Primarily there are two ways we get affectd by DDoS attacks We get attacked directly We get hit via collateral damage. This means the attack isn't aimed at us but is large enough the entire datacentre is being rocked by it. If we're affected by #1, we do have some protection which kicks in up until a certain limit. I won't disclose this amount but yes "we have protection". However cleaning traffic isn't easy and depending on the data sent it can sometimes cause a hiccup here and there. With #2, there is nothing we can do. The attack isn't aimed at us and instead is clogging the datacentres pipes to the extent everyone in the datacentre is affected, not just us. All the "protection" in the world can't save you if there's too much filling the line. I don't take joy in saying this and I'm not about to go blaming server performance on attacks (as some of you seem to think I do). If I'm providing a rock-solid experience 99% of the time and we're seeing record uptimes internally, you really think that the server is going to suddenly start lagging on off-peak days? Edit: For reference, this is the last hour of traffic (2016/06/21), the blue line is our "incoming" which shows we're not being hit.
Update - It seems the entire IP range of /24 is in their traffic scrubbing system. /24 is 256 IPs. I own 16 of said IPs in that range.