DDOS Attack against DeFi Of Thrones website
We planned to start the first war on the 10th of December. The reality is that we started the war the 3rd of December and we already won.
As you may have seen, our website https://defiofthrones.io/ had been suffering for DDOS attack during a whole day.
It was a tough task but mandatory to solve. Better this happened now rather than later.
We came out of it stronger and with more security for our next activities.
Now, let’s get more in details regarding this event.
What is a DDOS attack ?
Wikipedia defines it as follow: a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
The opponent: A well-oiled technical & psychological process
A Russian hacker under the Billy Miligan or Mister Haken nickname trying to extort us 1 ETH made the price of DOTX token collapse in order to buy at a cheap price.
Accepting his offer would have been a pain for the whole community because, although it’s a short term solution, it would have been fed his activities, it would have strengthened the business model of its attack process.
In addition, It’s a matter of pride and honour. It’s priceless.
To admit defeat is to accept a title of weakness, the project’s image would have been trampled on.
The attacker is used to proceed with such methods.
Through the conversation we can see that he is also very harmful. He was using a mix of technical and psychological attacks. Indeed, each 2–3 hours he direct messaged Maxime, the CEO, in order to increase the pressure.
It is a psychopath mechanism aiming to highlight that his offer is the unique option the victime has to accept to escape from this disaster.
The DDOS attack itself
The attacker is using a 50 servers botnet he ran flooding in our direction, directly targeting the ip of our website.
As you can see in the chat, he used a 1GBPS coming from “mixed countries”.
Behind, we saw the impacts directly, our processors were literally overflood.
Indeed, as you can see below on the top left corner, the 8 processors did not manage to handle the requests sent by this army of zombies.
At start, it was around 600,000 requests sent then the attacker increased to 3,740,000 ! A classic server is simply not prepared to handle such amount of requests.
The counter-attack and our come back
We setup Cloudflare and we implemented these actions:
- We added a WAF = ( Web Application Firewall) to increase the security against DDOS.
- We’ve updated our instance inbound rules to only allow traffic from Cloudflare servers ips. This allows us to have only one tunnel to protect (it reduces the points of failure for the future).
- We blocked some countries in the Cloudflare firewall.
- We activated a maximum connexions rate / ip (per minute). If you encounter a problem please contact us.
- We activated modEvasive and modSecurity (apache mod) in the server.
- To put all our chances on our side, we also upgraded our server to a more powerful one, more bandwidth, more rams.
- We have setup scripts on the server to make our counter attack faster in case of new DDOS attacks in the future.
- Other secret actions have been taken but cannot be revealed (from a security point of view).
We are still not safe from new DDOS attacks (like CoinGecko recently) but we are now better protected and prepared. We actually take them as positive actions. Hackers allow us to test and improve our security by sending waves of pc zombies (botnets) which would cost us a fortune if we wanted to do it ourselves.
To stay tuned of the latest news, follow us on:
Telegram Announcements: https://t.me/dotannouncements
Telegram General Discussion: https://t.me/DeFiOfThronesOfficial