On Sunday (27 November 2016) a small website that I advise on was the victim
of a DDoS attack that managed to knock the site offline. I received notice on
Monday that the website was not working. I was able to ssh to the web server and
quickly found that the database service was stopped. After a brief examination
of the database logs (nothing too out of the ordinary), I started the service
back up and sure enough the website came back online. As the website runs on
Drupal, I logged in to take a peak at the Recent log messages and found
hundreds of records of log in attempts from a lot of different IP addresses.
User accounts on the website are only used by administrators to update content,
so it was clear that the site was hit by a DDoS attack!