So THIS Is What Happens When Your Server Goes Down for a Week

No EntryImagine this:

You own a brick and mortar business in your hometown, and business is good.

One morning you wake up, take a shower, put on your work clothes and grab a coffee and a blueberry muffin on your way out, just like every other day. You drive towards your store and as you pull up, you notice something weird: all of the windows are boarded up.

That’s strange…

You scurry to the door, insert the key and push – but the door doesn’t budge.


Looking more closely, you see that the door is actually welded shut.

You run to the back entrance. Same deal.

There is no way anybody is getting in, at least for the time being.

Suddenly, it’s 9:00am and cars start to roll into the parking lot. A few coast by only to notice your ‘abandoned’ store and they drive away. Others stop in front of you on the curb and ask you what’s going on or when you’ll be open for business again, but unfortunately you don’t have an answer for them.

On Monday, February 25th, this happened to me – not with a brick and mortar store, but with my websites – almost all of them – including this blog.

They were down for an entire week, which in the online world feels like an eternity.

This is a detailed account of what happened, lessons learned and strategies for dealing with situations like this for the future.

Story, Begin:

On Monday, February 25th, I woke up at 6am and drove to the Solana Beach train station where I was going to meet my videographer to shoot some footage for my upcoming book/Snippet, Let Go. You’ll hear more about this project very soon.

Around 9am, while filming on the train I checked my Twitter stream on my phone and noticed 2 or 3 messages from people saying that Smart Passive Income was loading incredibly slow. I checked on my phone’s browser and it was taking between 10 to 15 seconds to load, but this happens sometimes. Sometimes the server is being worked on or maybe a huge amount of traffic just decided to stop by all at the same time, so I didn’t think too much of it because usually the problem solves itself after a few minutes.

Around lunch time, I checked the website again and everything seemed to be back to normal. I saw a spam comment come through and had a few seconds to delete it, but when I tried logging into the backend of my site through WordPress, the login page took two minutes to load before I was met with a 503 Service Unavailable error.


I checked the homepage and it was up to speed, but when I clicked a banner ad for Bluehost in my sidebar, it took two minutes to load before I was met with another 503 Service Unavailable error. The link,, is a redirect link through a plugin called Pretty Link. I use Pretty Link to shorten longer links and also keep track of the number of clicks for each. I tried some other links that I knew ran through Pretty Link, and none of them were working. This meant that if someone tried to purchase something through any of my affiliate links, or even be redirected to my show notes from my podcast, it would come up as an error.

Not good.

I decided to log into WordPress to see if something was up with Pretty Link, but oh yeah – I couldn’t access the log in page.

Something was going on.

We had some more videos to shoot so there was nothing I could do at the moment except wait and hope it was just a temporary glitch. I was annoyed but I had to focus on filming first. At least the front end of the site was sort of working…for now.

Around 6pm I finally got home and checked the blog.


It wasn’t loading at all. It wasn’t even trying to load, the browser just read ‘server unavailable’.


I logged into my server to open up a support ticket, but I decided to call instead. In a minute, I was on the phone with a technician.

I kept asking myself: Why didn’t I just call earlier!?

(Tip: have the number for support entered into your phone so you can call right away if something happens to your site.)

The technician on the phone told me that earlier that morning there was a huge influx of activity on the site, mainly through PHP processes, that was the root of the issues that was happening on the site. They started a ticket to get their support team on it right away, which I was thankful for.

Within that conversation, I was shown this graph:

Server Load

A max load of 5318.1 (whatever that means) for hours, non-stop meant that something paranormal was definitely happening. I still had no clue what was going on or how to fix it, so I just had to hope that the tech team could figure it out.

They asked me if I did anything to the site at that time – maybe installed a particular plugin or changed something that could have caused this kind of load starting on the 25th, but I hadn’t touched anything since the 22nd, so it was definitely something external.

It was getting late and I had woken up earlier than usual that day. I was tired and I just hoped that everything would be okay when I woke up the next morning.

The Next Day…

I woke up and  saw this message from the support team:

“I have not been successful in determining what exactly is causing the high load. I am moving this over to the escalated department for review.”

Breath Pat…breath.

Okay, cool. The “escalated department”. Surely they can help.

It was then when I noticed a number of emails from people saying that the map that they downloaded from my map generator website was not loading anymore. I went to and surely enough, it wasn’t coming up at all.

Then, I checked, my most successful niche site that was averaging $120+ a day. It was down too.

Every website that I was hosting on that dedicated server was down.

I reported this back to the “escalated department” who came back and said that my W3TC plugin (W3 Total Cache) was not configured correctly. They blocked people from coming to the site so they could work on re-configuring the plugin, which didn’t matter because nobody could come to the site anyway.

After a couple of hours, support finally got back to me:

Hello, the load is hovering around 17, which isn’t great. W3TC is now working but the majority of the load is now coming from mysql. I’m by no means a expert when it comes to sql, but it looks as the query is trying to select columns which don’t exist.


There is no comment_post_ID in the wp_comments table.

Again, I had no idea what this meant, but the front end of the site came back up, but something was very strange: no posts were showing up. All I could see was the theme and the sidebar, but there was no content on the site. I still couldn’t log in, and I think I was turning red at this point.

Five minutes later, the server stopped working again.

I went back to support and they suggested that we try reverting back to an earlier date before the massive CPU load started. After 3 hours, the site was restored to what it was on February 16th. The site was back up and I could actually log in again! The site was still extremely slow, and I had lost two posts that I had written between the 16th and the 26th.

Well, after 30 minutes – the server stopped working again. :(

What. A. Tease.

I had to bring in outside help.

This is when I reached out to my buddy Matthew Horne from DIY WP Blog, who I had hired in the past to help me optimize the SPI blog and my security guard site for speed.

Immediately, he went to work and came to the quick conclusion, based on everything I told him and looking at the data server-side, that my site was being attacked. 

A DoS (denial-of-service) attack, to be exact.

A DoS attack is (I had to look this up) an attempt to make a machine (server) unavailable to its intended users. This is done by saturating a machine with external requests, so much so that it cannot respond to legitimate traffic, or responds so slowly that the server essentially becomes unavailable.

Knowing that at this point I was probably going to be writing a long post about exactly what happened for you all, I asked Matthew how he came to this conclusion. He sent me an error log from my server and this is what he said:

You can view the repeated crash and restart of mysql, the database was hit so hard it did not have time to shut down normally and each time it restarted it was proceeded almost immediately by another crash. The error log for the SPI contains approximately 180,000 errors in regards to mysql. The error is as follows:

WordPress database error MySQL server has gone away for query INSERT (additional information here
varies due to the different tables being requested)

This occurs when the database was unable to complete a process or it was closed before it completed.

Think of it like this: when you go to some train stations, you sometimes see those gates where you have to put your card or ticket through to let you in. So when you request a site, it’s like your putting your ticket in, getting processed and the gate opens. You’re in and doing your thing. 

Then imagine thousands of people suddenly showing up all trying to get through the gate at the same time, all placing their tickets in to be processed. The server can only handle so many requests at a time and eventually it crashes and reboots, only to find that that queue is still there and even bigger. Normal traffic cant get in because there is an enormous queue in front of them.

Someone or something was sending hundreds, if not, thousands of requests to SPI, which is causing your server to overload and deny traffic to all of your websites.

A few of things were going through my head:

  • So, I wasn’t hacked. Originally I thought I was hacked, but Matthew assured me that security wasn’t the issue. A DoS attack doesn’t require any sort of infiltration in order to happen.
  • Why me? Why was I getting attacked? It wasn’t fair, but things like there are hardly ever. Then, I remembered hearing about DoS attacks on major sites, and I knew that it was probably just a part of having a high-profile site.
  • So what now? Where do I go from here. How do we fix this issue?
  • What can I do, or what could I have done to prevent this? I explore this later in this post.
  • Why wasn’t I getting help from my server company? This is what bugged me the most. My server, Servint, had always been great. Always – up until this incident. They were quick to answer support emails and calls (and still were), yet, I still felt like nobody on the other end truly cared about my situation enough to help me find a solution. I kept getting data, but I wanted results.

Unfortunately, with a site like SPI and the other sites that I own, I felt that even though they dropped the ball just this once, it was enough to convince me to look for a better solution. Another host.

I talked this over with Matthew and he said that a migration at this point was probably a good idea and would most likely solve the problem since I’d have a new IP address. It’s not the best solution, but at this point I was ready to move hosts and also put SPI on its own segmented dedicated server. In other words, SPI would be on its own server, and the other sites I own could be hosted on another. This way if SPI is attacked again or something happens to the server, my other sites aren’t affected (and vice versa).

Time to Migrate

Migrations are a pain and the way it works can be confusing for a first timer. I had done this before when SPI outgrew shared hosting, so hopefully this extremely basic explanation helps newbies:

A website has a domain name (the web address), and a server (where the data for that website is served to those who visit that web address).

The domain name has information behind it that points to a specific server.

Sometimes, when you create a website, the domain and the server are with the same company (like if you purchase domain and hosting through Bluehost). Other times, your domain might be with a registrar such a GoDaddy, and your server could be at another company.

Either way, before you migrate, you have pointing to some original server.

When you migrate, what you do is actually duplicate your site on a brand new server and then tell your domain registrar to point to the new server instead of the old one by switching nameservers.

After migration, your old server is actually still there, but when you update your website it makes changes on the new server, not the old one.

For me, the first step was finding a new hosting company, and then duplicating what I have on my old server onto the new one.

Through recommendations from some of my close friends, I ended up going with Storm On Demand and I purchased 2 dedicated servers, one to serve Smart Passive Income, and another to serve most of my other projects, including Security Guard Training Headquarters and Create a Clickable Map. I still have shared hosting with Bluehost for some of my smaller and experimental niche sites, as well as Green Exam Academy.

At this point, with the success of the blog, there’s no reason for it not to be on its own beefed up server.

Once the new servers were up and running (which took a few hours), it was time to actually move the site over. “Luckily”, Storm On Demand (SOD) offered to help me migrate the site over for free, so I gave them access to my old server, and they began.

Halfway through, I realized that they were migrating the February 16th version of the site. They said I could pause the process, restore back to a February 27th version of the site that was available, and then restart.

So, I had to go back to Servint, tell them to restore back to what it was. This took another few hours to complete.

Then, I went back to SOD and told them to resume.

After another few hours, everything was ready to go but when Matthew checked the backup file, it seemed to be missing a few important components. Namely my wp-content folder. This meant that the backup was fragmented when it came over, probably because of the pause and restart during the middle of it.



Start over.

We tried again, but after about 6 hours, the transfer failed.

Let’s try this again.

After a few more hours, the transfer failed again!

We couldn’t figure out why the transfer kept failing. It could have been because there was a lot of data to transfer over, and apparently Matt discovered an error log that was over 65gb in size due to the DoS attack, which we cleaned out.

During the SPI migration troubles, I had setup another support ticket with SOD to transfer Security Guard Training Headquarters and Create a Clickable Map to the other new server, which went smoothly. Those sites were finally back up by March 1st.

Then, it was time to fly from San Francisco to Portland.

Just When I Thought it Couldn’t Get Any Worse…

At this point, with the cPanel to cPanel transfer failing each time, Matthew suggested that we transfer files from one server to the other manually, in batches. Smaller file sizes, just more of them.

It was apparently going to take over a day to do this (and do this right). Since it takes time for new nameservers to propagate when changed at the registrar, I decided to change the nameserver to the new server ahead of time, just so that was taken care of already and we didn’t have to wait an additional 24 to 48 hours after transfer. It didn’t matter that I switched early because the site wasn’t loading on the old server anyway.

Or at least I thought it didn’t matter.

After about 4 hours, I started to get a few Direct Messages on Twitter and a couple of text messages that all said:

“Pat, your email address is bouncing back.”

Could this get any worse? Apparently so.

When the nameserver switched, it messed with my emails since the domain was pointing to a new IP address. It’s no wonder I didn’t get any new emails to my SPI email address for most of that day (especially when I average 200-300 emails per day).


I checked with Matthew: “How much longer until the transfer is over and we’re back up do you think?”

Matt replies: “We’re probably around 20% right now.”

And this was after 4 or 5 hours since we started…

Finally. Finally. Finally.

On Sunday, March 3rd, I flew back to San Diego from Portland. After touchdown, when I was allowed to turn on my phone, I checked the blog and it was still down. There were no new progress emails from Matthew yet.

It had almost been an entire week of downtime – I couldn’t believe it. I’ll get into the repercussions of my “week off” in a second.

When I got home, I quickly fell asleep and awoke early in the morning to a couple of emails from Matthew. One read:

“We’re almost there!”

And then a couple of hours later.

“It’s done! Check your browser!”

I immediately opened up my browser, typed in and boom – there it was, just like I had left it.

All that time and work just to get back to where I was.

Relieved doesn’t even begin to describe how I was feeling.


Matthew was still running tests and rebooting the server from time to time as he optimized its settings, so for a few moments it would be unavailable and I’d freak out for half a second, but then it would come back up again.

I also had to re-setup Google Apps for Business to resync my email with the new server, but after I did that the email was back to normal.

And here I am now, exactly two weeks later (since this post took a little longer than expected to write) with my first post since my week from hell.

What an unbelievable learning experience this has been.

Thanks to the Downtime…

There are a lot of things to think about as far as what happened (or didn’t happen) as a result of this week of downtime.

Many people, I’m sure, are interested in how much money I “lost”. It’s hard to say because sales, clicks, conversions and traffic vary each and every day, but if you take into account that on average I earn about $1600 a day (this is based on my monthly income reports – and again this isn’t perfect because some of those earnings are recurring, and like I said there are up weeks and there are down weeks) I lost, perhaps, nearly $12,000.

Now, that’s just short-term. Who knows how many people came to the site and were met with an error, people who could potentially click on affiliate links or purchase products in the future who will no longer visit the site. That’s impossible to measure, but for some I know it’s still disturbing to think about.

For me, however, the most disturbing part is just knowing that real people were coming to the site expecting something, and they were getting nothing. Whether they came from a link from another site, directed to the blog from my podcast or YouTube videos, or through a Google search – it kills me to know that people were coming to the site for something and it wasn’t there to deliver.

That’s a bad first impression. That’s a bad any impression.

I do feel like I let the community down. Even through the attack wasn’t my fault, maybe there are things I could have done better to get the site back up faster, or prevent something like this from happening.

The timing wasn’t very good either. I was on a trip to San Francisco to film some stuff and my head wasn’t all there. I then flew to Portland for an important business meeting and my head wasn’t all there. What needed to get done got done, thankfully, but I still feel terrible that I always had my website in the back of my mind.

In addition to less money earned, there was, of course, the fact that I couldn’t post up any new content. Finally, this week, we’re back to a normal posting schedule, but the podcast and blog hasn’t been updated for 2 weeks now, which is the longest in SPI history.

