People can argue this point all they want but I will stick by my statement: Hackers are intelligent people.
However, having said that, being intelligent and doing intelligent things are two different things. Hackers may be intelligent people but they often do stupid things. Things like attacking websites; whether it’s to prove a point, or for money, or even because they’re just bored.
There are many ways that hackers can attack a site but the most prevalent attack is a DDoS. Here’s how you can protect yourself against DDoS Attacks.
What Are DDoS Attacks?
A DDoS Attack is one of the most prevalent methods of attacking a website simply because it requires almost no skill or resources. The point of a DDoS attack is to cause a server overload which will crash your website.
One example of a website getting attacked is when SmartPassiveIncome.com got taken down; in late February, SPI got hit with a DDoS Attack.
At first, the website slowed to a crawl, then some links didn’t work properly, and after a while; the website failed completely. Even if SPI was hosted on a stronger server, the website might have lasted a couple more minutes (or maybe hours); with DDoS attacks, the end result is usually the same – the site either fails or the host takes the website down to avoid other customers suffering from the attack.
Now, a website going down for a couple seconds every-now-and-then is pretty normal. Even several minutes is OK. However, SPI was down for an ENTIRE WEEK. That makes me think that there were complications getting the site back up, or the hosting company might have been giving him grief for the attack (Pat, I don’t know the entire story so if you read this, please update us). My interest isn’t in why SPI took so long to get back on but what the attack did in terms of damage to the website in terms of Search Engine Rankings/Traffic, backlinks, etc… I don’t think that the damage from a website being down for a week can be quantified.
The Damage From a DDoS Attack Is Usually More Than It Seems
Perhaps Pat will update us on some of the questions I have, but I’m curious to see what the attack did for his rankings and search engine traffic. Everyone knows that when Google follows a link, it’s a bad idea for that URL to be unavailable. Google might re-try again later but if your website is down for an extended amount of time, Google will mark that link as invalid due to it pointing to a non-existent address, and the receiving URL will lose that link juice, and possibly that backlink. This is what seems to have happened to SPI durin/after the DDoS Attack:
According to ahrefs.com, SPI lost almost 3,000 links around the end of February which might (or might not) be related to the attack – I just find it too much of a coincidence to NOT be related to the DDoS attack. Now, whether the lost links are related to the attack or not, the fact remains that if your site gets a high number of 404 errors to a certain page/post/article, that URL might get de-indexed in Google. However, there is a way to salvage incoming links which is the reason for me writing this post (we will set up a fallback site to salvage links later).
Search Engines de-Indexing Invalid URLs
When SPI first went down, I did not think to check how many pages were indexed. However, on 3/4/13 (the day the site went back up), there were 775 pages indexed in Google for SPI:
And as I’m writing this portion of the post, 2 days after the site had been brought back online (I wanted to make sure Google had time to re-index his site after it came back online), there are 924 indexed pages and no new content has been published on the site - that’s a difference of 149 URLs that are indexed in Google.
A quick disclaimer: I don’t know if these are pages that were once indexed or not; for all I know, Pat might be tweaking settings on his site which is causing the fluctuations in indexed pages, either way: I have no doubt that SPI will fully recover [in due course] because of its’ many backlinks.
Now, if something like this were to happen to a smaller site, it could totally decimate the website. I’ve had a couple of Amazon Affiliate websites (back in the day) that had downtimes of a day or two (due to horrible hosting companies) and the traffic never fully recovered afterwards due to lost links, etc. which is the reason I came up with the idea to create Fallback sites for my websites.
Why Setting up a “Fallback Site” is a Good Idea
Quite simply, the de-indexing and loss of links can be avoided by setting up a fallback site. If you only have one hosting account at the moment; don’t worry. You can always order another later (if/when needed). However, having said that, I recommend to ANYONE that makes money from more than one site to “spread out” their money making sites across several servers to avoid having all your important sites getting taken down all at once.
You don’t have to set up a full-fledged clone of your website, but it does help if the site looks similar. The process is REALLY easy to set up, even if you do it last minute (like when your site gets attacked).
