Surviving a DDoS: How We Kept an E-commerce Site Online During an Attack
There’s rarely a convenient time for a DDoS attack, but mid-way through a client’s biggest sales week is about as inconvenient as it gets. Here’s how we kept their store online while a botnet threw junk traffic at it.
Recognising it for what it was
The first sign was monitoring: response times climbing, then timeouts, with traffic an order of magnitude above normal from a scattered set of IPs. This wasn’t a traffic spike from a marketing email — the request patterns were clearly automated and malicious.
Layered mitigation
You don’t beat a DDoS with one trick; you stack defences:
- Enabled aggressive edge filtering and “under attack” mode at the CDN to absorb volume before it reached the origin
- Rate-limited expensive endpoints (search, cart, login) that the attack was hammering
- Tightened firewall rules and dropped traffic from obviously malicious networks
- Scaled the origin temporarily to ride out the noise that did get through
- Tuned caching so legitimate shoppers were served from the edge, not the application
Keeping real customers shopping
The whole point of mitigation is that genuine users barely notice. By serving cached pages at the edge and challenging suspicious requests, real shoppers kept browsing and checking out while the attack burned itself out against our defences.
After the storm
Once traffic normalised we rolled back the aggressive settings, reviewed logs to understand the attack, and left sensible protections permanently in place so the next one is a non-event.
DDoS attacks are increasingly cheap to launch and increasingly common. The businesses that ride them out are the ones that put a layered defence — and monitoring to trigger it — in place before they’re targeted.
Need this handled for you?
Server Wizards looks after Linux infrastructure so you don’t have to — proactively, and around the clock.
Need a hand with your servers?
We manage, secure and monitor Linux infrastructure so you don't have to.