Matthew was a lifesaver, but of course, he comes with a fee, so there’s that too.

Besides all of the negative consequences, there were a few rays of light during this situation.

When my site went down, I had hundreds of people offer me their help. I’m talking 400 to 500 different people who emailed me or messaged me on Facebook or Twitter offering their expertise in IT or programming or development to help me get back up and running.

That is awesome. Just to know that there are SPI fans out there who are willing to help is amazing – thank you to all of you who messaged me and offered to help.

There were even some people who offered to help who obviously didn’t know what they were talking about, offering advice such as “Pat, I think you should try clearing your browser’s cache,” which I actually appreciated even more. Sure the advice was wrong, but the fact that they were trying to help meant the world to me.

And of course, now I can share this experience with you, and it makes a good story that comes with some important lessons. Before I get into prevention, there are a few things I know I did right during this whole ordeal that I’d like to share.

What I Did Right

1. I didn’t go crazy.

In situations like this it’s easy to freak out, start blaming people and get really angry, but I’ve done that before in other situations in my life and I knew that freaking out never helps – it only makes the situation worse. Once you freak out to a certain level, it’s hard to get back to the point where you can figure out how to solve the issue.

I think my Twitter followers did notice that my general feelings about the situation changed over time. Tweets went from:

“Technical issues on SPI being worked on as we speak. Thank you for your patience!”


“Thank you all for your patience. Still working through server issues today. This has definitely allowed ME to practice being patient.”

to this one:

Kidney Stone

To which a few people eloquently followed up with: “Kidney Stone?”

I didn’t freak out, and although things took longer than expected, the site is back up.

2. I Was Everywhere

Being Everywhere (i.e. not just on my blog, but on other platforms as well) meant that even though my blog was down, I didn’t disappear. My podcast was still up and running and was still downloaded a total of 34,136 times.

My YouTube videos still served 21,509 views and over 87,000 minutes of viewing time.

And of course, I was still able to connect with people through my Facebook Page and Twitter.

For anyone who doesn’t think it’s important to Be Everywhere and put yourself onto multiple platforms, think again.

3. I Utilized My Email List

After realizing that SPI wasn’t going to be up and running right away, I quickly sent out a broadcast email to my email list, talking about the situation and thanking people for sticking around.

It apparently made a huge impression because I received a number of replies (this was before my email started bouncing back) thanking me for the update. Many people were met with the error and didn’t know what was going on until the email came through. Others were just thankful that I took the time to keep them updated, which was pretty cool.

And when I think about this, the blog could have been wiped out and erased from existence, and I still would have been okay thanks to my email list. Worst case scenario, I could easily setup a new site somewhere else and just let my subscribers know, and I’d be back up and running in no time. Of course, I’m happy that SPI came back to life, but even if it didn’t I’d still have my email list.

This is why the email list is important – not just for pushing emails with offers and not just for driving traffic, but for staying connected – truly connect – to a group of people through an email list that you actually own.

If you don’t have an email list setup yet, now’s about time to start one.

4. I Recorded a Video

I couldn’t put up a podcast session talking about the situation, but I still had my YouTube channel!

Since I was in San Francisco and I had my videographer there with me, I told him to shoot a quick video of me explaining that I was working on the site and it would be up as soon as possible. Here is the video below:

A big thanks to Greg Hickman for giving me the idea to show this to people who visited the dead server. For a while, when people would visit, it would redirect to this video on YouTube explaining that they could get more SPI content on the YouTube channel and podcast, linked to in the description of the video.

It’s not much, but it’s something, which is what matters.

5. I Have Insurance

For the past 8 months or so, I’ve had business insurance. This is insurance which covers various things related to my business, including server downtime do to a security breach or attack.

This is the first time I’ve filed a claim with the insurance company, so this is all still very new to me, but it’s going to be a very long and lengthy process to figure out exactly how much (if any) I will be compensated for this downtime. There is, of course, an investigation that has to happen, a lot of back and forth, paperwork, calls, and other things that I probably haven’t even thought about yet, but this just shows you that business insurance could be worth it.

Is it?

I’m not sure. Hopefully it is. I mean, that’s why it’s there, right?

We’ll have to wait and see and I’m not completely sure about how transparent I can be about exactly what happens, but I’m sure many of you are as interested as I am. If I can share any information with you about this process, I will let you know. I’m not even sure if I can share the company’s name right now, so I will hold off on that until I get some answers.

We’ll see what happens.


Security is extremely important when it comes to your website.

The three most obvious things you should have are:

  1. Strong passwords.
  2. An updated version of WordPress (if you are using WordPress).
  3. The common sense to not download anything or open emails that are suspicious.

I have an account with Sucuri which helps with security and malware detection, which I’ve found very useful and reassuring. There are also plugins like Wordfence which do a great job of securing and monitoring one’s website as well.

Unfortunately, with something like a DoS attack, it’s much harder to prevent, which is the scary. To be honest, any site is at risk, and if someone with DoS capabilities wants to attack you, they will, which is why this happens primarily to high profile websites. The best and cheapest solution is good monitoring of things such as disk space so you can act quickly if things do start to happen.

Here is an insightful article that explains more about why DoS attacks have been happening, as well as prevention strategies and resistance.

The Internet is indeed the Wild Wild West of the 21st Century.

In addition to prevention, you’ll want to prepare just incase something does happen to our site.

Having backups for your site are a must. Some servers create backup files for you, but not all of them do – or at least at the rate at which we’d be comfortable with.

One of the most popular backup plugins used for WordPress users is BackupBuddy. With BackupBuddy, you can backup, restore and even more your WordPress site fairly easily.

I had BackupBuddy enabled and I had planned to use it to restore, but when I checked my remote server where my backup files were supposed to be saved (you can have backups saved into Dropbox, Amazon S3 or elsewhere if you’d like), the latest backup was from September 30th, 2012. :(

Something happened where my backups stopped scheduling, or maybe they just kept failing and I didn’t know it – and perhaps whatever made this fail also made the cPanel to cPanel migration fail when I migrated servers – but who knows. Anywho – the backups are working fine now and so if something were to happen again in the future it should be a much quicker fix than before.

All I can say at this point is…


Things like this happen, but you just gotta roll with the punches. Even though February was a short month to begin with and it was even shorter because of my downtime, there are still record numbers and earnings to report in February. My monthly income report is delayed a bit, but it’s coming soon.

Let Go – My Upcoming Book / Snippet

Although my sites were down and out for a while, that doesn’t mean I didn’t get any work done. The entire week I was filming and working on my upcoming book for the brand new Snippet platform called Let Go. 

Let Go and the Snippet platform launches later this month, and I couldn’t be more excited!

For now, here’s a little teaser trailer that my team and I put together for you:

Click here to learn more about Let Go.

Thank you all, again, for your support, for sticking with me, and for reading this really long post! I had a lot to say, and hopefully you were able to learn something from my experience.

Cheers, and it’s great to be back! :)

  • Monja

    What a story Pat! Glad it finally worked out and you have the site back. I feel with you – I had that happening to my sites some years ago and since then I have someone maintaining my server for a monthly fee. He takes care of everything that goes wrong and beside when he is sleeping I can just quickly scream for help.
    In 2011 I even had someone entering my shop and exchanging the Paypal API so that payment was forwarded to his Paypal account. Although I could proof all that and Paypal had already shut down the account, I never got the money back.
    Glad you are back!

    • Pat Flynn

      Thanks Monja, it just seems like this kind of stuff will eventually happen to everyone, so best be prepared. It’s great that you have someone maintaining the site for you now – it seems I do to at this point. Thanks again and wishing you all the best!

    • Matthew Horne

      There are lessons for us all to be learned. I believe the backups were failing due to the vast size on them, almost 300GB so there was no room to back it up, because the error logs were so heavily saturated.

      Checking your disk space in Cpanel is something we should all do, if it looks whacky or out of place, something is wrong. After I pulled the important data SPI is a cool 2.2GB which is incredible, Even I didn’t think that would be the true number because when I first ever worked on it, it was around 40 – 50GB, so ensuring your disk space is tidy is another key point. The attack added an additional 250GB, but that means that originally 38+ GB was still old excessive data.

      Remove all files that are very old, they will likely contain old scripts and in the event someone somehow finds it, they may be able to exploit that.

      I hope SPI continues to grow as Pat has a ton of useful and great information that helped me set up my business in the beginning and elevated me to a very comfortable position where I have met many great people and built amazing friendships online.

      • Rob

        I completely agree, I manage several users WP site and keep an eye on their overall size, you have to be aware of that for any sort of agility in backup or migration.

  • Ramsay

    Happy to see that everything is back now! Thanks for explaining every issue in detail and I’m sure it will be helpful for every blogger / webmaster at certain point of time. And this is the first time I heard about “Insurance for online Business”. I’m interested to know more about it. Thank you and keep rocking Pat!

  • Sebastian

    Hey Pat!

    Good that you are back on track. I just like to point out that how you handle downturns is very inspiring for me. The personal messages and updates from you regarding your site troubles to all of your subscribers are quite unique in my opinion. Being not just worried about the lost money but also very concerned about the people on the other side “of the fence” and how they may feel about the situation.

    That way you really create a deeper relationship to all of us. I think that’s the way how it should be done. I am really learning a lot from you and I just thank you for sharing your experiences.

  • Kevin Thomas

    You unleashed your inner Glen Allsopp with this one Pat. Cant wait to dig into this post.

  • Phanindra

    Nice to see that Smart Passive Income is back again to the normal. Its then I have realized how badly I’m addicted to Smart Passive Income because I’ve got a habit of visiting your site everyday at-least once.


  • Ahmed Safwan@ To Start Blogging

    I’m happy that the site is back again Pat.

    I really liked the way that you were cool when the site was down. Also, Thanks for sharing this great information, and sharing the guy who you were working with.

    Thanks a lot Pat.

  • Bhavani

    The articles over Smart Passive income were always inspiring and motivating to move forward in my online career. When the site got down worried about it but now Its good to see that Smart Passive Income is back again :)

  • Tom

    Hi Pat,
    happy to hear that everything is back to normal and happy to see you back. Unfortunately shit happens… But look forward, it’s behind you now.
    You might wanna check out and share this with your audience. Excellent stuff on securing your site and the extremely detailed checklist is entirely free.
    Cheers and all the best

  • Olivier Roland

    Sorry to read that Pat. You are right, Internet is the Wild Wild West of the 21st Century, a few months ago a friend of mine saw his 3 main websites hacked and replaced with a message saying he was a crook… ambiance !

    The best and cheapest way to protect your blog against DoS is to use Cloudflare. I’m surprised the article of Information Week doesn’t explain that. You can set it up in like 5 minutes and a free account already provides good protection, with also other benefits.

    Thanks for sharing that and keep the good work my friend ! :)

    • Matthew Horne

      Hi Olivier, Cloudflare for the most part is still in beta.

      Cloudflare isn’t a CDN in the typical sense, the full account requires that you change you NS to hide your site behind theirs (reverse proxy/CDN through DNS). The security it provides also gives false positives, meaning that some users may be blocked from accessing the site.

      There is a lot of positive hype about cloudflare, but there is also, as always downsides, substituting getting a good host with the right resources for a 3rd party CDN/security system isn’t the answer. Cloudflare is also not immune to Dos attacks.

      I have worked on many sites that use it and honestly it simply hides the problem, it is impossible for me to determine the efficiency of a site masked by cloudflare, so when I see Pagespeed High A, if I turned it off, the site would be nowhere near that. Proper optimization and tuning is paramount to an efficient site, it takes some time to get there, but in the end it is worth it.

      The rocket loader can also break some JS’s as some scripts do require very specific orders and placement. Cloudflare will consolidate them in to one. Which concatenates them leading to some issues.

      Just a little quote from a forum I read about it, if you dig hard enough you will begin to find some negative aspects of it, especially about traffic drops.

      “The second site sadly for some reason after switching to IPB for forum system, I had to disable Cloudflare as even tho it make the site super-fast, there was a 1K to 2K drop in daily visitors to the site, even when I set all the settings to basically off, the amount of daily traffic was lower, the moment I disabled Cloudflare the traffic returned.”

      This again relates to its aggressive nature at determining who is a threat and who is not.

      I guess the point here is that sweeping a problem under the carpet isn’t the solution. Solving those problems is important for the general well being of your site. It can also make you a little lazy, for example, you may stop optimization your images before uploading, start adding unnecessary plugins because the site seems to be fast, no matter what. Adding more and more content to the home page bloating out the pages. I read a lot of positive stuff about cloud flare, but when something seems to good to be true, it usually is. If it was the best solution, I would be seeing all the largest sites around using it.

      Open to any thoughts and please share your experiences. :-)

      • Tim

        A quick thought on this:
        A high traffic site is getting to get a number of “junk” visits, so to speak. So a “a 1K to 2K drop in daily visitors to the site” on it’s own doesn’t mean much. It could just mean that it’s doing its job and blocking bots and bad IPs. However, if 1K to 2K is a high percentage, or people are reporting issues, then you’re absolutely right that it is not working how it should.

        The blocking of bad IPs is a part of how it speeds up the site, with less wasted requests or wasted bandwidth, and of course, a hopefully first line against DoS.

  • Kris @ Detailed Success

    Crazy story Pat.

    It amazed me that it took so long to get your site back up again. I completely understand why you changed your hosting company.

    I also suggest using a service like cloudflare that offers protection against Dos attacks. Plus a second server that mirrors your website (might be just a html mirror of your site, so there isn’t a sql server to be attacked) and if one server gets attacked you change your nameservers or redirect the domain to the other server. The redirection might take a while, but it’s better than being down for days.


    • Serge @ ASW

      Lol, Kris, I’m actually finishing up a how-to post precisely about the importance of creating a backup-site. The link should be live by the end of today :)

      I had suggested the same thing to Pat as that’s what I do for several of my sites; A simple 1-page WordPress website with a few plugins to salvage incoming links, visitors, etc… The only problem is, by the time I finally found a way to reach Pat, his site was already being restored, so no need to create a backup site.

      Also,, depending on your Domain Registrar, Nameserver settings can be instant (at least they are with NameCheap for me), it just sometimes requires a dns flush on your computer to be able to see the changes.

  • Curtis Dilworth


    I am glad you are back up and at it. I noticed when your site was down and thought it was irregular. Will this issue make you rethink how you will diversify your portfolio?

    I remember you stating an interest in dividend stocks. As diversified as your online properties are they are all tied to servers, dns, etc. Maybe this is a calling for an altogether different group of asset classes.

    Either way I am glad you are back!

  • Chris

    Hi Pat,

    Sorry to hear about all your server issues but at least everything’s back up and running now!

    I manage a few servers for my clients and have been unlucky enough to also have a few occurrences of DDoS attacks on the servers. From what I’ve heard there are quite a few things that you can do to mitigate the effects that an attack has.

