How Gitote mitigated massive DDoS Attack π
Nov 17, 2018
On Saturday, November 17, 2018, Gitote.in was unavailable from 9:50 to 10:46 IST due to a distributed denial-of-service (DDoS) attack.
To note, at no point was the confidentiality or integrity of your data at risk. We are sorry for the impact of this incident and would like to describe the event, the efforts weβve taken to drive availability, and how we aim to improve response and mitigation moving forward.
Background
We have received traditional attack via Botnets
Requests per second: 6000 Rps Bandwidth per second: 1 Gbps Areas attacked: https://gitote.in, https://gitote.in/api
Incident
Between 9:50 to 10:46 IST on November 17th we identified and mitigated a significant volumetric DDoS attack. The attack originated from over a thousand different autonomous systems (ASNs) across 5000+ of thousands of unique endpoints. It was an amplification attack using the load-based approach that peaked at 1Gbps via 1 million packets per second.
At 9:50 IST our network monitoring system in Digitalocean detected an anomaly in the CPU usage and notified us on in the Slack Channel #the-serious-room. This graph shows CPU Usage of our servers during load-attack:
Steps taken
We found that all requests that are attacking Gitote start with the same range(xxx.xxx.abc.def), so we blocked the range of IPs in that range.
And we are sorry for the user whoβs IP is on that range. (we release those IPs after mitigation)
Future Plans
Weβre going to continue to expand our servers in Digitalocean and strive to identify and mitigate new attack vectors before they affect your workflow on Gitote.in.
π Share on Twitter