For my example, I will use AllStuffWeb.com; my site actually got hit by a weird bug as well on the 27th and was down for a while before I got a message and re-pointed it to my fallback site. Total Downtime? Less than two hours. Damage minimalized.
Keep in mind that for me this is easier than for [some] others because I already have several (2 dedicated servers, 3 smaller VPSes, 4 shared hosting) different servers because I’m paranoid and I like spreading my sites out across multiple servers, as opposed to having all my eggs in one basket.
You can have the same setup as me; you might not need as many servers though.
A Couple Notes Before We Begin
- The links in this post are at times Affiliate Links. To read more about affiliate links, click here. Having said that, I do not ever recommend anything that I haven’t tried and used myself.
- As I write this, AllStuffWeb.com is on a BlueHost shared hosting plan. Until recently, that has been good enough for me.
- However, with increased traffic (and the fact that I have a number of sites running of this shared account), the page load speeds are starting to slow down and so I have plans to move it to a beefed up dedicated server in the near future, just waiting for my new server to arrive.
- I will use an older HostGator account that I have for the fallback copy.
- I get all my Domain Names via NameCheap due to the speed with which the settings are applied. I recommend NameCheap to EVERYONE. I should note that my links to NameCheap are affiliate links but that has nothing to do with me recommending them; I’ve been using NameCheap forever and just recently applied for their affiliate program.
- You will need to know how to set/change your Nameservers. If you’re not sure how to do this, you can read up on changing Nameservers with NameCheap
- I will install several plugins on the fallback site to redirect all broken links to the home page and do some other fancy things. We will go over this in a little.
- I will use MailChimp (that’s an affiliate link to MailChimp.com) to notify my visitors/subscribers of any issues I’m having with my site, and to get them to sign up to be notified when it’s back up and running.
- This will allow me to email out even if my AllStuffWeb.com email server is down.
- This will keep subscriber emails (and the entire email list) off-server to make it more difficult for hackers to steal (or otherwise compromise) my list of subscribers.
- Mailchimp’s FREE account allows you to have up to 2000 subscribers, which should be more than enough for the time your site is down.
So Let’s Begin With a Scenario
It’s a bright sunny day, the birds are singing in the trees, and you’re sitting at home, writing an article about how good things are going for you (hopefully you write your articles offline), when out of the blue; FLYING NINJA HACKERS START ATTACKING YOUR SITE!
The president is furiously trying to get you on the phone to see which country he should nuke, there is panic in the streets, the Soviets are mobilizing troops, and …
Well OK, your site going down might not be THAT dramatic, but still; one day your site is up and running and the next; you’re looking at a message that’s telling you that your website is inaccessible. You’ve been attacked and your website is down.
What do you do?
Don’t Panic, It’s not the end of the world *
*unless, of course you’re reading this in the future and it really IS the end, in which case; I stand corrected.
Hopefully, you make regular backups of your websites so you can restore your website, but even if you don’t, you can at least create a “temporary fallback” site. It’s not quite “making lemonade out of lemons” but it IS making the best out of a bad situation: This back-up site will preserve your incoming links by temporarily forwarding non-existent URLs to your home page and also give you a chance to get the message about your site being down.
What You Will Need Before We Start
Below is a list of things you will need or need to know how to do. If you have questions, feel free to ask in the comments section.
You will need:
- A Domain Name (Captain Obvious strikes again!) and you’ll need to know how to change NameServers.
- A Hosting Account (My suggestion is BlueHost and HostGator because they’re really simple to use and both have amazing customer service). Also, both of these hosts have cPanel access so incase you DO need to move your site, it’s pretty easy using the cPanel Backup/Restore feature.
- About 10 minutes of your time.
If you’re using a service like Pingdom, you will be notified within MINUTES of your site going down. The first thing you will need to do is NOT PANIC. Sure, your website going down is a serious matter, but like I said before; It’s not the end of the world *.
However, having established the need to remain calm, you need to move fast; A server being down is never a good thing: The longer you wait, the more damage will be done to your search engine rankings and visitor experience.
