Blog Post

Bot attacks are a sad reality
Do You Have a Bad Neighbour? How a Shared Server Attack Can Take Down Your Website

Your website went down today.
You didn't change anything.
You didn't get hacked.
Your neighbour did.

1. The shared server reality

Most small business websites share a server
10, 20, 50 sites on the same machine
Same CPU, same RAM, same MySQL instance
Same connection pool

2. The attack you never saw coming

Bot network targets one site on the server
1,340 requests in 15 hours
Each request opens a DB connection
Connection pool exhausted
YOUR site gets "Database connection failed"
Your customers see an error page
You lose sales, credibility, SEO ranking

3. The evidence

Server Connections Attacked

Catching Fake User Agent Bots

Different IPs, same fake Chrome/142

Systematic site-by-site scanning - these bots attack a number of sites on your server at the same time.

19 unique IPs in 2 hours - banning one IP does not work against this type of mulit-ip attack.

4. Why WordPress makes it worse

No connection pooling
Every bot request = full PHP + MySQL cycle
One attacked WordPress site can take down every site on the shared server

Wordpress has issues - its architecture of-:

Request - PHP - load everything - MySQL - response happens every request including bot traffic

5. Our Java solution

Server-wide defence
One filter, one log, one Fail2ban rule
Bot blocked before touching DB
All sites on server protected

Before

Each unfiltered bot request:

  • Tomcat creates request/response objects
  • SecurityCheck runs
  • Controller instantiated
  • DBU gets connection from pool
  • PreparedStatement created
  • ResultSet allocated
  • Objects held in memory during processing
  • Java Garbage Collector must clean up after
After

Each filtered bot request:

  • doFilter() called
  • String comparison: userAgent.contains("Chrome/142")
  • 429 written
  • done
  • Memory allocation: ~negligible
  • Java Garbage Collector pressure: zero

Stopping an attack is only part of the problem. Designing an architecture that prevents resource waste is a the best defense.

6. The proof

The top command told the story instantly.
Before: memory climbing, CPU spiking, load average high.
After: flat lines across the board.

The server went from "fighting for its life to barely noticing the attack."

Your Google rankings dropped and you don't know why?

Its not just server performance that suffers in a prolonged bot attack. SEO rankings can drop.

Check if your server had a bad neighbour

  • Downtime = ranking drop
  • Slow response = ranking drop
  • Both caused by your neighbour's attack
  • Neither your fault
  • Both preventable