Today I woke up to 22 emails that my website was offline-online-offline and so on. Turns out some users are once again abusing AdRotate Geo by sending millions of requests to my API.
AdRotate Geo serves around 3 million requests per day. And scales pretty well for small to medium sites. Currently there are a couple of hundred users subscribed to AdRotate Geo. But getting upwards of 40 million requests per hour is a bit too much for my servers.
So, DDoS then, again… But they’re all real AdRotate Pro users as far as I can see. Valid authentification keys and api access… After some digging it turns out that it was AdRotate Geo being hammered with traffic from a bunch of AdRotate Pro users sites. Millions of requests per site? Come on. That’s not real traffic. Can’t be… Or is it.