Emergency Response When Your VPS Faces CC/DDoS Attacks

When a server suddenly sees a traffic surge, maxed CPU and an unreachable site, it may be under a CC or DDoS attack. Stay calm and follow the steps.

Identify the type

• DDoS: massive traffic floods the bandwidth, crippling the network layer;
• CC: many seemingly normal requests hit the application layer, exhausting CPU/connections.

Emergency steps

• Inspect connections and traffic sources: netstat, access logs, find abnormal IPs;
• Temporarily block suspicious IPs or regions (iptables/firewall);
• For CC: enable rate limiting, CAPTCHA, WAF rules, and cache static content;
• Put the site behind a protective CDN and hide the origin IP.

Longer-term protection

• Don't expose the origin IP directly — front it with a CDN/anti-DDoS layer;
• Configure the firewall sensibly, minimize open ports;
• Watch traffic monitoring and alert early.

Contact us

Under a large-scale attack, contact 00Shark support @aliyun370 immediately; we'll help assess and advise on protection.