the firewall wasn’t struggling.

Firewall attack 2

You can also see on these images that we’re used to constant attempts to access the server and bypass our security. In fact if you look at earlier in the day there was a more focused attempt to access everything and it didn’t affect our services.

The server affected noticed the spike in traffic, as shown in this graph, it wasn’t struggling but the traffic was clearly increasing.

Xenserver graph


The server that was attacked also registered the increase network spike but it was still only half of the physical limit of the devices.

So if everything was working fine, why did everything stop?

The problem we faced was capacity, we share the racks in the data centre with other customers and with an attack of this scale the data centre registered the attack and immediately noticed the degradation of service for the entire cabinet. If one server is being attacked it can affect all the servers in the rack, meaning the data centre have to make difficult choice to protect 35 other servers over the one being attacked.

Server Rack
Examples of 1U servers

By disabling the attacked site/server the attack has nowhere to go and simply stops. The DDoS is effectively still running but it doesn’t have a target, so the bot net running it will just keep trying for as long as it was paid to run.

So what can we do in the future to avoid this?

The difficult reality is avoiding it is near impossible but mitigating it is possible. DDoS are a normality of internet life, what we need to do is educate and improve our security for next time. We have started investigating our data centre setup to see if we can do something else next time, moving equipment, further redundancy, anything physical we can do andĀ  any investment we can take. These allĀ  take time and testing but we’ll get it done.

There’s a lot a user can do (yes you the reader), Cloudflare offer caching and DDoS protection for websites as standard, and we offer Cloudflare as standard on our servers. If you turn this one, it re-directs your domain name to them and caches your site on their systems, this means if the attack is aimed at you, Cloudflare will be hit first and can handle the attack for a few hours, hopefully by which time the attack ends and no one notices. If the attack is against us, your website is cached at Cloudflare and is still able to run (in a limited fashion) meaning no one knows.

We’re also going to split our customers up into IP groups, this means that if the attack happens again, we’ll only loose a few customers not them all. We’ll be organising this over the coming weeks.

Finally, a few of us had Office 365 as our email provided. This meant that our websites were down but our email was still running. We could reply, deal with the data centre and still manage the support desk.

We’re not done and no amount of bullying will stop us from providing excellent service.

Please follow and like us:

Move to PHP7 and leave 5 behind…

php7 logo

PHP7 has already been around the block once or twice, did you know it was released Dec 2015, that means it just turned 3! There are still a lot of people out there that still use PHP5.6 or less, to put this in perspective PHP5.3 was released in June 2009 which makes it 9 years old!!! Consider how many updates and bugs have been located since then… the frightening thing is that most of the websites we see still use 5.4, which was released in March 2012 and stopped receiving support September 2015!!!

This is direct from PHP.net;

Supported Versions

Each release branch of PHP is fully supported for two years from its initial stable release. During this period, bugs and security issues that have been reported are fixed and are released in regular point releases.

After this two year period of active support, each branch is then supported for an additional year for critical security issues only. Releases during this period are made on an as-needed basis: there may be multiple point releases, or none, depending on the number of reports.

Once the three years of support are completed, the branch reaches its end of life and is no longer supported.

Currently Supported Versions

Branch Initial Release Active Support Until Security Support Until
28 Aug 2014 3 years, 4 months ago 19 Jan 2017 11 months ago 31 Dec 2018 in 11 months
7.0 3 Dec 2015 2 years ago 3 Dec 2017 30 days ago 3 Dec 2018 in 11 months
7.1 1 Dec 2016 1 year, 1 month ago 1 Dec 2018 in 10 months 1 Dec 2019 in 1 year, 10 months
7.2 30 Nov 2017 1 month ago 30 Nov 2019 in 1 year, 10 months 30 Nov 2020 in 2 years, 10 months

Or, visualised as a calendar:

Today: 2 Jan 2018

PHP Version Support Chart
Current support of PHP Versions


Active support A release that is being actively supported. Reported bugs and security
issues are fixed and regular point releases are made.
Security fixes only A release that is supported for critical security issues only. Releases
are only made on an as-needed basis.
End of life A release that is no longer supported. Users of this release should
upgrade as soon as possible, as they may be exposed to unpatched security

So if you’re using anything other than 7.x you’re in trouble, without regular security updates and patches software becomes troublesome! We always recommend 7 to everyone for the security, but it also comes with other advantages, lets talk about those for a second.

