Dear DigitalOcean Support,
I am writing to report a significant and sudden issue that has arisen with my website hosted on your service (Website: sportydeal.com). Starting at around 10 AM yesterday, we began receiving a large volume of identical emails from what appear to be fake addresses. Concurrently, our server’s CPU usage spiked from an average of 30% to 100%, where it has remained.
Here are the details of the incident: Start time of the issue: Approximately 10 AM on 28/11/2023. Nature of the problem: Influx of 100 identical emails from suspected fake addresses, simultaneous and sustained spike in CPU usage to 100%. Impact: The server’s performance is severely degraded, potentially affecting our customers’ experience and our business operations.
We suspect this may be due to a DDoS attack or a similar malicious activity targeting our site. We have taken the following steps: Checked our website’s code and configurations for any anomalies and checked the traffic on our web site : no up. Reviewed server logs around the time the issue began. Attempted to identify the source of the traffic/email, but it seems to be distributed.
We urgently need your assistance to: Investigate the source of this traffic and the high CPU usage. Implement measures to mitigate this issue and prevent future occurrences. Provide insights on any additional steps we should take to secure our server. Please find attached a screenshot of our server’s performance graphs showing the CPU usage spike. We appreciate your prompt attention to this critical matter. Best regards,
Yann Le CORRE Founder and CEO SportyDeal
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hello Yann,
While we prioritize user privacy and don’t access personal account information through this public forum, I can certainly offer some general advice that might help mitigate the issues you’re experiencing.
Given the influx of identical emails from what appear to be fake addresses, here are some steps you might consider:
Configuring rate limiting on your server can help prevent excessive requests, including spam emails, from overwhelming your systems.
A WAF can assist in identifying and blocking malicious traffic. It can be particularly effective in filtering out unwanted traffic based on specific patterns or behaviors.
Look into advanced email filtering solutions. These can help block suspicious email addresses and content, reducing the likelihood of spam and potentially harmful emails affecting your server.
Regarding the spike in your server’s CPU usage, which may be linked to web traffic:
A Content Delivery Network can significantly help in managing traffic loads. CDNs are designed to deliver static content efficiently and can reduce the load on your primary server. This can be particularly helpful if you’re facing a DDoS attack or similar high-traffic events.
CloudFlare offers free plans that include DDoS protection. This could be an invaluable tool in defending your website against large-scale attacks, ensuring better availability and performance during traffic surges.
As a reminder, DigitalOcean Droplets are unmanaged, which means the direct management of your server, including security and traffic monitoring, falls under your responsibility.
For more in-depth support, especially for issues specific to your account, our dedicated support team is the best point of contact.
Hope that helps!
- Bobby.
Heya @yannlecorre,
Regarding the Email issues, try some of the following:
As for the web traffic, you might want to consider using a CDN like CloudFlare. A content delivery network (CDN) is a geographically distributed group of servers optimized to deliver static content to end users. This static content can be almost any sort of data, but CDNs are most commonly used to deliver web pages and their related files, streaming video and audio, and large software packages. It’s free and you can even use DDoS protection with it.