I currently operate a Debian VPS with Linode to host a website. Yesterday, the entire VPS became unresponsive for about 40 minutes. Checking the graphs that Linode provides I see that the entire system seems to have ground to a halt during this time:
dmesg just yields a bunch of
iptables denied messages, but I suspect that these are as a result of the firewall operating correctly, since they’re mostly obviously unreasonable (e.g. UDP packets, nonsense TCP packets, etc).
How would I go about diagnosing what happened, and take steps to prevent it from happening again?
The first thing you do, if you can’t reach your VPS, is to contact your provider. If they have them, check their status page or Twitter feed for information about any incidents affecting multiple customers. Then, if necessary, contact them.
In your case, the time on your graphs corresponds exactly to a DDoS attack directed at Linode yesterday.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.