Being targeted by hackers and other shady characters is a horror for any website owner. Unfortunately, using services to make websites inaccessible is becoming easier and less expensive to regular visitor traffic.
DDoS attacks, in particular, are on the rise. Here you will learn what the dangers are for your website and how you can arm yourself against them.
Every website owner should be aware of the threat that a DDoS attack poses. The acronym stands for “Distributed Denial of Service,” and it is also known as a “distributed network attack”. In this case, a website’s server and other network systems are deliberately overloaded with requests from many devices and brought to their knees.
Attacks of this type are, unfortunately, a common threat. The more popular your website, the more likely it is that someone will use a DDoS attack to harm your sales or reputation. This can be devastating, especially if you don’t understand what’s going on or how to handle it.
These days, it’s also getting easier and cheaper to buy DDoS services. Because of this, businesses and websites are more at risk than ever. With the proper precautions, DDoS attacks can be prevented or even stopped in the bud.
What is a DDoS attack?
A DDoS attack is a sudden flow of artificial traffic intended to cause damage and cripple a website’s server and make it inaccessible to real visitors. When your server receives more requests than it can handle, it slows down or crashes, and no one can load your page.
By comparison, a typical denial-of-service (DoS) attack can come from a single source. A DDoS attack, on the other hand, consists of a large number of targeted requests originating from tens, hundreds, if not thousands, of individual devices. These are typically hacked computers that are secretly running malicious software in the background. These devices work together to form a botnet or zombie network.
But botnets aren’t limited to computers and phones. Tablets, security cameras, or even household devices such as Internet-enabled dishwashers, televisions, security cameras, or baby monitors (which are often very poorly protected or not protected at all) can also form a botnet.
This is also what makes a DDoS attack so bad. Because they involve real devices in different locations, they appear like normal logins and are difficult to distinguish from real visitors, even during an active attack.
DDoS attacks typically last only a few hours. However, in severe cases, they can last for days. The most extended DDoS attack lasted 509 hours or nearly 21 days. But even the most extreme cases usually clear up in a day or two: More than 80% of attacks last less than four hours. More than 90% finished after nine hours at the latest.
What happens during a DDoS attack?
Network resources such as web servers can only handle a certain number of requests at a time. The bandwidth of the server’s Internet connection and other layers of the network are also limited.
Attackers can therefore attack several attack points, even simultaneously. The more complex the attack, the more difficult it is to distinguish attack traffic from regular requests. As a result, countermeasures may be less effective.
When the number of requests to network components exceeds the capacity limit, your website begins to fail. Load times increase, and Users are forced to wait longer and longer. Eventually, the server may crash and cease responding to requests entirely. You will no longer be able to log in or access your WordPress user interface or server administration, such as cPanel, if they are also present.
Worse still, however, are the consequences of a DDoS attack: For the companies and organizations affected, it can mean significant economic damage. Depending on the time of sale, Being down for a few minutes can quickly cost thousands of dollars in lost profits.
Image loss should also not be underestimated. 88% Users are less likely to return to a website after a negative experience, such as extremely long load times. Not only could you lose new visitors who may never come back, but your repeat customers will likely be annoyed and blame you for the downtime.
If you can’t get your host to shut down their server quickly, you could end up with terabytes of expensive bandwidth overage.
The good news is that while DDoS attacks can have critical consequences, they usually don’t pose a direct security risk. Your website can be taken offline, but your credentials and usernames aren’t automatically compromised.
Why do DDoS attacks target websites?
There are numerous reasons for this. you could be attacked. Either way, the goal is to make your site inaccessible to others. This can happen for several reasons:
- As a reaction to a controversial statement by you or a decision by a company that the attacker disagrees with (hacktivism).
- During a critical sales period, a competitor may decide to disable your website, leaving only their site accessible.
- To damage your reputation.
- To distract IT staff, while hackers break into your site. (This is a rare instance in which DDoS attacks can be dangerous).
- Ask for a ransom.
- Or just out of boredom.
It’s surprisingly simple and inexpensive to rent a botnet and temporarily shut down a website. Other hackers have already done the basic work, and now anyone can hire them on a temporary basis.