    If your server provider can provide a firewall at network level (ie: a level above your server) then in theory they should be able to filter out traffic that looks like a DDoS attack. I’ve been told these don’t come cheap, but for the opportunity cost that having a server down has to you it might make economical sense!

    It’s a bit of a tecchie thing, but you can install software on a server that has some DDoS detection, and can filter traffic if it exceeds preset thresholds. I’m no expert on these so I can’t give you the pros and cons, but there are ones available such as http:// /cp/csf.html that can do a lot of security-related things.

    Anyway I bet you’re relieved it’s all back up and running and thanks for all the content and podcasts – I only discovered them a few weeks ago and have already listened to nearly all of them!

    Cheers, Chris

  • Tim Huntley


    Sorry for your ordeal.

    As I read the story, I was most surprised by the complete lack of value that your hosting company provided. I would have expected them to have known that a DoS attack was happening to one of their servers even before you contacted them, and certainly after the fact.


  • David DuBose

    Welcome back Pat!! We all can learn valuable lessons from these events. Thanks for sharing your story in an effort to help us(your readers).

  • Mike Collins

    Hey Pat, glad to see you’re back. And thanks for mapping out how you handled the situation so we can all learn a lesson and follow your example.

  • David >> Website Buddha

    Yea, I would have totally flipped out. I mean a week. A week! That’s a dramatic impact to what you d online. Maybe you did flip out a little :)
    But you’re always the professional. It is best not to let them see you sweat so to speak. Glad everything is back in working order.

  • Gemma W.

    Sorry to hear about the incident. This sort of thing is why I would suggest checking out WP Engine, VaultPress and CloudFlare. It does cost more but you will make it back in terms of time and peace of mind.

  • Thomas @ Mobile App Tycoon

    Crazy experience! I can imagine how frustrating that would be, especially because you’re not a programmer yourself, you really only have a basic understanding of what’s happening (if that) with your site. Luckily you had Matthew to help you out!


  • Kudzai @ EntrepreneurCrunch

    I am happy that SPI & You are back up. What you went through is a good lesson for most of us. With success your enemies increase. Best wishes on the insurance claim!

  • Quinn

    One of the most stressful things that can happen! DOS attacks are so frustrating – I have had one too. I really like the proactive video you made – excellent way to deal with the situation. Great that you are back and no long term harm done I am sure. Quinn

  • Clarence

    I visited your site the day it went down and had just downloaded WordPress for a new site. Your event made we revisit for training on securing your site.

    If you’re looking for a good, easy-to-follow WordPress security lesson, go to and take Jeff Starr’s Developing Secure Sites. There’s about 2hours worth of content. Excellent. Excellent. More than worth the $25 monthly fee for one month.

  • Rob

    So glad you had a go-to guy, and that you got it working again, Storm on Demand is a solid host, and I’ve been through countless migrations so I know exactly the ups and down you explained here.

    It sounds extreme, but being in a position to be able to migrate over your data at a moments notice and throw the switch on your DNS is pretty important, having off-site backups every week or more would be advisable.

    Glad it’s done with, and more people will be aware this happens with your sharing the experience, I’m glad to help users through messes like this!

    • Serge @ ASW

      Agreed. Off-site backups are extremely important, especially since there are some hosts (do your research before betting your website/content on a host, guys), that will lock down your account if you get DDoS’d and not provide you with backups unless you pay an extra fee…

      I have several super-simple backups of my money-maker sites, and keep each “main” site on separate IPs when possible.

  • Darlene at BlogBoldly

    Hi Pat..

    Yeah when I saw you go down, I too was adding up numbers in my head in lost revenue.. and new visitors bouncing off.

    I had that happen one time, and the overriding play in my head was that I looked unprofessional. I think that bothered me more than lost income. LOL

    After my situation, I started using Backup Buddy.

    Did I understand you correctly in that if your backups were current, it would have been a piece of cake to restore? I don’t want to have a false sense of security.

    Glad to have you back. Darlene :)
    p.s. I noticed your YouTube video when your site was MIA, and thought it was a cool, personal touch that made me feel connected in spite of the site being down.

  • Mike

    I thought the “be everywhere” approach certainly helped and I thought the video was a nice (and humorous!) touch.

    I’m glad you’re back up and running, though I thought at first that maybe you were just closing things down for a bit so you could spend some time over at my site absorbing the epic content there!

    If you’re big enough to get targeted like this, that surely is a sign of success! Now you’ll be better and stronger as you move forward!

  • pedro

    Hi Pat,
    interesting experience , thanks for sharing.
    happy you could solve it!

  • Serge @ ASW

    Hey Pat, glad to see you back online :) I actually started writing a post on how to salvage a situation like this – along the lines of what I had told you about when you were in Portland; was just waiting on you to post some information about exactly what happened :)

  • Joseph Michael

    Hey Pat,

    Man I could feel your pain while reading through your experience. Ugh, how frustrating!

    So glad everything is back up and running. Thanks for the insightful behind the scenes look at not only what was going on with your site but your thought process as well. It’s little things like these that set you apart and are actually much more helpful than you know.

  • Empresario

    Hey Pat, you do realize that you’ve only postponed the problem, right? And to be completely honest, it wasn’t your (now previous) provider’s fault. What you need to do is have some protection so that next time someone DDOS attacks you, you’ll be able to shrug it off. My recommendation would be to hire a CDN service (MaxCDN) for example, and combine it with CloudFlare. They aren’t very expensive, and can actually prevent this thing from affecting your customers… Look em up!

  • Tom

    Just glad to have you back Pat!

  • Raghu

    Great Write-up. I had similar issues with my blog, with W3TC creating several temp files. I had to delete w3tc and switch to WP Super Cache.

    When things were not working, my next thought was to switch the hosting provider. But, after thinking what could have gone wrong and reversing the changes made, I narrowed it to W3TC.

    Why not use VaultPress for backup? I read about Backup Buddy, but as you experienced, backup can fail. Cloudflare is another useful tool to consider.

    Glad to see things back to normal. What other preventive measures have you implemented other than Sucuri? Any plugins?

  • Natalie

    Don’t be too hard on yourself, Pat. You definitely couldn’t have prevented this and you did the best you could to solve it once it happened. Glad to have you back! :)

  • Eric @

    LOL, nice teaser video, you are getting cheesier and cheesier, Pat.

  • Dave T

    Happened to me as well with Bluiehost before. While the DDoS attack was to the entire shared server, they couldn’t fix it as well for over a week, so I left them and got 2 accounts from Hostgator (one mirroring the other).

    Just recently, W3 Cache screwed up and created garbled home pages on almost all my sites using that plugin. I blogged about it here –

    Good think a reader told me because when I check my sites (logged in), they look fine. Only when I view it using Incognito/Private browsing did I realize the sites were dead.

    Heck, if I can get upset with small earnings from niche sites, I can only imagine how anxious you must’ve been with your big sites.

    I’m curious, Pat. What’s the monetary income damage this server outage resulted to?

    Stay cool


    • Matthew Horne

      Hey Dave, yeh often the case is that once the server goes beyond a point, it becomes very difficult to isolate and differentiate the good and bad traffic. With Pats site, once the index was disable, server was normal, enable, server overloaded. So it depends on how long those targeting the site sustain it.

  • Blair de Jong

    Hey Pat

    Truly inspiring post to see how, in the midst of catastrophe and chaos, you kept a level head and persevered. Thank gawd for your “Be Everywhere” approach. Glad to hear things are back up and running for you!


  • Chris @ Stumble Forward

    That is some great advice Pat. I already have a back up solution in place but as far as what I would do if my server went down is beyond me. It would be awesome to be on my own server but the cost is to high to consider that option right now, so shared hosting will have to do for now.

    However that doesn’t mean I could switch to a better shared hosting company. I’m currently with Hostgator right now and I’ve heard that their customer support isn’t as good as Bluehost and I’ve been considering the idea of switching up.

    Finally, I like the new book Pat. The video was awesome. I can’t wait to hear more about it.

  • Teresa

    Hi Pat,
    After you had published post on February 20, there was no another post for quite a long time. I was thinking WHY ????? Now I know. It’s good to know everything is O.K. now. Good luck.

  • Larry Ludwig @ Investor Junkie


    Since you only have one server, that is also one point of failure. Hardware DOES fail.

    You should plan for either hot and/or cold backup migration to move your site to another location.

  • Rob Orr

    Hey Pat – I was going to ask if you’ve looked in to CloudFlare, but it seems there are many here who’ve already asked that question.

    Just glad for you to have your sites back up!

  • cornell green

    Great article Patt. So much helpful points needed for someone getting started like myself. Although my sites not ready, and my traffic isn’t there at the moment. I’m a little worried about servint being that I use them, I know you’ve spoken very highly of them. So would it be better to focus on security and backing up files, or having a hosting company that holds you down when you need them most. I’m going to assume your going to say both, but would you still recommend them on your sites.


  • Nicolas

    Wow Pat… That’s crazy…
    I was so surprised to not be able to access your site … and actually loved the video very much!
    I’m really happy that now everyhting is back to normal. No one deserves a DoS attack obviously, but you are part of the people who REALLY don’t deserve it, you provide such great insight to our community… that was really not fair, but you are back, stronger and you learned from your mistakes – and we also did, I guess.
    Thanks a lot for sharing everything and let us know about the insurance thingy – even if there are no names, at least we know if it’s worth it or no.

  • InACents

    I wondered why the clickable map site kept coming up as a broken link on our one niche site. Glad it’s back up.

  • Cheryl

    Glad you’re back and thanks for the update. I think what I like best about you and SPI is that you are always upbeat and focusing on the future. It’s about fixing the problem and then educating the rest of us so we can avoid a similar problem in the future–or at least add to our toolbox in case it happens to us!

    I also like that you pointed out that you had other ways of reaching your audience–Facebook, Twitter and YouTube.

  • Christian Erick

    Hi pat! welcome back!!

    Thanks for sharing your experience, the support guys from your previous host really really had no idea about what might cause your problems, the database consult to a row that didn’t exist is the worst response i have ever read to a problem like the one you were having, i think they don’t have a tech degree or experience at all.

    However Im glad you have people helping you, because your readeres where opening spi everyday just hoping your site will be back, thank you for sharing all of this and welcome back!

  • Darnell Jackson

    No weapon formed against me shall prosper.

    Thanks for sharing this Pat and you’re 100% right.

    I would have asked you what would you do if your site was down and now we know.

    You’re 100% right about being diversified, it’s never a good idea to put all your eggs in one basket.

    Have you thought about a secondary backup auxiliary site like

  • Zenee Miller

    Thanks for sharing your story & insight Pat!

  • Thomas Frank

    What a nightmare! I’ve had my site be blocked by my host for a few hours due to a plugin using too many resources… but I can’t even imagine having it down for almost two weeks.

    I did like how you redirected your domain to a YouTube video. Much better than just a maintenance page.

  • Tim W Roberts

    I was already a fan, but posts like this makes me even more so! Thanks for sharing Pat…


    btw: Look forward to the new book, the video was awesome.

  • Paul

    Hey Pat,

    Horrific experience, and glad you got through it.

    On the topic of website backups and restores, ya need a much more reliable system – something that does it all automatically and doesn’t just stop doing your backups without you knowing.

    Check out WorpDrive ( for backups that run automatically every day, and restoring a site is practically automatic too. You need something better than a PHP script on your site (in full). There are much better options out there now.

    Also, have you looked at CloudFlare for protection against DOS attacks and the like?

    Best of luck and cheers for the full report on the outage and what you did to get back up and running!

  • Yoonhyuk

    Wow, so glad that things are back to normal. AND your friend Matt the SUPER HERO! Truly appreciate you sharing this experience with us , Pat.

  • Siegfried

    well, this things happen unfortunately…best regards

  • Chris R. Keller

    Glad to see your blog is back up and running Pat and thanks for documenting the process. Some great things to learn from.

  • Brandon Breshears

    Pat You Handled it like a pro, I know I didn’t fault you one bit for it! Every problem or mistake with a product is just an opportunity to strengthen a relationship, and I think you did that well. I’d like to find out more about that insurance product it seems really interesting and can’t wait for the book.

    BTW this is an epic post and is extremely valuable if it ever happens to us, and most of us wouldn’t have the resources to figure this out as quickly as you did so thanks!

  • Zack

    Thank you for sharing this story. It’s a tough realization but most of us are at the mercy of our server when it comes to out income. It’s good to have a back-up plan. I love the idea of hosting separate sites on separate servers so all is not lost when one server goes down.

  • Ryan

    Glad you made it though this Pat. I think you will be very happy with Storm on demand’s servers and, most importantly, their support staff. I thought that I had had “good” support from hosting companies in the past, but the guys at SOD are incredible and will help you out with almost anything you ask of them. I have been with them for 2.5 years now with no plans of ever leaving.

    Way to keep a cool head though all of this!

  • Kenny

    Wow… great lesson learned, your misfortune will help us all! Thank you!
    I am curious though… servint should be able to back track to see where all the requests came from can’t they? and even block them from any future attacks on anyone else! in any case, speaking for myself and I bet most of the community, knew you would recover !

    “To sail a ship across the sea without adversity keeps a good captain from being a GREAT captain!”

  • Thomas

    If you’ve got a dedicated server, you need someone who can manage it. They should at least be close by!

  • Antonio H.

    nice to see your sites up again.

    About your site, I see that your theme there is based in Genesis framework, it is using the Genesis default favicon image, I think is better for you to change that icon and use your own.

    • Antonio H.

      Wow, that was fast!

      I see that now is using a custom favicon and not the generic one for the default theme.

      Great work as always Pat.

  • thita

    Pat, what a nightmare! What thing I’m not clear about though; is there anything to prevent or fix DDOS attacks? Or they just gonna happen and all you can do when it happens it to transfer to a new server like you did?

    Or could the server guys do anything to help with the problem? How is your new server any different then the old one? What will they do if a DDOS attack against your sites happens again? It wasn’t clear to me why you switched as this was not a server fault.

    Or could you just have sit thru it, keep in touch with your readers by your email newsletter, YouTube, Facebook, etc. and wait for the attack to pass? In otherwords I’m not clear from your article what to do when an attack happens, what steps should I take, who to contact, what to expect from whom, etc.

    I know you were busy with other things during the attack and also this was your first time going thru this, but it would be great to write a follow-up post on steps to take when a DDOS attack does occur. What do you think?

    It seems that in your case a lot of things were happening and a lot of things were done that were perhaps unnecessary as it was not recignized right away that you were dealing with a DDOS attack. 😐

    I know exactly the helpless feeling when your site is down and you just want it back up now. I’m surprized that you could sleep at all. I know I couldn’t and my site was never down as long as yours. :(

  • Mary

    Hi Pat,
    Thank you for this detailed account. It was really nice of you to share this. It was a long post and I read EVERY WORD OF IT!!! WOW!!! Any of us are at risk from something.
    Why would someone do this? How does it benefit them?
    This was a new kind of attack that I never heard of.
    I was wondering if there is a free WP backup plugin that you like?
    Take care and — GOOD JOB on getting through this without freaking out! It is a good lesson for all of us!!
    Thanks again! Mary

  • James Dreesen

    Thanks for the lengthy post Pat! I learned alot and will be forever paranoid about my site’s security. I think I’ll go back-up my site right now.

