The Battle Against a DDoS That Nearly Cost Millions

This is the account of how Kapta faced a devastating cyberattack, acting swiftly to save a client’s business. Proof that, in the digital age, speed and expertise make all the difference.

Mondays are always those days when we show up at work expecting emails or phone calls about questions, doubts, or errors that happened over the weekend. But nothing could have prepared us for what happened this past Monday: an urgent call from a client in complete despair. All their websites had been offline for over two days. The financial impact? Around 20,000 euros per hour.

The situation was critical, and the stress on the client’s face was evident in every word. Their trust was in us, recommended by another client, and we knew the responsibility was huge. With access to the server granted, we quickly found the culprit: a DDoS attack (Distributed Denial of Service). A true digital nightmare.

Without wasting time, we moved all their sites to Cloudflare, a powerful shield against attacks. However, the attackers were relentless — they already knew the server’s IP address, forcing us to consider switching to a new one.

Meanwhile, we analysed the logs and discovered that over 18,000 IP addresses per minute were bombarding the server, while the client’s normal traffic was just 10,000 users per day. It was under siege.

We located the source: the hacker was using Amazon servers, originating from the US, while the client’s business was 97% European. After hours of analysis, we blocked the ASN associated with those servers. And finally, the attack stopped.

This experience is a stark reminder that, in the digital world, security can never be taken for granted. Every second can be the difference between disaster and recovery.