Contents
Project Description
When our client came to us, their business was already running at full capacity. However, the business had a significant problem with frequent DDoS attacks.
These attacks caused site instability, impacted search visibility on Google, and most importantly, resulted in loss of revenue. It was a tense situation for their team, so handling it became their highest priority.
Provided Services
- DevOps services
- CI/CD automation
- SRE services
- Monitoring
- Incident management
- Operations managed services
- Technical support
- Disaster recovery as a service
Work Agenda
Team
- 2 DevOps engineers
- Project manager
Project timeframe
July 2025 – ongoing
The Main Project Challenge
The key obstacle we had to address was repeated DDoS attacks on the platform, as they were regular and disruptive.
Each serious attack meant the website going down. On top of that, our client’s website visibility in search engine results was affected negatively, which only made the situation worse.
At the same time, another problem was affecting day-to-day operations. The deployments didn’t happen automatically, monitoring was limited, and responding to issues consumed more time and manual work than necessary.
Our Solutions
Server optimization
We began by strengthening the overall system to better handle heavy loads. Initially, all applications were running on a single Hetzner bare-metal server, with the database hosted on a separate server. Later, we distributed applications handling different types of traffic across three servers.
When all applications were running on a single server, there was only one Redis instance. It’s used for caching and session storage, acting as an intermediary between the application and the database.
After distributing applications across three servers, we placed Redis next to each application. However, it was important to consider that traffic between Hetzner bare-metal servers passes through network channels. These servers were connected via one-gigabit channels, and when Redis attempted to communicate with the database, it overloaded these channels. As a result, there was insufficient bandwidth left for organic traffic.
To address this, we upgraded the network channels from one gigabit to ten gigabits, which significantly improved the situation. However, because Redis instances were running independently on each application server, desynchronization issues began to occur, and clients’ customers started receiving outdated or inconsistent data.
We then decided to move Redis to a single, dedicated server. This centralized Redis instance became the primary one.
Yet, we still had to implement a backup Redis strategy, since during a DDoS attack, traffic volumes can become so large that even a ten-gigabit channel—the maximum available from the provider—can become overloaded.
To mitigate this risk, we reintroduced Redis instances on each application server but kept them disabled by default. We created a script that detects the start of a DDoS attack: when triggered, the centralized Redis instance gets disabled and the local Redis instances on each application server are enabled. This approach prevents Redis traffic from clogging inter-server communication channels and helps preserve bandwidth.
Below, you can see our server optimization solutions in greater detail:
DDoS mitigation with Cloudflare
Since our client already had Cloudflare, we made full use of it. We set specific rules to prevent requests that obviously didn’t appear natural.
Database query optimization
The database was struggling with heavy, complex queries, and in the event of a DDoS attack, even 30-40 requests each second had the potential to bring down a fairly powerful server. This could occur not only during malicious attacks but also when there were genuine increases in traffic, like, for instance, during promotions or sales events. Our team conducted database query optimization.
CI/CD automation & environment setup
Next, our team set up CI/CD pipelines and created multiple environments to ensure changes could be deployed in a safe, predictable manner.
Real-time monitoring & incident alerting implementation
Becoming aware of issues and notifying about them is another important level of defense. We set up alerts for any unusual spikes in traffic. If something doesn’t look right, like an increased latency, we notice it straight away and can respond immediately.
Here’s how our incident response flowchart looks like:
Disaster recovery planning
Finally, we also created a disaster recovery plan with a clear sequence of actions for emergency situations.
Results
The biggest risk is now behind us. Our client no longer faces interruptions during DDoS attacks. In recent attacks, their platform remained completely operational—there was no noticeable impact on sales. Compared to previous incidents, the attacks were essentially invisible to customers.
With stability in place, our client’s attention has moved to more strategic objectives. We keep working on additional system enhancements, so it can better support future business growth.
I am an IT professional with over 10 years of experience. My career trajectory is closely tied to strategic business development, sales expansion, and the structuring of marketing strategies.
Throughout my journey, I have successfully executed and applied numerous strategic approaches that have driven business growth and fortified competitive positions. An integral part of my experience lies in effective business process management, which, in turn, facilitated the adept coordination of cross-functional teams and the attainment of remarkable outcomes.
I take pride in my contributions to the IT sector’s advancement and look forward to exchanging experiences and ideas with professionals who share my passion for innovation and success.