DDOS Attack is Real and Painful

By Danny Paul Van Iersel, 15-05-2025

Some people would say it is not that big of a deal. Or that will not happen to us. As we always warn our clients of the potential dangers, it sometimes too late to act.

As security keeps returning as a big topic of discussions, it is important to know why you should invest and keep it up to date. It is better to prevent than to have to deal with the situations we sometimes face once it is too late.

And yes, we have faced the scenario...

What is it?

First of all, let us explain what DDOS means. The full name is "Distributed Denial-of-Service". it is a way to disrupt the normal traffic towards your website.

It means that a host machine is getting too many requests, therefore it cannot handle the workload. You normal visitors of your website would receive pages terribly slow or even receive timeouts.

What happens during a DDOS attack?

It starts with the communication. You receive a call or message from your client or an alert of an implemented monitoring system. Saying the website is down or not available.

From that part you start investigating what could be the cause of this all.

It is stressful. Be nice. We all know it could cost a lot if your website is down. You are missing new clients, new orders and you are losing reputation. Just picture this; while someone is investigating what is causing all this, every part of the system is overheating. Trying to collect log files or just accessing the system already can be a task that is too much.

After the initial investigation you conclude that there is too much to processes for the server. Adjusting the Firewall to only allow a selected set op IP ranges seems to do something for the server stabilises. But once you allow public traffic the server overheats again.

If you do not have a WAF (Web Application Firewall) it is difficult to direct specific traffic or configure features like DDOS Protection. In our case we quickly setup a Cloudflare environment. This takes some time to setup, pay for a license, setup a environment and have new DNS records to have your website URL direct to the Cloudflare instance instead of your own website host.

Unfortunately, all this time it takes, your website is sill not back for your customers.

Now that we have setup the Cloudflare environment and have traffic redirected through here, the site is still overheating. The main difference now is that:

• We can see what is happening
• We see the actual traffic
• We see how much traffic goes to the website
• And where it is coming from.

We finally could pinpoint where the target of the DDOS. A single page got thousands of requests, in an hour almost a million. With Cloudflare we now could setup rules towards this page and implemented challenges to block bots. This helped us for Cloudflare is now blocking the traffic before it hits the website. The server stabilised and normal visitors of the website could access the site again.

After the facts

Looking back on it all we can gather more information regarding this attack.

We also received information about who was behind it. A group called "NONAME057(16)", it is a pro-Russian hacker group. In total the attack lasted for about 12 hours. But even days after the attack we still see requests pass through the analytics.

Someone might say, if you see such a request would it not be easier to just block the IP? Well, the problem with that would be that the attack is coming from one country. It quickly added other locations from all around the world. Blocking only 1 IP or an IP range would not be sufficient.

Can you prevent a DDOS attack? The honest answer would be "no". If you are the target of a DDOS attack the network of bots will execute their tasks.

Never "truly" ending

Luckily, now a day the security systems have solutions to deflect these types of attacks. Unfortunately, hacker-groups will always try and find ways to bypass securities or invent new ways to threaten your systems.

Security will therefore never be obsolete and forever evolve to manage new types of attacks. We will never stop defending.

Are you worried about your environment? Do you feel vulnerabilities might affect you? Come have a chat with us. At Blastic we are always happy to help. It is a rewarding feeling to be able to stap hacking organisations all together.