Yoginth

πŸ‘‹ Hello, I'm Yoginth
🀟 Designer & Toolmaker β€’ Working with Ruby πŸ’Ž β€’ 🎡 Music Animal β€’ You can know more about me here. πŸš€

How Gitote mitigated massive DDoS Attack πŸ“ˆ

Nov 17, 2018

On Saturday, November 17, 2018, Gitote.in was unavailable from 9:50 to 10:46 IST due to a distributed denial-of-service (DDoS) attack.

To note, at no point was the confidentiality or integrity of your data at risk. We are sorry for the impact of this incident and would like to describe the event, the efforts we’ve taken to drive availability, and how we aim to improve response and mitigation moving forward.

Background

We have received traditional attack via Botnets

Requests per second: 6000 Rps Bandwidth per second: 1 Gbps Areas attacked: https://gitote.in, https://gitote.in/api

Incident

Between 9:50 to 10:46 IST on November 17th we identified and mitigated a significant volumetric DDoS attack. The attack originated from over a thousand different autonomous systems (ASNs) across 5000+ of thousands of unique endpoints. It was an amplification attack using the load-based approach that peaked at 1Gbps via 1 million packets per second.

At 9:50 IST our network monitoring system in Digitalocean detected an anomaly in the CPU usage and notified us on in the Slack Channel #the-serious-room. This graph shows CPU Usage of our servers during load-attack:

Steps taken

We found that all requests that are attacking Gitote start with the same range(xxx.xxx.abc.def), so we blocked the range of IPs in that range.

And we are sorry for the user who’s IP is on that range. (we release those IPs after mitigation)

Future Plans

We’re going to continue to expand our servers in Digitalocean and strive to identify and mitigate new attack vectors before they affect your workflow on Gitote.in.

πŸš€ Share on Twitter