Today I got a call from a friend. He reported current issues with performance on all if his pages – honestly: the page was out of busines.
All of a sudden the load time of the webpage increase without any changes in configuration, release change and without any measureable hardware defect.
The friend is using various technologies to monitor – such as real user monitoring from the browser of his users and synthetic external monitoring beside of various internal monitors.
Hack attacks could also easily be excluded by checking the logfiles for a special agent string or dedicated amout of ip-ranges trying to access the page.
Than we excluded other issues by checking the synthetic monitoring which clearly showed no issues with bandwith (long content download times), connectivity and DNS times. Symptoms were high CPU, long first byte times and a feaking load of traffic from all over Germany.
After excluding all issues which could happen from inside we started to investigate time for external issues. But again – none of the included 3rd parties cause any issues (not the ads or the CDN)
By checking the analysis tool (tracking pixel) for referrers we finally found the issue!
One issue wich is really bizarr – and not really measureable.
One advertiser included the complete webpage instead of the banner on the adserver. So with every call of other pages (where the ad should appear) the complete webpage of the customer was requested….
Like a DDoS attack provoked by a little mistype.
Strange things can happen all the time……