Handling DDoS attacks
Handling millions of requests from thousands of IPs is hard! A flood of millions of requests clogs one drain after another.
This is what happened when we had a DDoS attack this week.
- First, our hard-disk got filled due to access logs
- Then our hard-disk got filled due to
too many open files
error logs - Various services started hitting file descriptor limits
- The system started dropping packets and killing connections as the connections table got full
Is it a DDoS?
The best way to check if it is a DDoS is to run the
netstat
commandsudo netstat -nta …