As a result, the frequency and severity of DDoS attacks have increased. have increased dramatically over the course of time. In 2019 alone, there was a 180% increase over the previous year. Whatever the motivation behind it, more accessible access is a major incentive for small DDoS attacks. Fortunately, these are the easiest to stop.
By whom and why DDoS attacks are commissioned
Even to computer novices, it will be evident that anyone who implements a DDoS attack is necessarily an individual with considerable technical skills in computer science, i.e. a hacker. If this characteristic of the “hitman” is quite apparent, the identity and motivation of those who commit these criminal actions are less evident.
Given that the ultimate goal of the attacker is to completely prevent the normal functioning of the web resource, it is necessary to understand what his gain is in this regard. Often the motivation is strictly linked to money: the author simply intends to blackmail the owner of the site/server in order to obtain a ransom.
In other circumstances, DDoS attacks are used to distract attention from criminal activities of a very different entity that are being committed against banks, government or financial institutions: Whether it is a fraud, espionage, or data theft, the purpose of the DDoS attack is only functional to this type of crime.
Finally, another possible motivation behind the DDoS attack may be to discredit or damage a competitor company. In this case, it would be the rival company of the damaged one that would be responsible for the “dirty game”.
The different types of DDoS attack
It is possible to conduct a DDoS attack in different ways because the variables involved are different: firstly, the hacker’s objectives (which will materialize in different strategies) and secondly, his specific knowledge (which will influence the chosen techniques).
For clarity, we will group DDoS attacks into four broad categories: TCP connection attacks; volumetric attacks; application attacks; fragmentation attacks.
Now let’s see in detail how each type of attack works:
1) Attacks on the TCP connection: by exploiting the peculiarities of the TCP protocol (simplifying it a bit, we can consider it as the highway that allows speeding up the exchange of information), the botnet storms the server with connection requests, but making that the process never ends. This stop-and-go inevitably causes system resources to run out rather quickly, making it impossible for users to access the site;
2) Volumetric attacks: these are attacks that aim to overcome the network infrastructure, consuming bandwidth. The saturation of the communication bandwidth takes place by sending, at the same time, a large number of requests for access to all the contents of the site. Also, in this case, a disproportionate volume of traffic is created, which the server is unable to manage, thus finding itself “forced” to reject any other connection attempt;
3) Application attacks: in this case, the attacks, instead of hitting the server or the distribution network in its entirety, focus on particular weak points or actual flaws in the server/distribution network.
4) Fragmentation attacks: the mechanism of this attack differs from the previous ones because instead of saturating the network, its purpose is to exhaust the system’s computing resources in an ingenious way. The access requests that arrive, in fact, are not complete but fragmented so that the attacked server uses a large part of its computing power in an attempt to reconstruct the incomplete “information packets” but without succeeding; It is not uncommon for some hackers to decide to use two or more types of attacks at the same time, to have greater security on the outcome of their criminal activity.
Some examples of fairly common DDoS attacks
Having clarified the reference macro-categories, without any claim to exhaustiveness, let’s now see some specific examples of relatively common DDoS attacks:
1) UDP flooding: the User Datagram Protocol (UDP) is a communication protocol (similar to the TCP mentioned in the previous lines) which allows an application to connect to the Internet by sending data packets. in this case, the author of the attack sends false information to UDP packets: the targeted network resource will therefore not be able to associate the UDP packet with the correct applications, consequently returning an error message. If this process is repeated over and over again, the inevitable consequence is that the system will become overloaded and stop working;
2) DNS flooding: Domain Name Servers (DNS) are computer servers that translate the URLs of websites (the full name that you type in the navigation bar) into their respective IP addresses (the numerical “labels” associated with each site) In this case, the DNS flooding attack overloads the DNS servers so that they cannot perform their function;
3) ICMP (Ping) flooding: Internet Control Message Protocol (ICMP) is an error reporting protocol commonly used by the ping diagnostic utility, which in turn is a diagnostic tool used to troubleshoot Internet connection problems.
In other words, a website is “pinged” to check if it is possible to access it. If this is not possible, the connectivity problems will be communicated, thus facilitating the solution. Ping flooding, therefore, consists of a flood of ping requests, which in the long run, end up clogging up the system’s network bandwidth.
4. SYN flooding
A SYN request is part of a three-way handshake connection sequence performed over TCP. Don’t worry. It might sound technical, but it’s pretty simple.
First, a SYN (synchronization) request is sent to a host. The host then sends a SYN-ACK (sync-acknowledge) response. Finally, the host requesting the three-way handshake finalizes the protocol with an ACK (acknowledgement) response. This process allows the two hosts or computers to negotiate how they communicate.
A SYN flood interrupts the three-way handshake in the first part. An attacker sends multiple SYN requests from fake IP addresses or simply does not respond to the SYN-ACK response from the target. The target system continues to wait for the last part of the three-way handshake, the ACK response, for each request.
With sufficient speed and volume, it is possible to constrain the resources of the target system to create new connections: the result of all this is the denial of service (Denial of Service).
5. HTTP flooding
HTTP stands for Hypertext Transfer Protocol and is the basis of data transfer over the Internet. In fact, you should see the HTTP protocol in your browser’s address bar, where the additional “S” means secure HTTP.
Like all other protocols, HTTP uses some request types to send or request information, such as HTTP POST and GET. Generally, HTTP flooding is used when hackers acquire useful information from a website and make their tracks disappear through numerous HTTP POST or GET requests that overload the web application or server.
This method uses less bandwidth but can force servers to max out their resources.
How to be prepared for a DDoS attack
Being prepared is the best remedy against such attacks. Develop a worst-case plan before anything happens. The question isn’t necessarily “if” but when an attack on your website will occur. So, better safe than sorry. Here are some guidelines for avoiding DDoS attacks.
Formulate a contingency plan
As already mentioned, the best way to counter this threat is to be prepared. Get together with the IT team and developers, so everyone knows exactly what to do in case the worst happens.
DDoS defence contingency plan
Create a contingency plan outlining precisely what everyone must do in the event of a DDoS attack: Who is responsible for IP blocking? Who contacts the web host and security vendors? Who controls how and where the attack takes place?
Also, Expect a flood of customer complaints via phone, email, and social media. Your visitors will be curious as to what is going on and why they are unable to access your website. Consider automating as many of these interactions as possible since all eyes will be For the duration of the attack, go somewhere else.
Choose managed hosting
If you don’t have a team of experienced IT professionals to deal with this issue, managed hosting is the best option.Select a host that provides DDoS protection. In this way, they will take care of all the technical aspects to safeguard your website and restore it as soon as possible.
When doing this, it’s important to do thorough research. Ask your host If they provide DDoS protection, what they do during an attack, and how they do it and handle bandwidth overcharges.
Set up uptime tracking
Automatically monitoring your site’s uptime is a required method of early detection. An uptime monitoring service notifies you if your website crashes or slows down significantly, it will notify you via email and push messages within minutes.
Your web host can offer this service out of the box. If not, Pingdom offers a professional paid solution, as does Uptime Robot, which pings your website every five minutes. Uptrends is another German solution. Other options can be found here.
Make use of a firewall and a content delivery network (CDN)
A web application firewall (WAF) is one of the most effective DDoS defenses. It sits between your website and user requests, filtering network traffic to prevent unauthorized access. Not only does this help protect against hacker attacks, but it can also contain DDoS attacks by throttling requests.
How does a Web Application Firewall work?
The DDoS attack may not reach your website at all if the attacker does not use sophisticated technology. Even if it is partially successful, much of the traffic will be dropped.
You can use a service like Cloudflare or Sucuri to set up a firewall. Unlike Sucuri, Cloudflare offers a free plan with DDoS protection, but it does not include a web application firewall. If you want the best defense, you will have to pay, unfortunately. You can find other providers here.
A CDN, or Content Delivery Network, can help with this, too – because a website that uses such a network is a little harder to take down. With a CDN, copies of the page are on different servers in different locations.
content delivery network graph
Local server vs Content Delivery Network
This way, a return after a heavy load is easier. However, it’s not a foolproof solution. If your primary server is under direct attack, a CDN can only lessen the impact, not stop it. Still, it’s a good investment, especially since many services include both CDN and DDoS protection in their packages.
