What is DDoS?
Simply put, a DDoS attack on a website is a network-borne attack that is designed to put a website offline by overwhelming it with traffic. A DDoS attack can come from a single source, or increasingly from botnets on several sites infected with robot malware. Companies need to protect against DDoS attacks on their websites.
There are three basic types of DDoS attacks:
- A web server attack. Bandwidth and application intensive service requests overwhelm a webserver and crowd out regular traffic;
- A communications protocol attack targeting servers, firewalls and other web services like load balancers with the objective of overwhelming their resources; and
- An amplification attack is designed to overwhelm the link between the website and the Internet with extreme volumes of traffic that consume and monopolise an organisation’s bandwidth.
What do Hackers Gain from DDoS Attacks?
The reasons for mounting a DDoS attack are varied. A mischief-making hacker may gain simple enjoyment from a successful DDoS attack and other reasons are perhaps commercial. The FBI has noted an increase in DDoS attacks against e-commerce websites by competitors seeking to put them out of business. Another possibility is a hacker using a DDoS attack as a diversion before mounting another type of hack attack while your attention is distracted.
Can you prevent DDoS Attacks?
The simple answer is “No“. Some attacks throw as much as two Terabytes or more per second at your system, so prevention is nearly impossible. However, you can reduce their effect and keep your systems up and running. Here are six ways to do that:
A Web Application Firewall
A web application firewall (“WAF”) sits between the Internet and the webserver. It can be set up to protect the targeted server from some types of malicious traffic.
Have at least double the bandwidth you think you will need at peak load. That will accommodate those traffic surges caused by marketing events but won’t prevent a DDoS attack. What it will do is give you a few minutes more to react and implement your mitigation strategy.
Use those precious few minutes before your web server collapses by:
- Rate limiting your router;
- Adding filters to your router to drop packets from obvious DDoS packet sources;
- Timing out half-open connection; and
- Dropping malformed and spoofed packets.
Have a Plan
The time between detecting and reducing the effect of a DDoS attack is a critical period during which you apply the Perimeter Defences and invoke other measures you have. This implies that you have a plan and have identified someone to take charge of implementing it.
Part of the plan must be to let your ISP know as soon as possible that you are under attack and need help. If you have outsourced your website hosting let your Managed Service Provider know as well. They can take steps to reduce the effect of the attack. If the attack is sufficiently strong, they may already have noticed.
In a hosting environment, there are two organizations responsible for security – the host and the client. The host needs to ensure that the overall hosting environment is secure. In effect, set up a DDoS protected VPS hosting environment. The client needs to ensure that malware does not find its way onto their virtual server.
Continually monitor network traffic. and Identify an Attack as Early as Possible
A DDoS attack on a web server can be recognised by changes in the normal network traffic pattern, usually large spikes in traffic. Most network management systems can be set up to issue alerts if traffic patterns change. One thing to check is that changes in traffic are not caused by something else, like a marketing event such as a sale.
How your ISP could respond is by:
- Dropping or blocking your Internet connection to protect their other customers. You will lose Internet access while the DDoS attack is running. That is why you should let them know as soon as possible; and
- Cleaning all your incoming traffic. Obvious DDoS packets are dropped before they forward hopefully legitimate ones to your web server. For massive DDoS attacks, you or your ISP will need to call in an attack specialist. DDoS Mitigation Specialists operate massive infrastructures and have access to a wide range of specialist tools, including scrubbing, to prevent your server from collapsing.
Does Captcha Prevent DDoS?
The simple answer is absolutely not. Captcha is an application that is intended to verify that a web request has been placed by a human. It does not operate at a network level that detects DDoS traffic.
DDoS attacks are a fact of web life. Because they cannot be prevented, you need a plan to reduce their effects and keep the website up and available.
Talk to us at HostSailor for a general chat about how we can help you with protecting your web server.