I have a small but popular local website, it is a nonprofit venture. We arrange programming contest. But randomly in some contest our servers goes down. For example in last contest, we had around 300 users and we deployed 12 C4Large grade servers (when site went down, we increased server to tackle it) but still the site was down for 2 hours (even though after 1 hour most of the contestants left seeing the site not working). All our servers are accessed through AWS Load balancer and we use SSL in the load balancer level. I think due to using load balancer, IIS can't differentiate upcoming traffic by IP so i can't apply the IIS built in dynamic IP based restriction for such attack. Is there a way to do these from AWS?
Is this an issue of DDos/Dos attack on our server? We use the same server and same code but in some contest we face this issue but in some other we do not face this issue. But I do not know how to track this to be sure whether we are under DDos or not. What can we do to protect ourselves?
Thanks
Answer
As @Tim said, AWS offers AWS Shield, so it’s advanced option provides some basic protection. They also have a basic WAF. I would suggest deploying that as a minimum - but it might not be enough, depending on site traffic and where any attacks are actually originating from.
If it’s a small enough site, that’s probably enough but I would recommend doing some research to see if your problem is failover / some other attack or a DDoS attack.
If it’s more complex, you’re going to want a WAF and DDoS protection on top of your AWS server such as Incapsula (apologies: this is a link to a product page) - this will protect against Layer 3 and Layer 7 attacks. This might not be needed on your website but it is something for your servers and for the higher level infrastructure. Most importantly, it’s not just DDoS protection (but the DDoS protection is always-on, unlike something like Cloudflare, where you have to turn it on if you get attacked) but also protection against other web threats.
I don’t want to advertise for any service, but if you’re not sure what’s causing an attack, one of the bigger benefits of a paid service is going to be the NOC so they can monitor the activity that you’re not so sure about.
No comments:
Post a Comment