How to kill an affiliate network with DDoS and how to protect

How to kill an affiliate network with DDoS and how to protect

Do you want to kill a competing affiliate network on a couple of days? Or do you want to multiply the risks of getting such a bullet into the server? A DDoS attack puts the server down due to the huge flow of requests. The method is not new and there are many supposedly “methods” of protection. The most common is CloudFlare.

Everyone believes that CloudFlare can:

  1. Hide the server’s real IP.
  2. Protect against DDoS attacks.

Spoiler: NO!

Why won’t CloudFlare help you protect yourself?

CloudFlare itself helps a lot by hiding the real IP address of the server. If the target IP is known, the attack becomes much easier and no system will stop it. Quality DDoS sends MILLIONS of requests per SEC. Both CloudFlare and the Lord God himself will miss at least 0.1%. And this is already enough to put the server on the shoulder blades.

How to DDoS an affiliate program cheaply and effectively?

To achieve dark goals, you need to have a real IP address of the server where the tracker or the affiliate network engine is located. How to get it if CloudFlare is installed? Easily. We need a postback.

The algorithm is simple:

  1. Register with the target network.
  2. Create a test stream for any test offer.
  3. We put the postback on our server, which will be able to record the IP address of the incoming request.
  4. Make a test lead for your stream.
  5. Receive a postback to our server.
  6. Done, we probably have the server’s real IP address.

There must be a script on the server that will extract the necessary data. I will give an example that can be used if there is no less lazy programmer than me:

file_put_contents( 'ips.txt', "$ipn", FILE_APPEND );

Or, just in case, immediately more data:

$data = json_encode( $_SERVER, JSON_PRETTY_PRINT );
file_put_contents( 'ips.txt', "$datann", FILE_APPEND );

Now we need to look for the headers REMOTE_ADDR, HTTP_X_FORWARDED_FOR, HTTP_X_REAL_IP and stuff like that. The main thing is not SERVER_ADDR – it’s you.

Then it remains to take the IP of the server and start a DDoS attack. Cheap and efficient.

How to protect the network?

The solution is simple. As an affiliate platform creator, I know how dozens of CPA networks work. From my experience, not more than 40% of affiliates use the solution that we will talk about now.

It is necessary to send everything, in general, all outgoing requests from the server through a proxy. Either take it from someone, or take a few cheap servers for $2 yourself and set up proxying. If possible, traffic should be distributed to multiple proxy servers. If there is one, it can also be put through DDoS and there will be no result.

You can implement the scheme in a smarter way. You need to take a proxy through any adequate service, where there is an hourly rotation of addresses. I recommend to everyone. Why exactly them? Yes, they have a cat in a spacesuit on the main one! Isn’t that enough?!

What is good in the service? Firstly, in the event of an attack on a proxy, it will fall, but the address will immediately be replaced and everything will work. Secondly, the address pulled out through the postback will no longer be relevant by the time of the attack due to rotation. In this case, it is enough to take even the simplest server proxy with any geo.

In my AlterCPA, I implemented it a long time ago and so far no network failed from such DDoS attacks.

How to escape if the attack has already begun?

Almost all providers have the ability to add and remove server IP addresses. This is done through the host panel. And if the network is already starting to die, then you just need to remove the current IP address, just disable it entirely and take a new address for the same server.

This is enough to save the data. After that, you need to reconnect the rest of the infrastructure with the server using the new IP. Of course, with the introduction of proxies both inside and outside.


In 2022, you can still easily put an affiliate program through DDoS. How much money does an affiliate network lose if all its traffic goes to milk for at least an hour? The question is rhetorical.

Make a network of proxy servers and send all requests, including postbacks, only through them. And don’t rely on CloudFlare alone.