In November the Deflect network served pages to many legitimate visitors interested in breaking news reported by deflected websites, and mitigated automatically some intense attacks.
During the month, Deflect served 585 million pages to 9.8 million visitors, with a slight increase of unique IPs as compared to our October statistics, suggesting a rise in the number of our legitimate visitors despite the decrease in the total number of requested resources. This is also reflected by the statistics on banned bots, which dropped from 50,323 in October to 38,740 in November.
As in August, the peak in legitimate requests we recorded last month was linked to news from Uzbekistan, which also explains why we can clearly see a higher number of hits from a country where the internet, and most of the websites protected by Deflect, are censored for common citizens (but probably not for members of government and connected people).
Beyond the number of unique visitors and requests, here are two pie charts describing Deflect’s cache response and our visitors’ operating systems.
In November Deflect mitigated automatically all DDoS incidents targeting our network, including one major attempt on the 15th November that didn’t last long, possibly because it was being blocked by our edges.
Bots used in these attacks originated mostly from the US, Germany and the Russian Federation. One detail sets apart last month’s statistics from what we observed in the previous months — WordPress doesn’t appear among the most used user agents in botnets, which suggests a change in attack methods.