Potential DDoS Attack Affecting Server Performance

Dear DigitalOcean Support,

I am writing to report a significant and sudden issue that has arisen with my website hosted on your service (Website: Starting at around 10 AM yesterday, we began receiving a large volume of identical emails from what appear to be fake addresses. Concurrently, our server’s CPU usage spiked from an average of 30% to 100%, where it has remained.

Here are the details of the incident: Start time of the issue: Approximately 10 AM on 28/11/2023. Nature of the problem: Influx of 100 identical emails from suspected fake addresses, simultaneous and sustained spike in CPU usage to 100%. Impact: The server’s performance is severely degraded, potentially affecting our customers’ experience and our business operations.

We suspect this may be due to a DDoS attack or a similar malicious activity targeting our site. We have taken the following steps: Checked our website’s code and configurations for any anomalies and checked the traffic on our web site : no up. Reviewed server logs around the time the issue began. Attempted to identify the source of the traffic/email, but it seems to be distributed.

We urgently need your assistance to: Investigate the source of this traffic and the high CPU usage. Implement measures to mitigate this issue and prevent future occurrences. Provide insights on any additional steps we should take to secure our server. Please find attached a screenshot of our server’s performance graphs showing the CPU usage spike. We appreciate your prompt attention to this critical matter. Best regards,

Yann Le CORRE Founder and CEO SportyDeal

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
December 2, 2023

Hello Yann,

While we prioritize user privacy and don’t access personal account information through this public forum, I can certainly offer some general advice that might help mitigate the issues you’re experiencing.

Given the influx of identical emails from what appear to be fake addresses, here are some steps you might consider:

  1. Configuring rate limiting on your server can help prevent excessive requests, including spam emails, from overwhelming your systems.

  2. A WAF can assist in identifying and blocking malicious traffic. It can be particularly effective in filtering out unwanted traffic based on specific patterns or behaviors.

  3. Look into advanced email filtering solutions. These can help block suspicious email addresses and content, reducing the likelihood of spam and potentially harmful emails affecting your server.

Regarding the spike in your server’s CPU usage, which may be linked to web traffic:

  1. A Content Delivery Network can significantly help in managing traffic loads. CDNs are designed to deliver static content efficiently and can reduce the load on your primary server. This can be particularly helpful if you’re facing a DDoS attack or similar high-traffic events.

  2. CloudFlare offers free plans that include DDoS protection. This could be an invaluable tool in defending your website against large-scale attacks, ensuring better availability and performance during traffic surges.

As a reminder, DigitalOcean Droplets are unmanaged, which means the direct management of your server, including security and traffic monitoring, falls under your responsibility.

For more in-depth support, especially for issues specific to your account, our dedicated support team is the best point of contact.

Hope that helps!

- Bobby.

Site Moderator
Site Moderator badge
November 29, 2023

Heya @yannlecorre,

Regarding the Email issues, try some of the following:

  • Implement Rate Limiting: If not already in place, implement rate limiting on your server to prevent excessive requests from overloading your systems.
  • Use a Web Application Firewall (WAF): Deploy a WAF to help identify and block malicious traffic.
  • Filter Email Traffic: Use advanced email filtering solutions to block suspicious email addresses and content.

As for the web traffic, you might want to consider using a CDN like CloudFlare. A content delivery network (CDN) is a geographically distributed group of servers optimized to deliver static content to end users. This static content can be almost any sort of data, but CDNs are most commonly used to deliver web pages and their related files, streaming video and audio, and large software packages. It’s free and you can even use DDoS protection with it.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel