Nowadays, the term DDoS probably raises the heart rate of most webmasters. Though many don’t know exactly what a DDoS attack is, they do know the effect: an extremely sluggish or shut-down website.
In this article, we’ll focus on how to know if your website is under attack and how to protect it.
Hopefully, we can help you handle DDoS attacks without having a full blown meltdown.
What is a DDoS Attack?
DDoS stands for Distributed Denial of Service. Like the name implies, a DDoS attack focuses on damaging a service such as:
- a website
- an internet service provider (ISP)
- the Nasdaq Stock Market
- a NASA probe
- a game server
Practically anything connected to the internet is a potential target.
The same goes for the source of DDoS attacks: Common culprits include hacked web servers and “internet of things” devices like smart appliances, routers, and even CCTV cameras.
Causes can be accidental or intentional. But a large criminal industry has grown around offering DDoS attacks as a service. There’s a market for attacks on sites, including competitors looking to tarnish others’ reputations and those denying online presence for political reasons.
A DDoS attack simply works like this: An attacker uses a number of machines across the internet (or what’s called a “botnet”). Those machines send a high volume of fake traffic to the target site, all in an attempt to overload server resources and bring the site down.
There are many types and sizes of DDoS attacks and they can be devastating regardless of their size. Even an attack from a single system (DoS) can paralyze a site, so consider the ruthless efficiency of a multi-system attack through DDoS. A powerful DDoS can be as tiny as one request per second, and it can still have devastating effects on a website.
Some services are specifically targeted. Interestingly though, the process is largely automated, and most sites affected are randomly selected. Of course, this doesn’t matter if you’re a target. Regardless of the reason, the results can be detrimental, especially for an ecommerce website.
If you want to know more about the types of DDoS attacks, read our guide on what a DDoS attack is.
What Are the Signs of a DDoS Attack?
There are two key indications that you might be facing a DDoS attack:
- When the website is unavailable
- When it takes a long time to access the website
If you’re seeing these website latency issues unexpectedly, it’s time to investigate.
Legitimate Traffic or a DDoS Attack?
Since a DDoS attack generates lots of traffic toward your site, it creates a tricky predicament. How can you tell if your site is just suddenly doing really well (traffic-wise) or if you are currently experiencing a DDoS attack?
If a site goes down due to a spike in legitimate traffic, then the time frame would generally only be for a short while until you’re back up and running again. Sustained spikes in traffic are rarely random, and you’d likely be able to identify reasons for it in legitimate cases. Say, a major advertising campaign or a piece of viral content.
But more subtle attacks aren’t as simple to discern. Let’s say an online retailer with blackhat-hacking skills wants to keep people away from a competitor’s website without them being aware of it. The hacker can DDoS the competitor’s website a few times a day – potentially at random periods throughout the day just to make the competitor’s customers upset with how slow the website is. If the hacker’s server threw 500 hits per day (nothing out of the ordinary), the site wouldn’t be down for more than a few seconds, in intervals. Even mild DDoS attacks like this one hurt the victim’s business and reputation.
Generally, the best way to examine a potential DDoS attack is through analytic tools. Check to see if a specific traffic source continues to query a certain set of data long after the Time To Live (TTL) for the site has elapsed. (This is the time frame that you set for your site to discard held data and free up resources.) If that’s the case, you’re likely looking at a DDoS attack, since legitimate traffic won’t behave in this way.
What Does a DDoS Attack Look Like? (An Example)
To give you an idea of what an attack looks like, we developed this live example of a website being DDoSed. You can watch how the server resources are depleted and how this disrupts the website’s performance in a matter of minutes.
After watching the video, you’ll be able to better recognize the traits of an attack on your own sites.
How to Defend Against a DDoS Attack
These steps defend your site against DDoS attacks:
Monitor your website activity.
Track your network activity carefully so you can recognize when anything is amiss. This will help you identify traffic spikes and if a DDoS attack might be occurring.
Improve your website capacity.
Mitigate the effects of any traffic spike by having a high enough capacity to maintain good site performance through it. Hosting solutions with higher levels of processing and memory resources – or ones that can automatically scale – handle load better than lower levels. And a content delivery network (CDN) helps offload some of the weight, too.
Use a website security provider.
Many companies reasonably decide that they do not want to deal with the DDoS challenge internally, so they partner with third parties, such as Sucuri.
Use a Web Application Firewall.
As an example, the DDoS mitigation feature of the Sucuri website firewall automatically blocks fake traffic and requests from malicious bots, without interfering with your legitimate traffic. Our cloud-based network can mitigate large network attacks (Layer 3 & 4), and we specialize in handling Layer 7 attacks against web applications.
Consider the impact if unprepared.
While most of these safeguards do increase your investment in security, the cost is usually much smaller than the financial impact of a DDoS attack (or any other hacking attempt). An attack on an ecommerce business during the holiday shopping season can break the entire company’s profitability for the year.
In conclusion, while DDoS attacks may be a common occurrence, it does not mean that you need to accept it as a part of your company’s online presence.
Regular monitoring of your system, mitigation preparations, and outer defense – through the use of a Web Application Firewall – will render this attack impotent. You can continue to move your company forward without the fear of any setbacks.
When it comes to attacks against your livelihood, it is always better to be proactive than reactive.