Pushdo: how we are mitigating the DDOS attack

HELLO WORLD,

 

If you’re reading this, chances are you heard about Pushdo already. For the (lucky) rest of you, If your site starts using incredible many CPU resources and bandwidth, possible resulting in your hosting suspending your website or your web server becoming unusable, chances as you’re victim of a Pushdo attack (which of course is what is happening to this website as we speak). Without getting too technical, your site gets a DDOS attack, the Apache log files will look like this:

 

113.169.147.58 – – [11/Nov/2014:07:00:00 -0800] “POST /tabbles.net/ HTTP/1.1″ 403 223 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
187.194.130.108 – – [11/Nov/2014:07:00:00 -0800] “POST /tabbles.net/ HTTP/1.1″ 403 223 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
223.207.169.183 – – [11/Nov/2014:07:00:00 -0800] “POST /tabbles.net/ HTTP/1.1″ 403 223 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
212.156.210.13 – – [11/Nov/2014:07:00:00 -0800] “POST /tabbles.net/ HTTP/1.1″ 403 223 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
188.114.99.252 – – [11/Nov/2014:07:00:00 -0800] “POST /tabbles.net/ HTTP/1.1″ 403 223 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
91.238.202.254 – – [11/Nov/2014:07:00:00 -0800] “POST /tabbles.net/ HTTP/1.1″ 403 223 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

 

Basically a flood of POST requests, all coming from agents “MSIE 6.0” and from thousands (or hundreds of thousands) of different IP addresses. What do you? IP filtering? not a chance. Caching/enhancing/making your site faster? Well, if you’re running your website on a dedicate Watson supercomputer, you may give it a try – else, not a chance. What did we do to help the situation and mitigate the attack?

 

1) A 403 redirect in the .htaccess for users on the MSIE 6.0 Agent: I created a file called pushdo.html in the root and added these lines in the .htaccess

# BEGIN antipushdo
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} “compatible ; MSIE 6.0” [OR]
RewriteRule .* – [F,L]
# END antipushdo

The drawback is that people using Internet Explorer 6.0, won’t be able to see your website – which shouldn’t be cause of much concern to most of you out there.

 

2) Use Cloudflare: this service looked  to me as some kind of alchemy as I still can’t really figure out how it works… but I don’t really care as it works just fine 🙂 In order to set up yout site for it, you’ll need to have your DNS records to point at Cloudflare (instead at your hosting provider). Basically what Cloudflare does (as far I understand!) is creating cached mirrors on your website on several server, geographically far away from each other. Then it will redirect the traffic coming to your website, onto its different servers, effectively splitting the traffic and Apache workload… just like magic 🙂

 

So far, it seems the issue has been minizimed… but I still keep say an extra prayer about it every night.

 

 

Reply To: Pushdo: how we are mitigating the DDOS attack

Download

Tabbles 4.2.0 (~ 19MB)
Compatible with: Vista, 7, 8, 8.1, 10. For LAN mode, it requires Microsoft Sql Server Express 2008 or above.

Write us!

Do you have questions about Tabbles, or just want to say hi? Drop us a line and we'll get back to you:

Your Name (required)

Your Email (required)

Subject (required)

Your Message (required)

Subscribe to our Newsletter

Register/Login to forum/blog

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close