A debilitating DDoS attack can happen to any website at any time. Just ask Habib Bilfaqi, the network manager at the Institute of Printed Circuits (IPC). In a recent webinar we hosted, Bilfaqi discussed the difficulties of protecting a website in a public cloud from distributed denial of service (DDoS) attacks. Even for a veteran IT professional like Bilfaqi, a full-scale DDoS attack presented quite a challenge.
How the Attack Unfolded
Bilfaqi noticed a problem with his company’s servers on a recent Sunday evening. By Monday he and his team couldn’t access any of their websites.
He thought he was prepared for any sort of DDoS threat. Ninety-five percent of his servers were located in the Azure cloud and his websites were being protected behind a Barracuda web application firewall (WAF). As an added precaution, Bilfaqi had carefully crafted a layered environment in the server to protect all of his vertical management systems.
His servers weren’t as safe as he thought, however. “After 36 hours of going back and forth with the Azure team, I was finally told that there was nothing wrong with the infrastructure,” said Bilfaqi. “They just didn’t know what was wrong at that time.”
Switching to the Barracuda support team, Bilfaqi learned that malicious web bots were hitting his network in a barrage of attacks. He realized the existing WAF wasn’t helping.
“From Sunday evening all the way up to about up about Friday afternoon, my main websites and my revenue engineering websites were all down,” said Bilfaqi. “They were non-reachable. The servers were running fine but every time I put them on public facing, they just kept going down. We couldn’t pinpoint what the issue was and we couldn’t figure out how to block it.”
After days of troubleshooting, Bilfaqi his team surmised that it was probably a volumetric DDoS attack that couldn’t be sustained in the Azure appliance. But they needed more guidance.
Once contacted by Bilfaqi, the Incapsula team identified the situation and implemented the WAF which blocked the ongoing problem. By Saturday, the attack was being filtered and reported and there were no more server outages. By Monday, Bilfaqi moved all of his sites under Incapsula protection services.
“What we learned from this whole situation,” said Bilfaqi, “was that we took too long to think outside the box. We just stuck to what we had rather than looking for something else to make things better.
“At the same time,” he said, “we needed confirmation on what was really going on before moving forward, before trying something different. DDoS attacks are pretty hard to identify without some type of security reporting tool.”
Incapsula reporting helped Bilfaqi understand the type of attack he was experiencing and how often it was occurring. “That put into perspective why things were not working when they should have been,” he said.
In the end, setting up Incapsula DDoS mitigation services wasn’t hard or time consuming in any way. “I went from 0 to 60 mph in two hours,” said Bilfaqi. In addition to Incapsula DDoS Protection, he could also leverage the Incapsula content delivery network (CDN). “Its CDN helped absorb volumetric DDoS attacks and made our websites run faster and load quicker.”
For further details on the attack on IPC and Incapsula services, we encourage you to listen to a recording of the webinar “How to Secure Your Website in the Public Cloud: A Case Study of Success.”
We are here if you need more information about DDoS attacks and online security issues. Feel free to contact our support team or drop us a comment.
Keep your finger on the pulse
Sign up for updates from Imperva, our affiliated entities and industry news.
Keep your finger on the pulse
Sign up for Imperva updates and industry news and never miss a beat.