Unfortunately, Memset has no way to determine why your server is being attacked. The only information that we have is the the quantity of data being directed at your server. It is impossible to deduce the motivation of the attacker from this information.

However, some common reason for DDoS attacks are extortion, stifling competition and retaliation. Sometimes criminals will DDoS a site in order to demand payment to stop. If this is the case then we suggest that you contact the UK National Cyber Crime Unit here:


We will be happy to work with them (with your consent) once they contact us.

Other common reasons can be Bots / Botnets / Automated Processes looking at sites to target, to either find Vulnerabilities to Exploit, or to Brute Force. Quite often due to the number of connections these processes make in very quick succession, they can causes a "DoS" like affect on your server where you server becomes in

There are also documented cases involving DDoS's that have been initiated by unscrupulous site operators against competing sites.

Finally there are adolescents who move in online circles where credibility is gained through hacking servers and taking sites offline. Once a site on your server, especially a CMS site such as Joomla, Wordpress, Drupal etc, has been compromised it can be used to hack and attack other sites. When this is done against another hackers sometimes a DDoS attack in retaliation against your server ensues.