My website got attacked
by Chenlong 2019-07-24
language of the article
Being on the public Internet, it is almost impossible to not get attacked, this is why Internet Security remains a critical subject in this era.
Here's my story.
Recently, I received a notification from my GEO service provider, saying that I'm about to reach the limit of the monthly available API request volume, which stands for 10K calls.
My first reaction was like, really? HOW? Did my website become popular?
No way of course...
There must be a malicious cyberattack to my blog and I need to stop it.
With Application Insights, it was easy to quickly build up a metrics report showing the server-side requests statics of the last 30 days, without any surprise, I got this:
It seems to be a typical DDoS HTTP flood attack, so I went to track down the malicious IP addresses where these requests come from.
In Investigate -> Search blade, it is possible to search the requests and group the results by common properties, and it was quite easy to find out the IPs that I wanted.
Next step, I went to the App Service -> Networking -> Access Restrictions, and added the rules to block those IPs, and Voilà!
In order to prevent such kind of attacks in the future, I decided to reinforce the monitoring process, apart from the automatic alerts on request failures, a new dashboard that shows various metrics reports has been set up as well, over the period of the last 7 days.
Now I'm just crossing my fingers and hope to not get attacked again in the near future :)
Peace & Love to the hackers who made my day \o/