Categories
WordPress

The DDoS and the Damage Done

With this notification we would like to inform you that our in-house Website Performance Monitoring System (WPMS) has signaled that your account constantly uses a large amount of the server’s CPU resources. These excessive requests consume an abnormally high amount of CPU resources and endanger the overall performance of the server. Your account consume more then 55703.75 CPU seconds and 102195.00 CPU executions for the last 24 hours. (…) Unfortunately, your website’s server resource usage is not suitable for this server and that is why we will no longer be able to host it there.

This is the message that waited for me in my inbox when I woke up last Thursday morning (grammar errors and typos included). A quick visit to mor10.com confirmed my panic: The site was down, replaced by a 503 error. Logging into my site admin panel I discovered the hosting provider had locked down my site banning access to any incoming visitors. And for good reason. A quick inspection of the resource logs showed something dramatic had happened during the night. Here are screenshots of the weekly stats and the execution log for the preceding 24 hours:

Weekly stats graph showing dramatic increase in activity
Weekly stats graph showing dramatic increase in activity
Executions log graph showing dramatic jumps in activity
Execution log shows extreme variance in activity caused by the server dropping in and out of service

Thus began what would become a 16 hour battle with arrogant and ignorant tech support “specialists”.