    I’m glad to see you are back online. I was following your facebook feed and saw you were having problems. #crazy

  • Jeff

    Thanks for the post Pat!
    Just curious – since the DOS attack was external, wouldn’t it still be happening?
    Or does it target the IP address and not the URL?

    • Matthew Horne

      Hi, Jeff, Dos attacks come in many forms, but to answer your question, basically they can target by IP or via URL, in this case it seemed to be IP.

      Ref the comment about tracing those responsible, its very difficult to do that in some cases. Because in the case of say botnet attack, this is the result of infection to ordinary devices, computer, tablets, laptops etc. This can be done via an email. The perpetrators could send out an email impersonating a well known figure, as trusting as the figure is, you unassumingly open the email, see a link, as there always usually is, click on it and you become infected.

      Your computer then joins an army of other devices that will constantly send out requests for a site.

      My advice, always check where the email comes from, even if you trust it. Someone could very easily send out an email pretending to be pat, but you all know his email, so if its anything but pats email, don’t open it.

      This is just one example.

    • Serge @ ASW

      DDoS attacks target an IP, which is why it’s important to have backups NOT on the same server :)

  • Zack

    When I got your email about the site being down my 1st thought was that you were paying extra money for Servint, they should solve this quickly.

    Guess they are slackers…

    PR disaster for them now. Too late to fix it now Servint!

  • Carlos

    Thanks for sharing your experience, Pat.

    It is important to know that attacks like this happen to normal people. All of us should take measures to prevent them, and this is a good remainder.

    What really shocked me is that your hosting company wasn’t able to determine you were under attack. That doesn’t say much about the training of their staff. I think you made the right decision changing your host straight away.

    Hopefully your suffering will help others avoid a similar situation.

  • Marvin

    As a web host, I see this kind of stuff all of the time. Customers say, “I lost, perhaps, nearly $12,000 due to downtime.” If one week of downtime can cost you $12,000, then you need to have a much more dynamic web hosting setup than a dedicated server. If you make 12,000 x 4 = $48,000 per month from your website, then spending $250-$500 a month just isn’t enough to guarantee success.

    A load balanced server array would be a lot more expensive, but they really do a lot to prevent a DOS attack. If it was a DDOS attack, still, with a good firewall, and a good host, you can automate the blocking of these kinds of attacks.

    Think about spending a bit more hosting dollar to guarantee success.

    As for that load number 5318. That is the about twice number of processors you would need to be running to handle that load. So roughly 2596 processors or about 166 top end servers in a load balanced array. Obviously, far better to spend a few hundred a month on a top end firewall.

    Finally, moving your server to a new host isn’t the solution to this issue. While it might fix the problem, a good host could fix this internally, without ever having to move. Also, this type of problem should be identified by your host in a few minutes. When I read the description of what was happening at the top of the article, I could tell you it was a DOS or DDOS.

    Jeff: “Just curious – since the DOS attack was external, wouldn’t it still be happening? Or does it target the IP address and not the URL”. The DOS could target the URL or the IP. It doesn’t matter. ALL DOS should be external. If it was internal to the host’s network, then fire the host 100% of the time! From the sound of it, it sounds like it was targeting a specific URL inside the site. These types of attacks are not uncommon, even happen as the result of unintentional action by hackers and form spammer. So a good HARDWARE Firewall would eliminate these types of attack. The host’s main firewall can also be a big help.

    • Pat Flynn

      So true Marvin, so true, and lessoned learned. And I agree, moving servers fixes the immediate issue bit it’s not the solution. I felt that I needed to switch not because of what happened to the server, but because I felt that the support team didn’t help out very much.

    • Shannon

      “Finally, moving your server to a new host isn’t the solution to this issue. While it might fix the problem, a good host could fix this internally, without ever having to move.”

      I get your point, but that only applies to good hosting companies as you say. In this case, their response to him made it clear they weren’t good enough, making it a great time to switch. Hopefully the new host will be one that can fix future issues internally.

  • Kathy Morelli,LPC

    Hi Pat – Well, it must be the Mercury retrograde. I had a terrible time with my websites since January, I had to migrate to BlueHost from GoDaddy. I had malware galore and I now have two levels of scanning & security from Sucuri and Site Lock. It was quite a mess. But now I am am up and running, and I am not glad that it happened to you, but I am relieved that it happens to others as it shows it wasn’t my negligence. One other thing I want to warn people about..don;t let your webmaster do customized websites wo a child theme as then portions of the WP HTML is overwritten and it is impossible to keep WP current as the new versions overwrite the website customization and it your website gets real messed up and it is hard to keep security current as WP & its plug-ins need to be current. I’m glad you;re up & running again! Mb someday I will be making enuf money that I will invest in biz insurance! good luck, Kathy

  • Greger

    What a scare Pat. Man, I didn’t realize it affected your other sites as well. Your post on this is excellent and actually got me thinking about how I need to go over my sites as well. Even though I wouldn’t claim that they are anywhere close to the popularity of your sites, still I would loose important business if my sites went down.

    Seems like all is good now and your site is really superfast!
    You’ll gain from this in the long run I’m sure.
    All the best to you and your family.

    Greger Hillman
    Swedish entrepreneur that teach saxophone online.

  • Will Claxton

    Glad to have you back!

    It’s a shame to say it, but s**t happens. However, you’ve learnt from this which you’ve passed on to your readers. I always knew I should “be everywhere” but have been taking a while to implement that kind of strategy… however after reading this, it’s number one priority now.

    Hope all goes well with getting everything on track, you will have lost of few clicks, but if anything like this happens again, you will have some sort of “Standard Operating Procedure” to get back up and running again within hours rather than days.

    Looking forward to new podcast, are you going to release 2 to make up for your lack of “one a week”? lol, only joking. I’m sure people will let you off!

  • Bob Richards

    I say this is the hosting companies lack of attention. Bluehost should protect you against these hacks. I have found bluehost to be a very poor choice once you get to any scale (e.g. more than 10 sites with them and 500 visitors a day). They may be fine for a couple of small sites.

    • Pat Flynn

      It’s funny how everyone assumes this is a Bluehost issue. I upgraded from Bluehost a couple of years ago when I needed a dedicated server, so this post is unrelated to them. All of my sites hosted on Bluehost were still running just fine.

      • Brandon Uttley

        Pat, I know you don’t necessarily go the “cheap hosting” route, but sadly many people do. Combine that with the fact that WordPress sites are notorious for getting attacked, and the problem is huge. More people need to recognize that premium hosting is a must for WordPress sites from companies that focus is on security like and WPEngine.

    • Shannon

      He didn’t use Bluehost for the SPI site; he used Servint.

  • Greg Savage

    I’m glad everything is backup and running. I’m looking forward to reading your book as well. Keep up the good work Pat. You’re a hero and inspiration to many.

  • Dave Newgass

    Hey Pat,

    I use Liquid Web and can’t speak highly enough about them. You made a great choice with SOD.

    At your recommendation I used Matt for my site a number of months ago. He is a superstar!

    Regarding Backup Buddy, I had a similar problem. It’s a conflict with your W3TC. If you look at the BUB support forum, you will see that BUB and W3TC are kind of pointing the figure at each other. When W3TC had an update, it boogered up W3TC.

    If you ask Matt, he will give you a little tip that helped put things working again. It had to do with turning off a couple of settings in W3TC. The exact settings escape me but I’m sure you have Matt on speed dial!

    Great post and very gripping….bollocks to the people who caused you such grief!

    Have some fun mate!


  • David Edwards


    As an IT guy myself, I called the DOS attacked, however much larger companies have had the same thing happens to them, and I mean larger not better. Keep your head up, I was refreshing your page to see if it was back up like every hour.


  • Steve

    Pat, I’m glad you survived this past storm. One thing about backups, DO NOT depend upon your hosting company to handle this for you. You will eventually wish you had not. I worked in Data Storage exclusively for 20 years with StroageTek and EMC. Back it up yourself and do not leave it in the ‘cloud’. Store your backups on you home system and make an extra copy.

    Q: How do you keep a computer disaster from happening?
    A: Prevention and being prepared.

  • Emmet

    Hey Pat, sorry to hear about this nonsense you had to deal with. Have you ever looked into CloudFlare?

    They have tools specifically for DOS attacks. They also cache your website for when you’re unavailable so your content can still be served even when your server is down. Well worth a look.

    • Cody Stevenson

      I was curious about this too as I am running it on my site. You can integrate it with the W3 Total Cache plugin too. Yoast also recommends it. I don’t think I have it configured right though, I am not really seeing any page load improvements.

  • Shannon

    Loved this post so much. I guess now that you’ve written it, you can take down the “The site is back up and running! I’ll be writing a post about what happened shortly. Thanks so much!” message that greets us all. :)

  • Michaela

    Pat, I discovered SPI just the Day your Downtime started due to a recommondation of a friend. It thought it was an extremely cool idea to redirect the Page to your Youtube Channel – something I definetly will take in mind. And Luckily I was still Abel to enroll to your list – so I am still here and getting a Fan of SPI.

  • Amy@Raising Arrows

    Wow! Sounds like we had about the same week! Google flagged my site because one of my affiliates was wrongly flagged as malware, Facebook also blocked me because of it, then W3 Total Cache wigged out and wouldn’t let my feed through, then my server had an issue with a redirect of some sorts. When it rains,it pours. Glad we are both back up and running!

  • David

    Hi Pat,

    Thanks for this post as it brought back memories of last year when I was hacked and it shut me down online for about 5 days. I am a pool guy and being down in July is not great. I am going to do what ever possible now before my season begins. Thanks again and I look forward to checking out your new book.


  • David Michael

    So glad you’re back, Pat. I’ve been having an embarrassing level of withdrawals, constantly refreshing the page or checking the mobile app when on the go.

    Looking forward to a new podcast… :)

  • Maia

    Whoosh! Glad you are back up and running. I can’t imagine how frustrating it must have been, but I appreciate that you took the time to write out what happened in so much detail. No doubt people will be able to learn from it. I know I have. Looking forward to Let Go.

  • John Corcoran

    Wow, Pat, such a painful experience. I’m glad you were able to make lemonade out of lemons, so to speak, by sharing the experience on here.

    With the business interruption insurance, my advice would be to get on top of it ASAP. Be sure to send a well-documented paper trail and everything all at once — i.e. your emails, your notes, even this blog post. Also check with your carrier because they may have certain procedures or claim forms they want you to fill out.

    I’m looking forward to “Let Go.” I just signed up for notification when it comes out.

  • Scott Bennett

    Glad you got everything Sorted, Pat!

    Keep up the good work

    • Bryan Knight

      Thanks for your detailed explanation. I’m sorry you lost so much money but I’m impressed with your patience. Most of all I’m happy — happy to know why my sites are a mess. I was freaking out. Ironically, I was thinking of transfering one of my sites TO Bluehost.
      Anyway, keep up the good work. Even though you are so young, you seem to be one of the few “good guys” on the Web

  • Greg Hickman

    So glad you’re back and live brotha.

    You seriously handled it like a champ. I think this is a true lesson in the power of being everywhere and we’re all better off now that you’re back in action.

    I have a feeling we’re going to get some extra special content in the weeks to come.

    Bring the thunder buddy!

    Talk soon and glad the youtube solution helped out for a bit.


  • Melissa J White

    Your post looks a lot like my lengthy report on a large site that went down for two days last year, lolz! Not exactly the same problem, but the scare makes you sharper. Thanks for sharing your trials so we all can learn.

  • Kimanzi Constable

    I’m glad the site is back up and I’m really looking forward to the new book, the trailer looks amazing!

  • Carolyn Noel

    Pat, you rock! What a way to take a nightmare experience and use it for something good. I’ve been in IT for many years and I found your podcast just when my world was blowing up. You encourage so many to “Let Go” and “Be Everywhere.”

    Since DoS attacks don’t usually happen to the little guys, I guess you can say you’ve arrived.

    Thanks for all you do!

  • Jenny

    Pat – you changed my life and when I was finally ready to tell you all about it, you were gone! But, just like you mentioned, I could still check in on youtube and listen to your podcasts. That is one badass trail of breadcrumbs you’ve left; one day I expect that you’ll disappear just like Elvis and no one will ever know!

  • Mark Barrett

    Great post Pat! Thanks for the integrity to give such thorough and personal reports and the intestinal fortitude to continue to push through your challenges. You are truly an inspiration.

  • Chris J (Construction Contractor)

    Glad you are up and running and thanks for taking the time to share and teach us.

  • Sam Matla

    And there’s me stressing out when my website’s down for an hour (I’m not even earning anything!). You responded so well, I’m amazed. It sucks that it had to happen, but we all learn from these things – and I’m sure you learnt a lot.

    Thanks for the re-assurance in regards to ‘being everywhere’; it’s something I’ve been thinking about a lot recently – should I do it? Am I spreading myself to thin? etc. But the benefits outweigh the negatives.


  • James

    I just felt the emotional roller coaster you went through Pat. I remember when your site went down I was like, “well now what do I do?” I was setting up a niche site and couldn’t learn anymore. I had already read all of the duel posts and was going back in for more ha ha. So I just spent the week spinning articles (booooooring!)

    Anyway, I’m glad everything has worked out ok in the end. Thanks for doing what you do.


  • Loz James

    Good to have you back Pat :-)

    I only read a few regular blogs and yours is one of them, so I’m glad you’re back online!

    And there was me thinking my iPhone app was corrupted!



  • Jenny

    I’m glad everything worked out for you Pat! We really appreciate all that you do. I am so looking forward to reading your new book!

  • Mike

    Hey Pat,

    I use Cloudflare to help protect my site from DDOS attacks.
    Check out their security page here:

  • Scott

    Pat, you’re amazing! And a huge inspiration. Your nothing-held-back honesty inspires me to move forward, and to be ok with missing “perfection”, and continuing to move forward. You’re the most helpful person on the internet, in my opinion. Love the trailer for your upcoming book as well.

  • Sue

    Glad you are back Pat, what a terrifying, annoying, aggravating no good week you had, but it did kinda push me to the podcasts, which I have started listening to and enjoying.


  • Honolulu Aunty

    Phew!! Much mahalo for sharing your frustrating experience with the positive ending result. As a “senior citizen”, blogging and even emailing errors and glitches drive me into panic, but they really are great for learning lessons.

    Good luck in the future and I hope they get the bad guys!


  • Thomas

    Pat, I’m glad to see you fixed the problem. DoS attacks can be very difficult to prevent and much relies on your hosting service having robust perimeter network security to identify and block the attack. Dedicated servers won’t help so much but a good backup protocol that is tested – with emphasis on the word tested – is a must as you found out. Splitting up your servers is also a good idea.

