Sucuri Blog

Website Security News

What Are Ethical Hackers?

How to Know If You Are Under DDoS Attack

Nowadays, DDoS is a pretty recognizable term. Though many webmasters don’t know exactly what a DDoS attack is—its method is very subtle to identify—they’re pretty sure it’s a bad thing. And that’s a correct assumption. In this article, we will focus on how to know if your website is under attack and how to protect it from it.

What is a DDoS Attack?

DDoS stands for Distributed Denial of Service. Like the name implies, a DDoS attack focuses on damaging a service such as:

  • a website,
  • an internet service provider (ISP),
  • the Nasdaq Stock Market,
  • a NASA probe,
  • a game server.

Practically anything connected to the internet is a potential target. An attacker would use a number of machines across the internet to send a high volume of fake traffic to the site, all in an attempt to overload server resources and bring the site down.

There are many types and sizes of DDoS attacks and they can be lethal regardless of their size. A powerful DDoS can be as tiny as one request per second and still have devastating effects on a website.

This process is mostly automated; you aren’t being targeted specifically. Of course this doesn’t matter to those affected by it though, as the results can be very detrimental for the site, especially if it is an ecommerce website.

If you want to know more about the types of DDoS attacks, read our guide on what a DDoS attack is.

Legitimate Traffic or a DDoS Attack?

So, how can you tell if your site is just doing really well (traffic-wise) all of a sudden or if you are currently experiencing a DDoS attack?

If a site goes down due to a spike in legitimate traffic, then this time frame would generally only be for a short while until you’re back up and running again.

But let’s say an online retailer with blackhat-hacking skills wants to keep people away from the competitor website without them being aware of it. The hacker can DDoS the website a few times a day, at random periods throughout the day just to make the competitor’s customers mad so they start complaining about how slow the competitor’s website is. The hacker’s server would throw 500 hits per day (nothing out of the ordinary), and the site wouldn’t be down for more than a few seconds, in intervals. Even “milder” DDoS attacks like this one hurts the victim’s business and reputation.

It is also possible to check analytic tools and see if a specific traffic source continues to query a certain set of data long after the Time To Live (TTL) for the site has elapsed. This is the time frame that you set for your site to discard held data and free up resources.

What Does a DDoS Attack Look Like?

We have hosted a webinar that shows a live website being DDoSed. You can watch how the server resources are depleted and how  this disrupts the website’s performance in a matter of minutes.

What are the Signs of a DDoS Attack?

There are two key indications that you might be facing a DDoS attack:

  • When the website is unavailable – website latency;
  • When it takes a long time to access the website;

How to Defend Against a DDoS Attack

These steps defend your site against DDoS attacks:

Monitor your website activity.

Track your network activity carefully so you can recognize when anything is amiss. This will help you identify traffic spikes and if a DDoS attack might be occurring.

Improve your website capacity.

Have a high enough capacity to carry the load and optimize for performance during spikes. Architect with mitigation in mind. Adding your website to a website firewall is a great idea in order to do that.

Use a website security provider.

Many companies reasonably decide that they do not want to deal with the DDoS challenge internally, so they partner with third parties, such as Sucuri.

Consider the impact if unprepared.

Figure out the impact that a DDoS attack would have on your company financially if it were to happen. The cost associated with being attacked is usually much higher than the cost to take safeguards, especially for ecommerce businesses and during holidays.

Use a Web Application Firewall.

The DDoS mitigation feature of the Sucuri website firewall automatically blocks fake traffic and requests from malicious bots, without interfering with your legitimate traffic sources. In addition, your website will be over 70% faster after you add it to the Sucuri WAF.

Our cloud-based network can mitigate large network attacks (Layer 3 & 4), and we specialize in handling Layer 7 attacks against web applications.

Conclusion

In conclusion, while DDoS attacks may be a common occurrence, it does not mean that you need to accept it as a part of your company’s online presence.

Regular monitoring of your system and outer defense—through the use of a Web Application Firewall—will render this attack impotent. You can continue to move your company forward without the fear of any setbacks.

When it comes to attacks against your livelihood, it is always better to be proactive than reactive.

 

About Stephen Johnston

Stephen Johnston is Sucuri’s Agency Consultant who joined the company in 2017. Stephen's main responsibilities include brokering partnerships between Sucuri and valued agencies,as well as assisting in account management and further education in web security. His professional experience covers over 20 years in customer care and IT service, as well as 10 years in security systems. When Stephen isn’t assisting agency partners with implementing new security measures for their business, you might find him spending time with his family, playing guitar, or beating the latest video game. Connect with him on our Twitter.

Reader Interactions