One of the first things you will want to do is point your domain to a different server – hopefully you already have a fallback site created. If you don’t have a fallback site created already, you can do this fairly quickly by installing WordPress on a different server and re-pointing your domain there. If you already have a fallback site created, then once you point your name servers to the new server, your visitors will start seeing the new site.
Switching To A Different Server
As soon as you know that your server is down, you should try to figure out what the issue is. If your site is under attack, it is a good idea to switch to your Name Servers to your backup site until the attack subsides since DDoS attacks target an IP Address – when you switch servers, your domain points to a different IP.
I’ve got different types of backups for each of my sites:
- My “money maker” sites have clones set up so that down-time is minimal and damage is maintained
- My blogs (like this one) have simpler fallback sites created; a simple 1-page explanation (which you will see later) to minimize load times due to traffic.
You might want to set up something entirely different; that’s up to you. However, in the rest of this post, I will show you how to set up a “minimalistic fallback site” to salvage your backlinks, pagerank, Search Engine rankings, and visitors/traffic.
Setting Up a Minimalistic Fallback Site to Salvage Backlinks and Traffic
Like I mentioned before, we’re going to set up the fallback site to do the following:
- Forward incoming links to the home page (by forwarding 404 errors) so that you don’t lose back-links and so your pages don’t get de-indexed
- Notify your visitors that your normal site is down
- Block Search Engines from spidering your Fallback Site (to retain your currently indexed pages)
- and give visitors an option to be notified when the site comes back up
I’m going off several assumptions here. If my assunptions are wrong and you don’t know how to do something, there are links to each of my assumptions below:
- You know how to install WordPress.
- You know how to change NameServers.
- You know how to install WordPress Plugins.
You should already have a fallback site set up, if you don’t have one set up yet (or don’t have a fallback server), go ahead and install WordPress on a host like BlueHost or HostGator and change your name servers to the new hosting account so that we can get started installing plugins on your fallback site.
Plugins to Install on Your Fallback Site
Like I mentioned earlier, there are several plugins that we will want to install in order to be able to salvage the incoming links, as well as tell the search engines not to crawl your website temporarily.
Here are the essential Plugins to install:
- 404 redirection – by Flipsters.org
This plugin will redirect all 404 errors to the home page to salvage PageRank from the missing pages, as well as redirect all links so that you don’t lose backlinks.
- Jetpack by WordPress.com – By Automattic
This plugin is an obvious choice for its’ many features and simple-yet-useful statistics plugin.
- SEO Ultimate – By SEO Design Solutions.
This plugin is THE plugin for SEO. Not only do I recommend & like this plugin more than Yoast, but it also has a couple cool features that Yoast doesn’t offer (more on this later).
You will notice that I didn’t install any social media icons or anything similar. The point of doing (or not doing) this is to minimize the amount of scripts and frames that have to load on the page: You don’t want visitors to leave before they can get the message about your website being down.
Once you’ve installed the plugins, you will want to go through and set up the website correctly, so let’s begin with the basics.
Set up Your General Settings (Site Title / Tagline)
I know this is obvious but you would be surprised by how many sites I come across that still have “This is Another WordPress Website” as the tagline. CHANGE THAT. You want your visitors to be able to identify your website and not think that your site is no longer under your control.
-I will need to update this post. Will do that soon-
Once you verify that your website is down (you can do this by checking on http://isup.me/), go ahead and re-point your Name Servers to your new hosting company where you have the website already set up.
Next, you will want to Clear your DNS Cache.
Your plugins automatically start redirecting all incoming links to your home-page where you have your message about your site being down, as well as a way for your visitors to ask questions / sign up to be notified when you come back online.
Latest posts by Archived Posts (see all)
- Google Hides Keyword Data: What Now? - September 24, 2013
- Switching to the Genesis 2.0 Framework - September 18, 2013
- Woothemes Sensei vs WP Courseware by FlyPlugins: A Sensei Alternative? - September 13, 2013