    Glad to see the site up and running. Thanks for the insight into the problem.

  • Pat’s Friend

    Pat— Based on your earnings and being able to afford this, I would not go another day without protecting your site with Incapsula.

    The changes you made are good but if your site was targeted, it would only take a minute to find your new IP and start hammering. So, the same problem is there – just the outcome will be slightly different.

    Post your experience of Incapsula in a later post. I heard about it from my host and use it to prevent people from scraping data on my site.

    • Jeff

      Good point. I was wondering if Pat’s site is still vulnerable.

  • Gabe

    Lol big deal you’ll still make more money that month then most people in 1 year.

  • Jantje


    wow, what a week!! Patience must be one of your biggest strength!

    Glad you made it through and surprise us with such a teaser! Can’t wait to see what’s coming up in the next few weeks!


  • Curt

    Glad you’re back, Pat. It almost seems like another reminder that online business is, indeed, business, and that all safeguards must be taken to protect your livelihood, as they would be with a traditional business.

    Looking forward to new content (your stuff has been excellent since the New Year), and glad that you were able to come through this relatively unscathed.


  • Cody Stevenson

    Pat! First I am sorry you had to go through that. Really good post though. I was very interested to read how you migrated the site, that opened my eyes up to a lot I want to read into. I will be interested to hear how the insurance claim goes as well. What doesn’t kill us, makes us stronger. KCCO – Cody

  • Stefan @ Project Life Mastery

    Thanks for sharing what happened. My blog has been growing over the next year and I haven’t been thinking about things yet about security and insurance. But after reading this, I’ll be sure to back things up more regularly, make sure that my hosting is reliable and try to prevent these sort of things, as I’m sure they are inevitable as you start to grow more.

    Sorry you had to go through it, but you have provided a powerful lesson from us all from your experience. Who knows, perhaps this could have happened at a later stage and you could have lost even more money if you didn’t learn this lesson now!

  • G.S.Commander

    Well Done Pat, for sorting out thst horid problem and not giving up by staying positive – I can only image the feeling of panic & frustration
    The nearest I got to anything like that problem,was when my website which was WordPress based got Haked

  • Kristoffer

    Hi Pat,

    For one thing, a couple of people have suggested CloudFlare. Great idea. It’ll fix many of the things you had problems with – and for SPI I would probably put that on the business plan (BTW that’s pretty cheap for a site this size).

    What CloudFlare does is that it essentially spread out the traffic across the world. So instead of them all going through one gate, they now have 23 gates to go through.

    Further it also use information from all sites, big and small, paying and non-paying to find out who to block and who to allow. If someone gets blocked who are a human, they can fill out a CAPTCHA and get back in.

    Also, before changing the name servers, you should have made sure the MX entries are set correctly. This, CloudFlare will help with too since you host your DNS there (and it import the current stuff from your host), so all you do is change your A record (sorry if I am a bit technical here).

    Also, there are a number of things that you have set up wrong in regards to DNS, and further I wonder why you use cPanel (but you block the ports – which is great) when all you really need for SPI is to be able to use your WordPress blog and the admin area, and then a server admin can deal with the rest.

    cPanel use a lot of resources, which could be better spent on other things (such as more visitors).

    Also, a cluster of servers might be better for your site – combined with CloudFlare, you should be able to attract a lot of traffic without needing to bother with it.

    I myself prefer Linode, but realize some people need managed services. As for how I’ll do it if one of my sites ever gets popular, I’ll first take that site and put on it’s own Linode (of course running nginx instead of Apache, and with CloudFlare in front of, php-fpm instead of php and MariaDB instead of MySQL).

    Then if it gets more popular I’ll take the MySQL process off the server (since that is typically one of the processes that consume the most resources). I can then expand that by adding in additional MySQL servers set up in a cluster – where one is master (write), and the rest are slaves (read).

    On the master, data can be written when someone submit a new comment, or a new post is released and such. The read servers are used to serve every day traffic.

    The web servers can be behind a loadbalancer (I also like CloudFlares way to do it with Anycast, but haven’t looked into it enough yet), and I can essentially just add web servers to the setup as needed.

    Sorry if it became too technical. For specific on the errors I’ve found in your setup, I’ve sent you an email. All the best.

  • Sheila Edeliant

    Thanks for sharing your story from such a personal angle. I can certainly relate — though in a very small way — to the website frustrations.

    I thought I would share with you the fact that one other thing you had (have) going for you is people who care. I had never heard of your website before, but someone (on Google+, I believe) shared a link with me and said something to the effect of “My friend Pat’s website has been down, but this is a really great link.” It sounded helpful, so I opened it in another tab and checked it every so often for however-many days it was.

    You now have another newsletter subscriber (which is how I learned of this post). :)

    So between your “being everywhere” like you said so people had an idea of what was going on and having built relationships with people, you certainly did not lose all of your potential new contacts.

  • Heidi Thompson

    You handled this situation so well Pat and I admire your eternal optimism and insistence on seeing the bright side!

  • Mike Locke

    Sucks bro! …. my heart was beating just reading this knowing how it feels. My membership site went down for a few hours after being hacked. Ended up loading SecureLive on it and its been peachy every since.

  • Dan

    Wow I just managed to catch up on why SPIs been down, what a trooper Pat! Again you’ve given us all a great insight and the chance to learn from your experiences. Thanks as always! Keep on keeping on :)

  • Michael Kellam

    Hi Pat,
    Glad you’re back! Sorry about all of the problems you’ve had. We had a similar experience on a much smaller scale on our site (only a little over a day) and I was incredibly frustrated with our hosts response, too (hostgator). I did manage to get the site back without migrating but I’m still interested in reading about how it goes with your new host.
    I hope your near future success eclipses the short term loss. Thanks for being awesome!

  • Miguel


    just a Naive question: do you have any chance of knowing who did this? Will there be an investigation?

    All the best, mate. And please continue inspiring us.

  • Brad

    So glad spi wasn’t gone for good! I hope it doesn’t happen again.
    Love the look of your new book, the trailer got my heart pumping with excitement! Love the elephant analogy, it works well
    Good luck with the launch

  • Gabor Mocsan

    Hi Pat,

    Well done to sort out the situation! The best thing to do when you get attacked is to flourish and prosper. The jerks who can’t pull you down will give up!

  • jon

    One thing I think that is most important is to have a local backup of your sites. I had a server in NYC during 9-11 and the generators on the roof failed. They couldn’t get to the data center for days. Anyway having off site backups is key to limiting downtime. I try to backup important sites on monday mornings. If it’s big site that generates a lot of revenue there are cloud options ect that can be monitored.

  • John Faux

    Teaching the elephant to dance! Great book on how to change old habits.

  • Iain

    I am so happy that were able to get your site back up and running.

    Matthew Horne seems like a stellar guy that you can count on.

    I can’t imagine how scary that must have been.

    If I were in that situation, I would be sweating buckets and probably freaking out quite a bit.

    Matthew Horne needs a huge shout out.

    Thank you for sharing your story with us. Much can be learned.

  • samir

    I am sorry to hear what happened Pat, but I am very happy with the way you handled the situation, I knew it was bad, but still you get the best out of it by giving us your experience and great insight. now, lets us enjoy reading SPI again :) and all the best for you.

    Kristoffer, thank you for your comment, it is good explanation!

  • David

    Great explanation Pat, glad you are back up and running and can perhaps take a bit of time out to let your blood pressure get back to normal!

    I particularly liked the analogy you used to help visualise a denial of service attack; as always you seem to have the knack for explaining things in ways that are easy to understand.

    Keep up the good work

  • Matthew

    A company like might be an option (I haven’t used them, have no idea how much they cost but do remember reading about them a few years back. I think it was when the was attacked in this way).

    They provide DDoS protection and can filter out traffic.

    Anyway, thought I’d give them a mention as it might be worth looking at if not too expensive. I get the feeling that it wont be cheap though.

  • David

    Welcome back Pat. Great to have you back! Thanks for the descriptive report.

  • Jackie

    Let me just added to the chorus: glad you’re back :)

    • Javin Paul

      Great post pat and Glad you are back.

  • Suzanna Kiraly

    I am glad you are past this, Pat. I learned from exprience too that it doesn’t help to freak out and don’t put all your eggs into 1 basket, so that all of your eggs won’t break when that 1 basket falls.


    • Kelly the Kitchen Kop

      I’d love to know how exactly you can NOT freak out when this is happening. I’m going to look into BackupBuddy, maybe that will help, but I get so upset when things not even half this bad go wrong on my site. My heart pounds, my face gets all red, I snap at everyone around me, it’s not pretty!!! Mostly it’s because I don’t feel I have the TIME, the expertise or the money to fix any issues…

      Thanks for tips for what to do to lessen the impact of these issues.


  • Kenedy

    Really glad You’re back… Thankyou for all this info Pat!
    A week ago my sites was blocked because i was using a plugi wich was slowing down my site too, using a lot of cpu, my website was down for 3 days :/
    I felt really frustrated. I understand you and it sucks…

    Great info as alway here!

  • Dane

    That sucks. But at least it’s been corrected and you’ve taken measures to prevent a recurrence. I’d be interested in seeing what you learn from the business insurance claim experience and what their response is to the whole ordeal. Hang in there!

  • Rob

    I remember when all the gawker sites went down (due to Hurricane Sandy), they set up a temporary tumblr for each of there sites.
    They were able to still make blog post and keep all their users updated.

  • John J. Ziemba

    Wow! What a nightmare! I knew you were in the thick of it, but holy wowsa!

    I sympathize entirely. While you were experiencing your downtime, one of my sites got hacked. For a while I felt I needed a direct line installed to BlueHost. Thx to all the great support I received. My site was reset a couple times and then the malware migrated to other sites I had. So what i did was spend the week upgrading my sites’ security and updating everything in WP & the plugins I use. Actually one of the malware attacks came in because of a plug in I attempted to install.

    And believe this, I got a phone call from a “company” in Seattle that claimed I had “won” a metnion on their site. I declined. and then foolishly oipened an email I thought was from someone else. Yep! Hours of fun trying to eradicate the crap! Thx again to the BlueHost team for helping all they could. It ended up with adware links showing on my posts whenI previewed them due to adware called Yellow Moxie, but were not showing up in posts that folks read. Thank God!

    Lesson learned. My reaction was that I wanted to reach and throttle a hacker. My sites didn’t go down. But the aggravation I felt and pain I experinced is next to nothing compared to what you went thru. Breathe, Pat, breathe! indeed.

    I’m really glad you’re back up and again have provided valuable information about what to do when my site gets big enough in the future. Congrats on not going cra=zy. But I bet there was a moment or two when you thougt you were.

    Welcome back, Pat!

  • Richard

    Hey Pat, good to see you got everything back together again! Hopefully you never have to go through a week of downtime again.

    Did you look at hosts like WPEngine that will take care of all kinds of performance and security-related stuff for you? I’m not sure what they do for DDoS attacks specifically but they say they’ll never take your site offline for having too much traffic and I’m sure they have the capacity to handle a lot of it. I don’t personally use them but knowing a bit about the industry they sound like a great option and a lot of people who run large WordPress sites are moving over to them.

    Also with backups, while everyone is feeling a bit paranoid: remember that if you have a plugin that places backups somewhere, a hacker may be able to access/delete those backups using that plugin’s saved information. For complete safety it’s best to download backups regularly or do something similar to create copies that can’t be accessed through your server.

  • Scott

    These attacks are happening to PNC bank here in Pittsburgh. It was explained on the local news exactly as you explained your attack. It sounds as though PNC has no solution to their problem and they have tons of resources. I am wondering how you are protected now while PNC cannot seem to find a solid solution?

  • Tom

    Glad you’re back up and running. Maybe some Cyber terrorists were having fun at your expense.


  • Joona Tuunanen

    Well, that was quite a story. Just added few things to my to-do-list for tomorrow – a) set up automatic backups b) set an automatic reminder to change my site passwords frequently.

    I know that the experience has been very taxing for you. Thanks for sharing it openly and giving all of us a reminder about the importance of protecting our online assets.

  • Bart

    Glad you’re back Pat and hopefully your blood pressure has returned to normal. Thanks for the great summary post, loaded with tons of good info from your lessons learned!

  • Tipjar

    Hey Pat,

    What kind of camera did you use to film the Let Go teaser trailer?

    • Blog tiepthi

      I think these videos are awesome due to the videos edit tools

  • Justin

    Damn, I had been planning on getting a Servint vps soon… heard nothing but good things until now. Definitely let us know how the new host works out. What shocks me is that Servint did not recognize the attack and take steps proactively on your behalf, and let you know before you even knew.

    By the way, this article has some typos in it lol :o)

    • Wade

      How about Linode? Thats who I use.

  • Ugo Okonkwo

    Pat, Pat, Pat.

    Clearly you’ve upset someone.

    We’ll never know who.

    Perhaps someone who’s jealous of your success.

    What’s happened to you makes a few of us nervous.

    Couldn’t help but notice the affiliate links in your post.

    Was the experience not humbling? You’re a humble guy.

    Maybe change focus a little

    Give to charity?

    • Art

      Ugo Ugo Ugo,

      How about you my friend? Did you not find anything helpful in Pats generous share but to remind him about charity..I think he just did, and if he were to make a commission while making such a great free education available to all of us well good for him he deserves it.

      I can not help but wonder about the mentality of the person who designs an attack..they think someone should be humble and use words like charity? Hmm.

      I am sure you mean well but comes off a bit more like a dig.

    • Tipjar

      A lot of DDoS service providers will attack a largely known site to show what they’re capable of. “Hey I brought down Smart Passive Income! Hire me!”. It’s not necessarily anything personal against Pat. Some people are just bored or maybe even testing their DDoS network.

      Sad, really.

  • Casey Dennison

    Glad to have you back, man! I’ve heard a lot about DoS attacks, recently, and they sound pretty scary.

  • Chris

    Welcome back Pat! That was quite a play by play and you held up quite well. I watched your video from San Francisco at the time of the outage and I was thinking that your Web Host must have been located there and you had to go there to give CPR to the servers. :)

    Appreciate the detailed explanation and I am adding steps to schedule regular backups for my sites and to confirm they are saving and that recovery is possible! As always, appreciate the transparency and hope the insurance pays off, literally!

  • Uc

    Wow Pat that was awful, so glad to have you back. And congrats on your new book. :)

  • Heru Prasetyono

    I am happy to see you back Pat. Bad experience can happen to everyone. We don’t know what will happen in the future but a good anticipation must be made to avoid bad experiences.
    Last month something happened to my blog. It could not access for almost two days because the server or the web hosting was down. I was so frustrated and did not know what to do. Even I forgot to back up my file. I was so confused.
    But this becomes a good lesson for me. I managed to migrate to another web hosting service and choose the best one.
    Here I learn about how to back up blogs file, transfer domain to another web host etc.
    Thank you for sharing and coming back. I am waiting for your presence with your new inspiring ideas.

