Haproxy - fixed DDoS 508 error, but site now loads slow?
 

Hi
I posted this on WHT, but didn't really get much of a response. I need some advice.
My website gave a 508 "resource limit reached" error (currently hosted on shared). My host said it is a DDoS attack; and they activated something called HAProxy. The 508 errors were resolved, but since then
1 The traffic has fallen to almost the half
2 Site loads slow
3 Many of my visitors complain they can't access my site. I can access it, though.
Are the resultant issues arising out of HAProxy? What exactly is this thing? Any idea how to get out of this issue?

That host gave some weird advice.

Error 508 is more often an issue within the shared account or VPS container itself, and refers to RAM or CPU issues. It happens when CloudLinux hits a ceiling on shared account, or when you get out-of-memory errors (or hit 100% CPU) on a VPS. It's also a sign of heavily oversold nodes, be it VPS or shared.

It can be caused by anything -- site scripted, MYSQL database hits, etc.

508 is not how you detect DDoS.

HAProxy is a load balancer -- not a DDoS protection method, although some try and use it for that.

If HAProxy halved the traffic, then one of the server being used in the load balance is wonky.

Hi

Ok, so what would you suggest I do? Should I consider changing my host, then, in the light of the weird advice given to me by the host?
My current host is Namecheap, and the only reason I have not considered moving is because they are very lenient with their resource limits, so if I move elsewhere, I'm surely gonna hit usage limits there too, unless I get a VPS, which is a no-go route for a hobby site.

Namecheap is an excellent host, so I would tell the tech to re-clarify:
1. What proof do they have that it is DDoS? You need quantifiable numbers.
2. Are they sure it's not simply something on the site(s) hitting CloudLinux limits? (They use CloudLinux.)

It's more likely the latter, not the former. Is this a WordPress site, by chance?

And you're NOT using CloudFlare, correct? That can be a common culprit as well.

Hi,

They said it could be both, either a DDoS or CloudLinux hitting limits. But looking at traffic logs, they said it was more likely a DDoS -- multiple visits from same IP, etc.
Yes, this is a WP site, but it does not use CloudFlare or any other CDN.

That's still bad advice, if it's truly a single IP causing the traffic -- block it. It also matters what's being requested -- an image, a web page, etc. By that loose definition, Facebook could be DDoSing a site by hotlinking an image.

The fix could be as simple as moving a file, deleting a file, or blocking an IP.

Nothing screams "use HAProxy!" that I've seen thus far.

Exactly what I thought too; I don't have much info about HaProxy, so I thought it might be something I should ask here.
As good as Namecheap might be, their support left me confused this time. :\

Feel free to escalate the support ticket to management. I did this myself a while back, because I was getting some weird answers. It was quickly straightened out, and the tech educated. It happens at any host.

Alright, will do that.