Higher Load Capacity

The upward shift in performance you get from PHP7 is due to the changes in phpng, these changes allowed us to adopt PHP7 smoothly, in fact most of our customers don’t realise they are on PHP7 as its default for new WordPress installs. Along with the performance boost PHP7 is better with memory, it just knows when to let go of the RAM more, meaning your site can run on less resources!

Lets make this more visual!

PHP 5.5

Transactions:              4354 hits
Availability:              100.00 %
Elapsed time:              299.64 secs
Data transferred:          17.23 MB
Response time:             1.21 secs
Transaction rate:          14.53 trans/sec
Throughput:                0.06 MB/sec
Concurrency:               17.59
Successful transactions:   4354
Failed transactions:       0
Longest transaction:       2.04
Shortest transaction:      0.12


Transactions:              5256 hits
Availability:              100.00 %
Elapsed time:              299.53 secs
Data transferred:          20.06 MB
Response time:             0.92 secs
Transaction rate:          17.55 trans/sec
Throughput:                0.07 MB/sec
Concurrency:               16.12
Successful transactions:   5256
Failed transactions:       0
Longest transaction:       11.54
Shortest transaction:      0.43


Transactions:              11333 hits
Availability:              100.00 %
Elapsed time:              299.38 secs
Data transferred:          44.84 MB
Response time:             0.16 secs
Transaction rate:          37.85 trans/sec
Throughput:                0.15 MB/sec
Concurrency:               6.16
Successful transactions:   11333
Failed transactions:       0
Longest transaction:       0.77
Shortest transaction:      0.02

As you can see, compared to 5.5, Facebook HHVM is 1.2x faster but PHP7 is 2.6x faster! The speed increase is so easy to see!

PHP7 also comes with a host of new operators and tools suited for developers, which are kindly listed here

Overall, PHP 7 is faster, more secure, and significantly more resource efficient than older versions. To give you an example, a site running PHP 7 can handle twice as many visitors as PHP 5 can, using the same amount of memory. This means your shared hosting plan can take your website further for the same money!

Please follow and like us:

3 ways to improve the Security of Your Website

Investing on website security measures should be a compulsory idea to every web master. It takes a lot of time, money and resources to build a website site from scratch until it becomes a well-functioning site that users can navigate through and quench their intended purposes. But as there are nefarious web thieves everywhere, your website could compromised and get wiped out in minute without you noticing. There are some simple but unique ways that can help you to protect your website besides backing up your files regularly. Many people think that after web design is complete, hacking is not possible but with advanced technology, intrusion to your website features can occur.

Always Keep the Trendy Features on Your Platform

A strong website promotes business growth online which is why it should be trendy to overcome the stiff competition from synonym businesses. The platforms and scripts that you have launched in the website should be up to date to ensure that people find it hard to compromise your website security systems. Many of these features that people use, like plugins, are built on open-source software where people of all intentions, bad or good, can access them. When you leave these features for long on your website, hackers can easily generate the security codes of these features and easily intrude your website. Change them regularly and make sure that they are up to date because by doing so, they would not have the time to generate codes for the new features.

Security Plugins Installation Should be Compulsory

There is software that tools that provide 24-hour surveillance of your site to detect and bounce all the hacking threats from hackers. These software tools are readily available, and when you want to address the inherent website weakness, you just need to install and attach them to your website. A good example is Better WP security and Bullet proof security when you are using WordPress. If you use HTML pages, Site Lock could be the best software to install because it protects both website features that content. Improve business with your website by enhancing its security features.

Invest on File Permissions through Codes

This method is too technical, but it is not that hard to understand and implement. You can break down your site into files which would be stored by the web hosting company. Each of these files would be assigned a code with three digits that work to offer permissions or authorisation on who should access the file. For example 756. 7 mean the owner of the site and can edit, delete or make amendments of content. 5 means the person can read and edit but cannot delete or save changes unless permitted by 7 who is the owner of the website. 6 is the read-only user who is just allowed to read but not edit or do anything else to the website. Codes can take different numbers, but they are from 0-7.

Security measures of a website are important to put emphasis on because they are the ones that would enhance smooth running of your business.

Please follow and like us: