• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login
What Are Ethical Hackers?

How to Know If You Are Under DDoS Attack

July 1, 2019Stephen Johnston

28
SHARES
FacebookTwitterSubscribe

Nowadays, DDoS is a pretty recognizable term. Though many webmasters don’t know exactly what a DDoS attack is—its method is very subtle to identify—they’re pretty sure it’s a bad thing. And that’s a correct assumption. In this article, we will focus on how to know if your website is under attack and how to protect it from it.

What is a DDoS Attack?

DDoS stands for Distributed Denial of Service. Like the name implies, a DDoS attack focuses on damaging a service such as:

  • a website,
  • an internet service provider (ISP),
  • the Nasdaq Stock Market,
  • a NASA probe,
  • a game server.

Practically anything connected to the internet is a potential target. An attacker would use a number of machines across the internet to send a high volume of fake traffic to the site, all in an attempt to overload server resources and bring the site down.

There are many types and sizes of DDoS attacks and they can be lethal regardless of their size. A powerful DDoS can be as tiny as one request per second and still have devastating effects on a website.

This process is mostly automated; you aren’t being targeted specifically. Of course this doesn’t matter to those affected by it though, as the results can be very detrimental for the site, especially if it is an ecommerce website.

If you want to know more about the types of DDoS attacks, read our guide on what a DDoS attack is.

Legitimate Traffic or a DDoS Attack?

So, how can you tell if your site is just doing really well (traffic-wise) all of a sudden or if you are currently experiencing a DDoS attack?

If a site goes down due to a spike in legitimate traffic, then this time frame would generally only be for a short while until you’re back up and running again.

But let’s say an online retailer with blackhat-hacking skills wants to keep people away from the competitor website without them being aware of it. The hacker can DDoS the website a few times a day, at random periods throughout the day just to make the competitor’s customers mad so they start complaining about how slow the competitor’s website is. The hacker’s server would throw 500 hits per day (nothing out of the ordinary), and the site wouldn’t be down for more than a few seconds, in intervals. Even “milder” DDoS attacks like this one hurts the victim’s business and reputation.

It is also possible to check analytic tools and see if a specific traffic source continues to query a certain set of data long after the Time To Live (TTL) for the site has elapsed. This is the time frame that you set for your site to discard held data and free up resources.

What Does a DDoS Attack Look Like?

We have hosted a webinar that shows a live website being DDoSed. You can watch how the server resources are depleted and how  this disrupts the website’s performance in a matter of minutes.

What are the Signs of a DDoS Attack?

There are two key indications that you might be facing a DDoS attack:

  • When the website is unavailable – website latency;
  • When it takes a long time to access the website;

How to Defend Against a DDoS Attack

These steps defend your site against DDoS attacks:

Monitor your website activity.

Track your network activity carefully so you can recognize when anything is amiss. This will help you identify traffic spikes and if a DDoS attack might be occurring.

Improve your website capacity.

Have a high enough capacity to carry the load and optimize for performance during spikes. Architect with mitigation in mind. Adding your website to a website firewall is a great idea in order to do that.

Use a website security provider.

Many companies reasonably decide that they do not want to deal with the DDoS challenge internally, so they partner with third parties, such as Sucuri.

Consider the impact if unprepared.

Figure out the impact that a DDoS attack would have on your company financially if it were to happen. The cost associated with being attacked is usually much higher than the cost to take safeguards, especially for ecommerce businesses and during holidays.

Use a Web Application Firewall.

The DDoS mitigation feature of the Sucuri website firewall automatically blocks fake traffic and requests from malicious bots, without interfering with your legitimate traffic sources. In addition, your website will be over 70% faster after you add it to the Sucuri WAF.

Our cloud-based network can mitigate large network attacks (Layer 3 & 4), and we specialize in handling Layer 7 attacks against web applications.

Conclusion

In conclusion, while DDoS attacks may be a common occurrence, it does not mean that you need to accept it as a part of your company’s online presence.

Regular monitoring of your system and outer defense—through the use of a Web Application Firewall—will render this attack impotent. You can continue to move your company forward without the fear of any setbacks.

When it comes to attacks against your livelihood, it is always better to be proactive than reactive.

 

28
SHARES
FacebookTwitterSubscribe

Categories: Security Education, Sucuri, Website SecurityTags: DDoS, Website Monitoring

About Stephen Johnston

Stephen Johnston is Sucuri’s Agency Consultant who joined the company in 2017. Stephen's main responsibilities include brokering partnerships between Sucuri and valued agencies,as well as assisting in account management and further education in web security. His professional experience covers over 20 years in customer care and IT service, as well as 10 years in security systems. When Stephen isn’t assisting agency partners with implementing new security measures for their business, you might find him spending time with his family, playing guitar, or beating the latest video game. Connect with him on our Twitter.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Get Peace of Mind

2019 Threat Report

WAF Free Trial

Mitigation of a DDoS Attack

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.