How I overcame DDoS in 15 minutes

Hi, Habr!

Today I would like to tell about one successful experience from my life. About how I beat off a DDoS attack on my site, without having any technical skills. This article may be useful for you, but someone is just interesting. I must say that this is not a universal method and is not suitable for everyone. But to repel small and medium attacks, that's the thing.

To begin with, in the world now DDoS piracy is growing rapidly. Attackers increasingly began to extort money, under the pretext of the collapse of DDoS. Many fear and pay, and then pay again and again. Error number one, or rather advice: never pay hackers. First, you can simply be deceived; many of those who deal with threats are not able to attack your site. Secondly, pay once, pay both the second and third and fourth, but in the end you will still hire specialists for protection.
')
I never thought that this could happen to me. I imagined it this way: in order for you to be attacked, you need to annoy someone. But my judgment was a mistake. One of Saturday evenings, when I was resting from my daily work, a letter fell on my email. Someone demanded that I transfer a certain amount of Bitcoin, equivalent to the sum of $ 1000. Otherwise, I was threatened with a DDoS attack. I panicked a little. It was a day off, my administrator will not be until Monday. What to do and where to go? This question tormented me. I began to google. In many forums, people advised not to pay and immediately write to the attacker that there would be no payment. There I learned that often it’s just a divorce. But I was not lucky. The hacker answered my letter with one word: “OK”. And after 10 minutes, my site was no longer available. I didn’t know what to do, my site is a commercial project and for me every minute was a loss. Of course, I immediately thought that it was necessary to use the services of profile companies in this business. But it scared me that it would all be very long, and it was also Saturday.

And then I began to think. To think how my knowledge can help me in this situation. And suddenly it dawned on me. Once upon a time, when I was just starting my project, I tried to build a CDN (Content Delivery Network) on my own. Then, as now, there was not enough knowledge in the administrative part and I did not implement my idea. But there was some knowledge left. In particular, I learned how to distribute DNS requests depending on the user's position. That is, when a user drives in the domain of my site, the DNS determines its location and sends it to the correct server.
I remember trying to learn from the community about how to do it on my own, someone even gave the answer, but I myself could not configure everything on my server. But I found a company that allows you to do everything from a beautiful interface. I must say that it is not free, now the starting rate costs $ 7 per month. You can specify an individual IP for each country, and you can immediately for the entire continent.



I understood that DDoS most likely comes from bots that are located all over the world. And 95% of my clients and site users are in Russia. So simply, I quickly changed the DNS server to the server of the company mentioned above. Then for Russia I indicated the IP address of my server, and for all other countries I indicated 8.8.8.8 ( upd: People in the comments advise not to make Google dirty tricks and write here 127.0.0.1). And after 5 minutes, my site was working again, and the attacker received the same message from me: “OK”. Over the next few days, I, of course, hired specialists who are now protecting my site. But here such useful experience remained and I share with you.

Of course, this method is not suitable for everyone. He has cons. In particular, if you have many users from different countries. But as an option for quick response - the very thing. I hope this article will help someone, but I wish you all this did not happen.
Thank you all for your attention.