My site went down today, I’m pretty sure it was a DOS attack but what’s weird is that it came back up on its own four hours later. When I look at the CPU usage on my droplet it ran at 700+% for hours then back to normal.
When I got to a terminal the site was back to normal and CPU usage back to normal as well. I ran IFTOP to check for network traffic and here’s what I’m seeing:
mqqqqqqqqqqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqqq 10.20.0.6 => 188.8.131.52.cl.ipnet.ua 2.05kb 27.2kb 23.8kb <= 160b 1.72kb 1.88kb loadtest.b1000test53 => 184.108.40.206 1.41kb 1.51kb 1.56kb <= 160b 160b 160b loadtest.b1000test53 => google-public-dns-a.google.com 876b 175b 252b <= 876b 175b 384b loadtest.b1000test53 => google-public-dns-b.google.com 876b 175b 44b <= 584b 117b 29b 10.20.0.6 => 220.127.116.11 208b 42b 10b <= 368b 74b 18b loadtest.b1000test53 => sellingeverywhere.com 0b 0b 127b <= 0b 0b 81b 10.20.0.6 => 10.20.0.2 0b 0b 81b <= 0b 0b 127b loadtest.b1000test53 => 162-144-140-49.unifiedlayer.com 0b 0b 0b <= 0b 0b 9b
What is the loadtest? Some sort of an attack I’m assuming. How do I stop it?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.