My webserver is under attack. DDOS and malicious script work in unison to bring down the webserver and also serve spam ads on my working websites. And they've succeeded in bringing the entire webserver down making all my websites hosted on it to go offline.

This attack is analogous to a rat.

Imagine your webserver as a large house with many rooms, each room representing a different folder or website on the server. One day, a small hole appears in the house, perhaps a broken window or a crack in the wall. This hole is like a vulnerability in your webserver.

Through this hole, a rat (the malicious script) sneaks into the house. The exact room it enters is unknown. Once inside, the rat begins to multiply, with new rats scurrying off into different rooms, infecting more and more of the house. This is like the malicious script duplicating itself and spreading to different folders and websites on your webserver.

To deal with the infestation, you call in an exterminator (the anti-malware software). The exterminator manages to get rid of most of the rats, about 90% or more. The house seems to be rat-free, but there’s a catch.

The rats in this house are not ordinary rats. They are controlled by external forces - people outside the house who can call the rats back into action. These people represent the external computers that try to activate the malicious script via the web. Even though the rats seem to be gone, the people outside can still see the house (as seen through the webserver logs) and try to call the rats back.

In this scenario, the house remains vulnerable until the hole is fixed, just as the webserver remains vulnerable until the security hole is patched. And just as you would remain vigilant for signs of a recurring rat infestation, you need to keep monitoring your webserver logs for signs of recurring malicious activity.

I still havent found the original hole yet but I am fortunate that there are anti-malware scripts that find and delete these malaicious files from my webserver. However the pings from outside is something I cannot control but I have found the IPs of this malicious attackers and banned them from accessing my webserver.