What to do during a DDoS attack?
Whether you’re reading this when your child has already fallen down the well or just preparing you for the worst-case scenario: Here are some tips on what to do if your website is attacked. You can’t always do something to stop an attacker once they’ve targeted you, but neither are you completely helpless.
1. Don’t panic
It can be scary to get an email saying your website is down. A mailbox filled with user complaints is just as unsavoury. You try to visit your website or log in, and the site refuses to load. Panic ensues.
But while it’s a messy situation, DDoS attacks aren’t dangerous in and of themselves. Your data is still safe, and your login has not been hacked. You should be vigilant, of course, and make sure no one is trying to hack into your admin account in all the excitement. But a DDoS attack by itself is just a threat to your reputation and nothing more.
Regardless of whether you are prepared or are facing it for the first time: At some point, there is nothing to do but wait. A DDoS attack costs the instigator money and resources so that it won’t last forever.
Only huge and important companies can be subjected to sustained attacks. It’s likely to be all over in a few hours. Follow the steps below, and don’t stress about the rest.
2. inform your web host
In the event of a DDoS attack, you should contact your hosting provider as soon as possible to inform them of the situation. If you haven’t already, ask them about overdraft fees and DDoS protection measures. If they offer anything like that, they’ll immediately get to work stopping the attack.
Even if that’s not the case, you’ll find out what (if anything) the attack will cost you. Also, the provider can shut down your server if the situation lasts too long.
Bandwidth overloads can be expensive, and traffic from hijacked computers flows quickly. Talk to your host as soon as possible, and if you haven’t already, look for one that offers DDoS prevention and contingency services as a package.
3. Configure a CDN and Firewall
If you don’t already have a CDN and firewall set up on your server, now is a good time to do so. Security service providers will be happy to help and will often work directly with you to stop malicious traffic immediately.
Sucuri and Cloudflare are the two most popular DDoS prevention services. Once you have them up and running, their automatic measures should kick in immediately and reduce the impact of the attack. In German-speaking countries, there is also Akamai.
If you don’t see any results, turn on Cloudflare’s “Under Attack Mode” or contact your provider and ask for assistance.
4. use geo-blocking and IP blocking
You can also manually improve the situation by blocking IP addresses that don’t belong to real visitors. IP addresses are the unique identifier assigned to every device on the Internet.
If a particular IP visits your website tens, hundreds or thousands of times during an active attack, simply block it. Then he won’t be able to do any more damage and will simply be rejected. That way, you can fix part of the problem yourself.
Your hosting provider may offer an IP blocker for this purpose. Alternatively, you can simply use Raidboxes IP blocking feature. You can find it in the BOX settings:
IP blocking feature in the Raidboxes Dashboard
Geo-blocking is also a good solution. Here, entire parts of the world’s IP addresses are blocked across the board. This is very suitable if a large amount of your data traffic mainly comes from certain countries. This feature is part of many WordPress -security-Plugins. There are also extensions like IP2Location Country Blocker that can be used specifically for this.
IP blocking isn’t always effective – or effective for very long – because the attacker can simply change your address and flood your site with requests again. But it’s worth a try.
Web application firewalls perform many of these functions automatically. However, you can also look here to see if you can block proxies, enable access restrictions, or enable existing IP access control lists.
effectively prevent DDoS attacks
Unfortunately, if someone is determined enough and has the resources, it’s impossible to stop them from launching a DDoS attack against your website. However, this doesn’t mean that you should sit around and do nothing. There are several things you can do to prevent most minor attacks and minimize their impact.
Even if someone wants revenge on your business, they won’t be able to keep it going for long without paying big bucks. Compared to the damage done, it’s usually not worth it. Eventually, every DDoS attack must stop – even if it’s only when the attacker gets bored.
A firewall, CDN, and quality hosting provider are your best bet for preventing DDoS attacks. Take the necessary precautions before the worst happens. And have a plan in place so you and your staff can get things under control as quickly as possible.