  • Mike

    Sorry to hear about your tough luck, Pat.
    Seems you were able to handle it okay, though.
    Good to see you’re back!

  • Boomboom

    Welcome back Pat. I was relieved when you sent out an email through your list. It was reassuring. My Backupbuddy started failing too on October 2012 and I noticed it when I was migrating recently. Migrations are a pain but if done right and when it gets over, the relief and happiness is worth it.

  • Ian McConnell

    WOW that must have been the worst week ever for you Pat… But, it sounds like it’s made you stronger!

    Thanks for sharing your experience, as it helps us.

    I was advised many years ago to host different websites with different hosting companies for this exact reason. I didn’t follow the advice because I wanted everything in one place, but it’s probably not a bad idea.

    Ian McConnell
    Western Australia

  • Ross

    Hey Pat,

    Great story, glad you made it back with content in tact.

    I had a similar situation not so long ago, although it was not an attack per say. Thinking something like this “could” happen, I convinced my client to run a carbon copy of the site at another provider (yep, two dedicated servers with identical content).

    On the main server we did nightly database backups, and pulled a copy of every data backup offsite. The cloned server had the identical website running with a slightly outdated database (simply to ensure it was always functioning).

    When we ran into problems, similar to yours, it was a fairly quickly fix… we migrated the last known stable database into the cloned site, changed the DNS, and were back up within a few hours (dns propagation happens much quicker these days).

    That said, propagation varies on location so we sent out an email broadcast to my client’s customers with the dedicated ip of the cloned site explaining it would be reachable by the domain soon, and to use the ip as a fail safe if they had any problems.

    Of course this meant managing two sites, i.e. updating both when core files (and design) were changed, but in the end, it paid off. It really wasn’t that tough to keep the sites in sync.

    Insurance eh? Expect whatever you get back to be added to future premiums 😉

    I hope you write about your new host in more detail one day, I have never personally used that company, and it’s always good to know of someone you trust to give an honest opinion.

    Just curious, did you have any type of monitoring running (i.e. Pingdom), and was it reporting accurately?

    Take care, hope this never happens again!

  • Jens P. Berget

    It’s great that you’re back Pat. I haven’t experienced anything like that, but I have some experience by being hacked, and it happened with my gmail account about a year ago. Now I am using a very strong password for my membership accounts. And I have switched to a fantastic host (and like you, I am using sucuri).

    Can’t wait to read your book.

  • david

    glad that you’re back up. Yikes!! what an experience.

    • Phuong Le

      me too, hope there will be a guide how to protect and improve the security for wordpress

  • Sheila Bergquist

    Welcome back Pat! Missed you!

  • Edmund

    We’re still here Pat, always supporting you whatever happens we know that you will always provide us with free and accurate information.

  • Amy

    Hello Pat,

    Let me say that this type of experience is one to avoid if at all possible; however, since you did go through this experience it not only increases my confidence in your material, but I am learning something I did not know exist!

    Thank you,

  • Johnny Bravo

    Glad you’re back up and running Pat. Man you’ve been on a crazy roller coaster.

  • Phuong Le

    Congratulations that you had a backup, what is the main purpose o this attack ?

  • Jay Castillo

    Hi Pat, we are glad you’re back!

    Thanks for sharing your experience. Really makes us all paranoid of those DDOS attacks. What’s scary is SPI was not really hacked (as you have said), and yet it still went down.

    Didn’t Sucuri’s active IP filtering help at all to stop the DDOS from suspicious IP addresses?

    I was halfway reading through your post when I decided to double check all my backups are working, talk about being paranoid.

    Any other tips to stop a DDOS attack aside from changing hosts? I’m going to research this as well…

  • Nathan Williams

    What an ordeal. Glad you got it sorted out and are back! What I took most from the article was your reactions to the adversity. I probably would have freaked out…multiple times haha. All the best going forward.

  • Ayush

    Feels great that your site is back. I don’t know why this happens but whatever happens, happens for the best. :)

  • Gordon Kuckluck

    Hi Pat,

    glad to have you back 😉 and thanks for this long post and sharing your experiences… security is definitely something to think about when your doing business online.


  • Logan

    Pat, good to see your site is back. Having a site down is a horrible thing to have happen.

    I experienced something similar – website downtime (but not due to a DoS attack) which led me to implement certain policies (some of which you’ve pointed out in your post above).

    I wrote the lessons learned down which might be useful to others (this is what I do with any new site I start and what I tell all my clients):

  • Joey

    You should consider moving your sites to a CDN based architecture. Checkout

  • Grace Henley

    Hey Pat, I’m so glad to see your site is back up and running and you managed to get through it all without too much damage. Okay $12K is a lot, but it’s good to see all your content is still intact.

    -I’m itching to hear your next podcast:)


  • Ravi Ahuja

    Hello Pat, When I was reading this post I felt I am reading my own story. I am not a big publisher and have VPS hosting but all my site went down on 27th Feb.
    After lot of affords I also decided to move the hosting to new server but on my same hosting company. Everything was crashed and because of that automatic transfer was not possible. I had to work along with my hosting provider and moved website one by one.
    I don’t know why I faced this problem was this because of Dos? But I know something was wrong with W3Total cache plugin and I removed the plugin from all my blogs.

    I have learned one thing about hosting “Don’t put all your eggs in a basket”.

  • Jeremy Jameson

    Glad to see SPI’s back on its feet and you’re doing fine, Pat. :) Thanks for the synopsis of what happened and the links you shared: its useful information/food for thought. One positive way to look at all this is that it’s clearly a confirmation that what you do matters to people in varying ways: when you can say you have both friends and “enemies,” you must be doing something right.

    My own web host is shutting down and ceasing their operations this weekend, so my blog is about to be without hosting. Regrettably, I’ve not been keeping up with supplying new content on MSB lately which is partly due to over-reliance on keeping sessions of too many browser tabs open as an organizational strategy (as it failed me horribly when my hard drive just decided to stop working one day). In my case, I’ve learned through my recent disappointments and challenges that I need to find more robust ways of doing the things I’m trying to do. It seems the challenges you’ve encountered are getting you to learn new things and make positive changes in your strategies as well. I hope these periods of growth go well for both of us and anyone reading this who encounters their own.

  • Davies @SlimWeightGuy

    I must say that I’m happy for you Pat. I could remember when I had an attack on my slim weight blog. My host couldn’t help it and I had to move server to another host. After 8 days I was able to achieve it. Although, my niche blog is not that BIG when compared to yours, but I believe that a web host should be able to handle every server issue, no matter how BIG or small.

    That’s why they’re paid monthly to manage our virtual real estates. I’m happy for you Pat and I pray it never happens again. I’ve learnt so much from this single post.

  • Kristopher Marsh

    Hi Pat, good to hear that everything worked out in the end.

    To be honest I was surprised to see you down like that, but unfortunately cyber crime is a real risk – even giant companies and governments are at risk! For someone with so much invested online, I’m glad to hear you’ve got a form of cyber cover in place; hope your broker can hold your hand though the claim process.

    As a self-confessed insurance geek, I’m a little biased (also my niche); but it’s a necessary evil. I guess at the end of the day, everyone thinks it’s not going to happen to them (no-one really enjoys paying premium), but what your insuring against isn’t your everyday occurrence, it’s there to save your skin when something big goes down!

    Also, might I add that insurance isn’t a replacement for smart risk management, back-ups etc.

  • Krishna

    glad to have u back!

    Btw, what kind of insurance policy have you availed ?

  • Nathan

    Hi Pat,

    Sorry to hear that your sites were attacked, it is a right pain in the butt. There are lots of ways to increase your resilience against this sort of thing, though none of them are perfect.

    I don’t know what’s been suggested in the last 180+ comments, but my advice if you’re serious about minimising downtime in the future is to keep an up to date copy (i.e. daily/weekly depending on your requirements) of your sites on a virtual machine with a large cloud provider (Amazon, etc.) and put load balancing and caching software such as Varnish in front of the web service.

    Varnish caches (keeps a copy of) all of the pages that are accessed, and returns the copies to the user instead of WordPress having to generate them every time. There’s no database access so MySQL won’t be killed by too many requests. This has the effect of massively increasing the number of requests per second that your hosting platform can support, which makes DOS attacks a lot harder. Having them on a good cloud provider also means you have access to a lot of bandwidth so it would be harder for attackers to saturate the line.

    You’d also have your DNS settings so that you can switch over to a new host in an hour or two. So, if your regular hosting does get attacked you spin up the virtual machine on the cloud, change the DNS records to point to it, and you suddenly have a fairly recent copy of your websites that have a much higher tolerance to DOS attacks.

    Because you only use it in an emergency, and for short periods of time while you synchonrise the sites from your regular hosted servers, it doesn’t cost a massive amount of money. Cloud services a usually charged for the time you have them on, and for the resources you use, so most of the time you pay almost nothing for it.

    This may require some tuning depending on the amount of dynamic data that your websites generate (i.e. customsied info for logged-in users, real-time updates, etc.) but can be very effective.

    I’ve built this kind of setup before using Drupal, Memcache and Varnish on Amazon cloud, to great effect. A tuned, cached setup can serve several orders of magnitude more requests per second and is used for running high traffic sites such as The White House.

    All the best,


    • Ericjt

      Great ideas. I wonder also if it would work to 1) have the host change the IP address on your site, 2) maybe fight back by forwarding your domain temporarily to a popular hacker site so the dos goes back at them – might be illegal? Is it possible to detect the IP address that is the source of the attack and forward it back at it?

  • Daniel Hartnett

    Hay Pat Love the trailer to Let Go the music sound a bit like a Kid Cudi , Crazy glad to see the SPI site is back up , I had freak out like this about this time last year when my website just dropped out of the the google index for a few weeks I was so releved when It came back

  • Dipra Sen

    And finally, YOU are back. Like all other SPI fan I too was praying crossed fingers. I was waiting to know the end result and it has resulted you $12,000 loss. But like all the time you’ve converted this situation to gain something and me too. I’ve created an infographic on WordPress security inspired by you and I dedicated it to you. Here’s my infographic , see the footer.

  • pete

    Hey Pat,
    Great to have you back up. Reading the post and hearing about your difficulties definitely got the blood boiling – it’s ridiculous that something like this could happen to someone who goes out of his way to help others and be so open / transparent. Inspiring to hear how you handled the situation. This post was definitely an eye opener – thanks for sharing all the details.

  • Patty Gale

    Hey Pat!

    I just recently found and started reading your blog. Sorry to hear about what happened and glad to see you’re up and running. It’s not fun, I know. Backup Buddy is a brilliant tool to use.

    I use Liquid Web (who owns Storm on Demand) and you will love their managed support for your new servers. I’ve used a number of hosting companies over the last decade, have been with Liquid Web for a little over 2 years and my personal & professional opinion is that they are the best in this business when it comes to support and troubleshooting.

    Thanks for all you provide to the community!

  • Natalie Sisson

    Pat I’m so glad you’re back up and took this on the chin like a real trooper. To be honest if I had a website and brand as successful as yours I probably would have had a mini freak.

    I recall when my host took down my site when I went over the data quantity 18 months back, they didn’t warn me they just took it down so I had people visiting who were left with exactly what your visitors were

    It was the worst feeling as I realised my entire business which has been built online was suddenly taken from under me in a matter of seconds and it took a good 72 hours to have it all shifted over a new host and backed up and completely back on form.

    It was a tough lesson learned but I implemented better systems and back up processes as a result.

    Think the video redirect to your explanation is a really clever idea and there’s some great advice right here we can all put to good use


  • DR

    Pat, the response from readers when your site was down is a real testament to the tribe you’ve marshaled. And it offers a good test for any of us–If our sites were down, would they be missed? In your case the answer is clearly yes. For me? I’m not so sure.

    • Tim Klinkle

      DR… great testimonial to SPI, and a great moment of self-reflection for your own efforts. Turn that that into a “clearly yes, for at least one visitor” and you’ll be on to connecting with a community.

  • Kash

    I can relate to what you have felt as I have gone through the same pain couple of times. WordPress is so easy to use, and that makes it a perfect target for hackers and malicious scripts. Glad all is well now, and as they say, prevention is better than cure.

    Keep up the good work, Pat.

  • Janice


    So glad your site is back up and running. You are my internet guru because you are really trying to help people and the money you are earning comes as a result of that. On the other internet marketing sites you can tell that the money comes first, but after the Panda/Penguin updates they realized that you have to appear to help people in order to rank high on Google. I prefer your approach.

    I’m really looking forward to your new project, Let Go, because I’m at that place in my life where I am trying to work up the courage to Let Go myself. Can’t wait to see what you have in store for us.

    Thanks for your advice and inspiration.

  • James @Kindle HD Fire

    This is really painful Pat. It’s not easy to undergo server breakdown – because I’ve suffered the same thing in 2012 when my authority site got smacked down, not by hackers actually, but by the so called DoS attack. But I finally got a new web host and that’s what you did too.

    I think bloggers should look for reliable web host and those that have professional wordpress and hosting teams, so that they can help out in times of trouble. I really do appreciate your detailed post. I’m going to apply the tips to my niche site where I review Kindle Paperwhite tablet and see how it goes. Because my blog is growing rapidly and I wouldn’t want any server issue in especially during this Easter period when sales are usually on the high side.

  • Lee

    Cricket this looks like scary stuff I hadn’t even given this a thought probably because I haven’t been around long enough for it to happen just hope it doesn’t. I came on your site looking for info on google authorship. Now reading this post the first thing I am going to do is make sure my data is regularly backed up because I haven’t a clue.

    Glad your back on lee

  • Pete

    Pat – its good to have you back. I had to resort to a cached copy from Google to get my SPI fix.
    The video looks great and I’m looking forward to getting my copy of Let Go.
    Keep it up – you rock.

  • Cosmin

    Pat, Hi.

    this is a problem that could be prevented or minimized if you would have contracted an administration team to monitor your site. They could contact you and take the right actions.

    With your site, it is only a matter of time until it happens again. I advice you to check into it. There are server side monitors for this “load” thing, or for traffic boosts or for pretty much anything.

    I would advise you to use your network to find a company that provides those services for you. They can also help with scalability or any other configuration issues and serve your best interest.

    I am a reading your blog for a while now, but I had no useful feedback for you until now.

  • Edgar

    Glad your back up Pat.. I did experience the redirect to your youtube..

  • Suad

    Pat, I am glad you are back. Thank you for posting this story, it is scary what you went through and I admire how you dealt with the situation. That itself is a learning and motivating lesson for me. Thank you

  • RC

    Thank you for sharing, Pat.

    Have been and still am dreaming for a flat-file blog/CMS that’s as feature-full and growth-ready as WordPress is.

