Hey folks…
I’ve recently launched my app to the world, and I think it is suffering some kind of DoS attack, as I am getting crazy peaks in data transfer costs from my aws ec2 instances … on Monday it was $93 just on that day! 
I’d love any pointers you have to information about as to how to manage this…
… and I may need to work with someone to help me set up a solution, so if you have these skills, please let me know!
Best wishes,
Antony.
Maybe you can put your site behind Cloudflare ddos protection services. @JonL might have some tips about this.
There are also other tools services:
Do you have some server logs about what kind of requests are causing it? DDoS protection will filter requests before it is reaching your server, but will only specific requests that are used for these kinds of attacks. When there is a problem in your App where it makes constant requests, or someone is perhaps constantly scraping data from your API, it will not protect you. So, first is to figure out what is causing it.
If your data is not very dynamic, using Cloudflare can reduce data transfers since it provides really good caching.
I believe your app is basically a big SPA with loads of SSIs.
Are the includes conditional?
Could the issue simply be the amount if data loaded by a single page load?
Check out dev console.
How many requests are pushed out by a simple page load?
Are there a lot of requests called when a content page ( include) is reloaded i.e. full load or partial?
P.S: How’s the CPU usage of your EC2 machines?
Hi @Antony I’ve had this happen to me previously on my own server and it is a pain.
One thing that helped was using cloudflare and configure the security.
Touch wood, my server has been up an running for a while now with no issues and plenty of blocked attacks.
You’ll need to keep in mind activating Cloudflare won’t resolve this attack (or future attacks by the same person), as they’ll already have your origin IP. You’d need to activate Cloudflare, then change IPs afterwards for CF to be effective. You’d also want to make sure you don’t have any records exposing your IP - CF gives you a warning if you have any that are.
If you are hosting on a Linux server you can install Fail2Ban. On windows server, there’s a feature call Dynamic IP address restriction.
Explore those if you have not yet already.