  • Cameron Perry

    Pat, This is the exact kind of story that scares me to death. As you found out the hard way – there is no simple fix to something so disastrous. This would be a good time to work with your new hosting company to figure out how to prevent this from happening next time.

    Either way, glad you’re back up and running. I’m rooting for you

  • Allie


    Glad to have you back!!

    That’s it. :-)


  • Mike

    It’s nice to have you back, Pat.
    I think you handled it perfectly. Kudos to you.

  • David Di Franco

    Excellent post, Pat! I’ve definitely learned a lot from this. It’s great to have you back.

  • Theodore Nwangene

    What an ugly experience Pat,
    I really understand how you felt about the whole thing. But then, two things are very important here.

    1. You were able to solve the problem which is great.
    2. You learnt something from the experience which is the most important thing.

    Thanks God the storm is over now Pat.

    Happy Survival SPI.

  • Alex

    Hey pat Its good to see that the site is up and running again. That literally had to be the longest week of your life! OAN: Very excited about “Let Go”.

    Great to have you back Pat!

  • Jeroen van Rijn

    Thanks for writing up the terrible experience you had, if it ever happens to my site, I am now better prepared. Sorry you had to live through it.


    • tiep thi lien ket

      Yes, I am not sure what the attacker did it for and i think we should build a firewall to be against it

  • tecnocacique

    Hey Pat, awesome information – I looked into Snippet and could not find a place to develop for that platform. Is the Snippet you are referring to the one pushed by google?
    If anyone has information about it, please post.

  • [email protected]

    As a Servint customer for many years I find it surprising that they couldn’t see the tell-tell signs of an attack of this nature. DoS attacks are probably the most common way to take down a website and anyone with access to see HTTP requests should be able to see this.
    Do you know if the requests were coming from multiple IP addresses?
    Do you have anything between your server and outside world to block known threats, like Cloudflare?

  • Lisa Alexander

    Hi Pat, glad to see thing are back to normal, your detailed account of situation gives me alot to consider as i trek the journey of building my site. So far my host does very frequent backups and I have been using you and a few other well known bloggers as mentors in what I want my blog to become…

    Thanx again for the details and most importantly…reminding us net folks that the most important component is great customer service :)

  • marty

    So happy your back.But when you were gone it gave me a chance to go through your old post and learn a lot

  • Adam Hepner

    Wow, that’s a painful story to read – sorry you had to go through all this crap. But well, nowadays, Internet is all but safe. I think there is a very important lesson in your experience, which I am going to tell you right here – we’re actually using it daily in IT, even if it is not verbalized every single time. See, you run a business, which uses IT infrastructure – hardware and software to generate money. This yields a number of risks, every single one of which can have various probability of happening, and various severity. For example – someone posting a bogus link in comments and having your website linked to a phony crapware site somewhere else – it’s highly probable, but not very severe for you. However thing like you just expected: having your sites (all of them) disabled for a prolonged period of time due to a targeted DOS/DDOS attack (even if it was automatic and not particularly directed at you) has relatively low probability (although it goes up with popularity), but very high severity.

    You should spend time and write down all such risks that come to your mind. Have an external expert help you out with those if you’re unfamiliar with what can go wrong. You should even go as far as assign scores for probability and severity, and multiply them for a total risk evaluation number. Risks with higher score are more important to take care of. You could also try to estimate a total amount of cash lost if given risk would happen to you (so for the risk of having your site disabled for a day it would be 1600$ – this might be mildly probable, somewhat severe – but for having your website disabled for a week, with price of 12000$, you should also count in long term losses). Here’s the trick: probability times estimated cash loss is called expected value, and you can also sort this list by this value – it will tell you not which risks are most “important”, but which will cost you the most.

    Now’s the important part. Go through your list, from the most important/costly/severe/whatever risks, and ask yourself:
    -what is my prevention plan for this issue? What can I do to lower the *probability* of this happening?
    -what is my contingency plan for this issue? What can I do when shit like this hits the fan? How can I lower the *severity* of this risk?

    Things that should be taken into account can include all kinds of software, hardware and business components. Think for example of:
    -your server being hacked
    -your server being attacked
    -your *domain* being attacked
    -your facebook account being attacked
    -your payment processing service declining further service
    -nasty bot placing unwanted ads in your comments section
    -Google changing algorithms and slashing your traffic in half
    -your mailing list getting compromised and sending mass spam and/or crapware to your subscribers


    Wear the pessimist’s hat for a while. And then work on it. Some of those things are already taken care of, but this only makes the other ones stand out, and you should be able to find time to work on them. Oh, and the list, of course, changes over time, like a business plan, so you should revisit it every once in a while.

    But, glad you made it. Take care!

  • Sillas Larsen

    This just really reminds me of how important it is to have your website secured!

    I have tried something similar once, and i totally know how you felt – about being somewhere without being there and so on. It’s horrible.

    But it’s good to see that you’re back in business!

    I’ll look forward to your new project, which i find so relevant for the world we live in today. :-)

  • donor sperm

    Amazing details are presented here for the crushing down of the server. The blog has a very valuable information in relation with the internet and server. Several types of facts and details are been disclosed in this blog.

  • donor sperm

    Amazing details are presented here for the crushing down of the server. The blog has a very valuable information in relation with the internet and server. Several types of facts and details are been disclosed in this blog in relation with server.

  • Mike

    It definitely sucks when things like that happen. After all, your livelihood depends on you being able to have your website up and running! Glad to hear that you got the issues resolved!

  • Ioan Draniciar

    I’m glad you’re back Pat! These things happen and I’m glad you were able to solve it. Kim Roach is another awesome blogger that got hit even harder than you by hackers who basically took over her site.

    As you grow bigger, you’re more exposed to dangerous plots and this is something to take notice for the rest of us who are looking to expand our online business.

    • Matthew Horne

      Yes, what happened to kim is really sad, I have been working with her to ramp up security, but just so people know, her Gmail was compromised as a result but she has taken this opportunity to rebuild a new site, with a new image, as the process of recovering a domain is a long one.

      So my advice here, have strong passwords, dont use the same password over and over and use all the security features that gmail has available and lock your domain names, all domain registrars have domain locking, which you can enable, if your unsure, contact them to find out how.

      Hope this helps you all, regards

      Matthew Horne

  • Deborah Richmond

    Thank you so much for taking the time to compose this long post about what happened. I am reading it, and taking note of the things in it I should be thinking about for my own site. I am certainly going to check to make sure my backups are working correctly.

    So sorry you had to go through this.
    Love the trailer!

  • M.M

    I’ve been a long time listerner of your podcast, but commenting first time.

    Do you think you were “targeted” by someone filled with jealousy and hatred of your online income? I’m interested to hear how you handle haters and negative comments, what precautions to be taken when you become famous online. Would like you to dedicate one podcast episode for that, if possible.

    Getting haters may be something most people will be faced when their blog becomes widely known. I cannot go into details here, but I was forced to quit my blog with 350,000 pageview per month becos of what was done by some haters.

  • Phil-Plume


    i follow you from France and i’m happy to know that all is ok now.

    go on , You’re in the right wy and many, many thanks to be there


  • Chris

    Glad to have you back! I went to your site during the attack and didn’t realize that you were having issues. I immediately thought the worst and was scared about the thought of having no more podcasts or great content to ingest while at the gym or during car rides!

    That is remarkable that you do not have a full head of grey hair after that! Glad you got it sorted out!


  • Illusion Model Management

    Hey Pat!

    If ever there was an article you created that was meant for us, it is this one. Our site was attacked just like yours, but is currently being worked on. Fortunately, we had already read your aticle about the importance of being everywhere, and we headed your advice. We’re SOOOOO glad we did because now we’re able to re-direct our site visitors to our other online channels (i.e. Facebook, Twitter, YouTube, Tumblr, Pinterest, LinkedIn, and Flickr…see, we told you…EVERYWHERE!), and keep the lines of communication open.

    Folks, heed Pat’s advice…be EVERYWHERE!!!

    Thanks, Pat!
    Illusion Model Management
    Houston, TX

  • J.M. Williamson

    Glad that your site is back up! My wife has me listening to your podcasts and reading your blogs now (she has followed you for the past year) and now I’m a fan! Was a little worried when things were down, but glad to see that everything is fixed now!

  • Mark Monciardini

    Hey Pat, I noticed your site was down too one day and figured it was just server noise or a temporary clog. If it makes you feel better the thought of how much money you lost did not even come into my mind. I think people that were only concerned about the money are having their own personal issues with money and like to see others lose money.

    Anyway I’m glad to see everything is up and running again and you posted the outcome of what just happened. I run a huge server as well and it made me think about a few things.

    Saw your new book coming out. Thanks for using my product!


    • Kang Jum

      If saay’ve given from the beginning because saay typing ability in this regard. But still trying to get out of trouble

  • Gil Hanoch

    Thanks for the summary – I’m happy it’s all over! I have one recommendation regarding backups: you can create an automatic script that automatically checks the location of your daily backup soon after the backup should run and sends you an email if the date of the file there is historic (older than the date of running the script).

    It still leaves you susceptible to the case were this verification script didn’t run at all. You can have the script send you an email regardless, and if it’s ok, simply put in the subject: “All fine, delete me”.

    This may sound like an annoyance just for making sure the backup ran, but this script, can verify many other automated tasks, and then deleting a daily email may not seem too overbearing for the benefit.

    I am an investment advisor, and my business success is highly supported by technology and automation (avoiding errors, and freeing my time for service).

    Thanks for your great posts!

  • Abhishek

    I could imagine what would have happened to you man.. Its a nightmare when your server is down… whoa gives me goose bumps and I am gonna learn a lot from your experience.

  • Kabenlah Cudjoe

    My blog also went down the very moment was down and you were a very great motivator to me. I said to myself,’ If Pat’s blog’s can be hacked, then I’m equally vulnerable’ I stayed as calm as possible and actually took some time off to explore more.

  • TJ


    Thanks for the inspiration! After that horror story I’m inspired to just shut my blogs down LoL!

    On the other hand ALWAYS a fan of happy ending! Money lost is knowledge gained!

    Thanks for the ‘agonizing’ share and sorry for the ‘agonizing’ experience!


    • Randy

      Hi Pat – I was definitely inspired as well. We may not be able to implement all of Pat’s ideas over night, but I’m making sure to put additional procedures in place, while this story and resolution is still on my mind.

      I also didn’t know that you could actually buy insurance for your website. Yet, your blog represents a business and needs all the safeguards of a brick and mortar business.

      I also appreciate the point Gil Hanoch made “regarding backups: you can create an automatic script that automatically checks the location of your daily backup…”. I plan to find out more about such a script. I will check with my host provider and get the script implemented.

  • Rayzel Lam

    I think something similar happened to me- I emailed my hosting provider to ask if that’s what it was- about a month ago the bandwidth usage of my site was WAY crazy- so much higher than a regular site my size should be- my hosting provider is a smaller more private company, so he checked into it and he said it looked like my site was being hit thousands and thousands of times 24/7 that were not actual visitors. I wasn’t hacked, but it was like whatever was going on what trying to use up all my bandwidth and making my site run VERY slow and it was increasing exponentially. My site was using something crazy like 50gb of data in less than a month (i currently get about 600-700 visitors per day so the bandwidth usage was apparently way out of line).

    For now the way they fixed it was to block the IP address for the country all the sources of connections were coming from (it’s a country that I don’t get much traffic from anyway for my niche)- and my bandwidth dropped dramatically right after this and my site was much faster.

    I don’t have a dedicated server yet or anything though so I’m not sure if my problem was the same but it sounds rather similar. It was making me sick with worry! Things are back to normal for me too thankfully. I’m so glad you had good people to help you figure it out.

    It’s scary when you make your living online and then much of how you do that just poof disappears.

    I’m not near to your income, but I do make an average of $400-500/day online now and I start sweating if my site is down for more than a day. Also because like you said, new visitors will come and leave disappointed and perhaps never know what a quality site you had.

  • dich vu seo

    I am happy that on the other hand , SPI always brings best value to readers and recover from the attacking.

  • Herman Dailybits

    Really cool that you share the whole story.

    This is a nice example of good crisicommunication, that everyone with a webbusiness should learn.

    The tip about being everywhere (facebook, twitter, youtube,…) in that kind of situation is a keeper!

  • Tamal Anwar

    Pat, it must have been a disaster feeling for you, also a wake up call. Few weeks ago I had a similar situation, my site was going slow in the back end and boom, all my posts and comments were gone!

    I contacted my host and they took 1 hour in chatting to figure out what it was. Then finally I got back my site.

    I learned how to be patient that day, it was a bitter but life changing experience for me.

  • Ben Boykin


    Many thanks for the time and effort in chronicling what all took place. Because we do nothing but WordPress design/dev for clients we’ve decided in lieu of hearing stories like this and also being on the clean up end to move all of our hosting to much more robust solutions. It doesn’t guarantee anything by any means but do feel like it’s acting in the best interest of current and potential clientele.

    Again, another great reason to build an email list!!

    Keep at it man!

  • Aisha Kessler

    Hi Pat,

    I found your podcast when this was happening and your web site was down, but I liked your podcasts so much I hung in and waited for it to get resolved. Also, I could only download and access 4 podcasts during that time. Maybe the itunes podcasts live on your server that was down? I am not sure. I can get to them all now and I have been going through them. Keep it up! :)

  • Donato Barros

    Your article was very important!

    Thanks! May you improve every day!

  • Gowtham V

    When i accessed your blog earlier it was down.I though it was temporary.When i accessed it after a few hours,the site was still down.I am glad its running perfectly again.
    Thank you for posting about the problems you faced with hosting with us.This will surely help us in the future to avoid such problems.

  • Luis

    I love this quote:
    “The Internet is indeed the Wild Wild West of the 21st Century” :)
    Seems it was quite an ordeal. It would have been terrible to lose this wonderful site, so luckily all the content is still up and running.

  • James

    Hi Pat,
    This article will hit home with a lot of people. Business continuity is something that i’m aware of and do try to deal with to an extent. but I should be doing it better, testing backups is only one thing to think about, and if you are only going to do one thing its probably at the top of the list, but having a secondary server ready to flip over to is something I now aim to look at sooner rather than later.

    And thanks for the heads up about the e-mail, I hadn’t even thought about that!

  • Christiano

    Hey, Pat! I’m glad for your website is running smoothly again, but it worried me really, because I don’t know if my websites are so secured and protected as yours. I really need do it tomorrow (and I hope I don’t delay it again :( ).

  • Tony Jobious

    wow! I can remember when my server went down for just a couple of hours – boy did I freak out. I can’t imagine what I would have done if it had gone down for a week (move a deserted island?)

  • Daniel

    Hi pat,

    Great to see your site back up again. I am really horrified by your old hosting company. Not only did they NOT find the issue when your server was already down, they too searched at the wrong place and failed to restore your site.
    If you would have been with a proper hosting company, they would have seen right away that it was a DOS attack (after a few hours of the start of the attack, not when the server was down already) and could have blocked those to a certain point. I don’t know where you where hosted, but those guys clearly have no clue whats going on in their network.

    Then again, i’m a bit shocked that your backups failed and you didn’t notice that for month (come on man, this is your business that feeds your family!).

    It’s also shocking it took that long to recover the site. I know you had a lot of stuff to do, but man, if that happens a second time, IMMIDEATELY get your credit card out of your wallet, purchase a new server from a different company and start moving the sites. Would be done in 24-48 hours and costs you only a few dollars. If the site is back up soon on the old server and you don’t need the new ones you lost what? Two or three hundred dollars? Still better than ten thousands. You should now REALLY have a plan written down what to do in such a scenario. Take a look for 2 or 3 other hosting companies you can use in such a case, note the steps ou need to do and so on. You plan every other shit too, why not the stuff that can possibly destroy your business?

    Hey your captcha system sucks. Put it in wrong bc i’m on my phone, now it won’t let me resubmit bc of duplicate comment

  • iClan Websites

    Pat, you’ve made an excellent decision to host your site with Liquidweb (Storm on demand). Our business, iClan Websites, are also using their infrastructure and have had zero downtime except for DDoS attacks. Their support is second to none. When everything went offline due to a DDoS attack, we got a phone call from them immediately.

    When things get critical and you need help you can last ways trust Liquidweb, especially if you’ve gone for the core managed option.

  • Abinodh O.T

    I was wondering weather a Dedicated Server or a Shared server is good or which is vulnerable to Dos attacks. Well can you give me some recommendations?
    Thanks in advance…

    • MakeSmartTV

      O.T, both are vulnerable to Dos attacks, what matters is how fast and efficiently your IT admin will react in case of DoS. In general if you’re serious with your business, you don’t want to go with a Shared Server (unless you’re talking of a cloud offer like AWS)

      Note that there are 2 kinds, DoS (Denial of Service), and DDoS (Distributed Denial Of Service). The first ones can be dealt with if you have minimal unix knowledge, by blocking all requests from the attackers IP at the firewall level (iptables command). This should calm the attackers down, they’ll run out of IPs and stop very soon when they realize you’re blocking them within minutes. You can even automate that at your server level, by implementing automated throttling. Basically, if a single IP accesses your server way too often with dummy requests (which is usually what tools like LOIC will do), your server can start reject all requests from that IP for a few days or something.
      They are the vast majority of DoS attacks you’ll ever run into.

      DDoS attack involve a botnet or an army of people (like Anonymous attacks) and usually means you either pissed off a large amount of people, or somebody quite powerful. That doesn’t happen to sites like this one. When it does, you want to go through specialized companies that have all the monitoring tool and mitigation systems in place, who will act as a shield between your site and the attackers. This costs money and sounds difficult to implement when you’re in the middle of an attack, it’s something you plan for in advance, so it really only makes sense for big corporations.

      Bottom line is, Pat, I agree with a previous statement that your previous admins appear to be majorly incompetent and should have found and solved the issue within minutes of looking at the traffic.

      On the other hand, as a website owner on a dedicated server, you should also probably get some basic training on sysadmin 101 to handle that kind of situation. A few linux commands will get you a long way and let you deal with the issue on your own, at least the basics to understand what’s going on and then contact the appropriate people.

      • BigTimeBlogging

        Interesting insight. can a service like cloudflare help as relates to preventing Dos attack also the learning of linux commands and acquiring mimimum unix knowledge, does someone have to have programming knowledge?

  • Alexis Marlons

    Having a down serves is one of the worst things any site owner could experience. This is really tough.

    • Joseph Finkelberg

      True. It costs you a lot – money and effort to rebuild it.

  • Alastair Macartney

    My website had W3TC and also went down recently . I talked with the tech guy- it was good teamwork between us. We concluded that it was this plugin so we deleted it and everything started working again.

    Thanks for the story- a great read.

  • Jenny

    Hey Pat,

    It sucks that you had to go through all of that. Its pretty scary to think about. Someone actually going out of their way to destroy your business. It makes me nervous just thinking about how easily our online businesses can be taken from us. (Unless your building a list) Which I should start doing.

  • Joanne

    once you have a reputable authority in a niche- it doesnt matter if your site goes down or not- people will always come back as the information is too important to pass up!

  • Brian Wallace

    Amazing story Pat. Thank you for sharing. I would have been completely nuts. I was reading an article about all of the the things you think that the police should help you with and don’t for example a stolen bicycle, a break in at your home an overcharge on your credit card and now here is one more example. Just ironic.

  • Ruggero

    Hi Pat – I have been hacked too and when you have thousands of visitors a day, each hour is money lost.

    I shared your panic of knowing something is wrong but being away from home to “fix it”. That’s why it’s never really _passive_ income. You can’t just go three weeks to the Caribbean and forget about work.

    Actually I don’t use a managed vps server anymore, I had a sysadmin I trust build a box on linode, configured exactly for my needs – and he’s on a retainer to monitor, upgrade and fix.

    It’s a small step in having more breath… but if you are anything like me – even when you don’t work you are generating a thousand ideas on how to grow…

    It might seem passive, but it really isnt…..

  • Toby Osbourn

    It is such a horrible feeling when something happens that is completely out of your control and you just need to wait for things to transfer/propagate/restart – glad to hear you got through it.

    I wonder if something like Cloudflare would have been useful? I have used it on a couple of sites, it basically sits between your site and your nameservers and caches/secures some of the content.

  • BigTimeBlogging

    What doesn’t kill makes you stronger. This article is very inspiring i managed to read it to the end despite being long. I have learned of many things including business insurance for online business, DDOS attacks e.t.c Keep up the good work Pat!

  • Neha @Jobs Exam Result

    hi, wow! I can remember when my server went down for just a couple of hours – boy did I freak out. I can’t imagine what I would have done if it had gone down for a week (move a deserted island?)

  • Devitaliser une dent

    It is such a horrible feeling when something happens that is completely out of your control and you just need to wait for things to transfer/propagate/restart – glad to hear you got through it.

    I wonder if something like Cloudflare would have been useful? I have used it on a couple of sites, it basically sits between your site and your nameservers and caches/secures some of the content.

  • Jim Weston

    Man Pat, that could not have been a fun week. But at least you have business insurance to replace some of the money you lost. A small consolation, but hopefully it is somewhat comforting.

  • Shekhar

    This must be a learning curve for you, and the manner in which you detailed your experience will make your experience reach more people and they can be prepared now. Amazing way describing every details happened with you

  • Aaron

    Irony is that it seems that most of your income from the passive income reports actually comes from promoting

    Do you still recommend them? lol

  • Thom Bastian

    It will be interesting to see if there were any long term repercussions of your site going down.

    On another note, at what point do you guys recommend switching to a dedicated server as opposed to shared hosting, i.e. at what # of monthly vistors visiting your site?

  • Terry Martine

    First thing I did after reading this was to set up an automatic backup plugin.

  • Tyler

    This happened about one month too soon Pat Or you could have been on Bluehost’s new dedicated servers. As a tech for them, we seem to check for ddos rather quickly and this thing would not only have been caught but dealt with rather quickly.

  • Kamagra

    nice article post, i like your article post.

  • ThomasSmith

    cool info love to read it good share…


  • John

    Its really tough to deal with hosting companies when we face downtime on our sites on which rely for our daily income…Anyways you have done a great job by taking all the steps to keep you on the safe side :) Thanks for sharing

  • Dave

    Nice post Pat,

    Its something that couid happen to the majority of online businesses. I was working in a major international bank when we suffereed a similar attack, the top professionals we had struggled for several days. A good cautionary story that people really should learn from, you did remarkable well to stay calm for a week – not sure I would have done.

  • tiep thi lien ket

    It will be interesting to see if there were any long term repercussions of your site going down. I think you should setup firewall for host

  • ben krahne

    Man that sucks , be like truck driver with no tires
    Glad you up and running again, always little curves in the road eh Pat

  • Chris

    Whew! Glad you made it through. You employed one of the only fixes for DoS attacks. Hopefully it won’t happen again! As they use the same paths your customers use to visit the site, there really is no defense… They’re especially nasty for the smaller guys!

  • Liam

    One word, Rackspace. You need to be using them.


    very interesting!

  • Steven Leggett

    Hey Pat,

    I’ve been advising to clients for a long time, do not host your website and email under the same service. For 99% of people email is critical and the website is secondary. What I suggest is the following:

    1) Use a third party DNS provider in the cloud
    I suggest Amazon Route 53.
    If you have a VPS or even dedicated server, you have two nameservers, eg: and These route traffic for your domain, to your dedicated server, think of a traffic officer. The problem lies in that if your dedicated server or VPS is down, so is the service that routes all traffic to make your domain “just work”, think traffic cop goes on donut break…

    My moving your DNS to a third party, even if your server or VPS goes down your domain will still route properly…. Why this is important is when it comes to my second point.

    2) Use third party cloud based email, like Google Apps for Business ($5/mo per user or $50/year).
    By offloading your critical email, especially when we’re talking about your business is the first priority, you can still communicate and receive email if your sites down. Your dedicated server or entire hosting provider can go up in smoke but your email will still work – only if you’re using a cloud DNS Provider as well!

    Many hosting companies actually rely on email as the priority source for support… so having this up also makes sense.

    If anyone needs tips on this I’d be happy to help. Almost every provider supports this setup and you can move to it for very low cost while staying online when its most critical.

    – Steve

    * Disclaimer: I resell Google Apps services and host clients with Route 53 and use them both for my business.

  • Mark

    I’m sorry this had to happen to you my friend. I am interested to see how this will shake out financially for you when you post your monthly income report. Of course inevitably quite a bit of sales will be lost, but the question remains did your customers postpone any purchases till you were back online? Were the numbers the week after this event more than expected?
    Thanks again for being so transparent with your income. Without that transparency your readers wouldn’t know the answers to these questions.

  • Filla Man

    I have this situation that is really putting breaks on my passive income earnings, and since you might have gone through that I will need your advice on what to do. The company that is hosting my website/blog/forum always complains whenever I start getting a lot of traffic. They will send me a mail saying that I am using a lot of bandwidth per month and that they think a lot of the traffic coming into my website is spam traffic and it is slowing down all the other websites on their server. They will then say that if I do not limit the spam traffic within 24 hours, they will kick my website out of their servers. I also realized that whenever they will complain in this way, I will try logging into my website and it will load very very slowly……I tried other host and they all complain along the same lines………………..Now my question is, as a new webmaster, if you are faced with this situation how do you grow your website to start earning enough money such that you can afford a VPS or dedicated server.?……I know some people will simply advice me to shift to a VPS or dedicated server, but it does not seem like a good strategy for me when the current website does not yet have enough traffic/earnings to pay for a dedicated server or VPS. Since the current host I am using will not allow me to grow my traffic on the first website, how can I even make enough traffic/earnings to enable me get a dedicated server and build more websites?………………….Your answer and advice to this question will be highly appreciated………Thanks


  • make money blogging

    wow, i enjoyed reading through this post and i learn how to secure my wordpress blog, and l like your courage Sire Pat!!!

  • NoSympathy

    Haha, it’s amazing you’ve gotten this far with so little technical knowledge Pat. May be an area you should focus on in 2013 as it could help you come up with huge ways to improve your business processes or offer a new technology.

    • Pat Flynn

      I disagree with you – it’s not that amazing because ones doesn’t really need that much technical knowledge to build a business online these days anymore. Case in point: myself.

      No sympathy necessary 😉

  • Sujit

    Pat, this is one of the dreaded situation. I ve been down 3 times each for weeks. Didnt the down time has an afterlife consequence in search and rankings. 1st downtime 3 week long, I lost my dmoz listing and pagerank from 3 to 0. 2 nd due to universal DDOS attack. After years I had fought to bring my blog back to pg rank 3 and 3000+views per day And 3rd wave took me down for a 10 days. Lost my seach rankings tooks me to a 500 views per day currently. I dont dare dedicated hosting as I am a hobby blogger.
    I wanted to know about the effect it had on searches.
    Do reply
    Admin from

  • MeymiGrou Mey

    Really cool that you share the whole story. Keep up the good work mate :)

  • Amma Rany

    Its really a nice post, the content of this blog is really awesome and extraordinary.And also please Read link bvba Woodstone which provide information server monitoring software & server monitoring tools

  • jaklin badr
  • mlody.1039

    Your should look at cloudflare it will help with DDoS if you set up right. What is does it hide the real IP of your server so if attacker attack it will attack the CloudFlare server which have DDoS Protection so your server will be online as normal and it’s 100% free which I use for my websites never got any single DDoS attack and getting over 20k traffic per day.

    Also by reading your Hosting Provider can’t detect DDoS attack that’s not a good sign by telling it could by WordPress plugin issue etc. the Graph showed clearly what it was or just network lookup.

    So I would recommend to protect you website like with service like CloudFlare because once you got DDoS attack it will happen again and again when attacker find out you changed the IP or there could be new attack probably another person with same service who would like to put you down.

  • sqiar

    It’s actually a cool and useful piece of info. I am glad that you simply shared this useful info with us. Please keep us up to date like this

  • Asma Shahzadi

    Im experiencing this issue. I have my site with of the organization at our town and that had server from a US based organization and now the US organization has shut and not notwithstanding reacting to us. Along these lines im not able to exchange my site. Experiencing huge misfortune ordinary most recent 2 months.

    my wesite

  • Omnigusted

    I am incredibly angry to learn that the blasted “DDoS protection by CloudFlare” is actually an attacker which somehow got past all the computer-protection devices I have been advised to use…and I did install those devices.
    I did contact an $xx.oo per month, “insurance” that I believed would assist me with comp-woes; the inability to understand the “English” being spoken to me plus a bout of salmonella allowed me to forget just why I was worried…
    I will try now to find/follow instrux for idiots as to how to get rid of DDos, etc.
    If that fails my decision to buy a “comp for seniors” will happen sooner than I had thought it might.
    WTH did MSoft allow this mess to happen? Because it can, that is why. Another reason to hate MSoft; I stupidly thought that reverting from the loathed W8 to W7 might make invaders easier to spot. THAT WAS WRONG AND IS ALL MY FAULT.

  • Omnigusted

    Addition to prior words…according to posts below this ____ has been around for 3+ years.
    I NEVER HEARD OF THE THING; its’ this-month appearance on my monitor did not initially alarm me.
    It seems that a lot of posters are Business-people; I am definitely not using the ‘net for business, just simple-old-lady using a computer.
    Until I can get my “insurance” site to fix this bleep I will not use my comp for ANYthing.
    Shutting down, right after notifying all in my Contacts that if they see that buttinsky Ddos, RUN to get it bombed out of existence. I do not look forward to the “computer withdrawal” I know will happen here with myself and my machine. OH, ****!!