VPS and Malware Protection

matrix

One thing that preys on the mind of a Head of IT is security, both of data and intellectual property, and of the physical network itself.   Loss of either can be fatal to a business.

In 2020, malware attacks have been coming in via new attack vectors, and at an increased frequency and ferocity, Phishing is increasing because users still seem to be deaf to pleas not to click on links in their emails.

One particular threat that can bring down a server is a Distributed Denial of Service  (“DDoS”)  attack.  Hackers have been using DDoS to bring down servers and put them offline.  An extended period of downtime could be fatal for an e-commerce site.   The FBI suspects that some organizations have been orchestrating DDoS attacks to put competitors offline.

What is DDoS?

DDoS attacks are usually launched from a network of computers at different locations, often a  botnet of infected computers.  Their objective is to flood your server with service requests.    They are becoming more and more aggressive, initially using megabytes of bandwidth and, more recently, terabytes.

What is a DDoS Protected VPS?

It’s really quite simple.  A DDoS Protected VPS is a VPS server equipped with anti-DDoS measures, hardware, and software, designed to ensure the server’s continuing availability.

Why Do You Need DDoS Protection?

Protecting against malware attacks, including DDoS, is the host and their client’s joint responsibility in a hosted VPS environment. The only exception might be if the host has full management responsibility for the client environment in an outsourced operational climate.  In either case, it’s necessary to provide a DDoS protected hosting environment.

The two largest attacks in 2018 were an attack on GitHub, measured at 1.35 Terabytes per second, and an attack on an unnamed site at 1.7Tbps.   More recently, Amazon Web Services recorded an exploit at 2.3 Tbps in February 2020.

The FBI reckons that DDoS attacks account for at least one-third of all downtime.

The distribution of the bots initiating the attack often follows a successful malware download, perhaps a phishing exercise.

What can you Do for Protection?

Most organizations cannot, in all probability, stop a DDoS attack using their own resources because, by the time they recognize that an attack is underway, they are reacting to it rather than preventing it.

How to stop DDoS Attacks?

An organization might have a mitigation plan that deploys measures as soon as they detect an attack.  However, by the time they have reacted the DDoS activity can be enough to bring the server down for several hours.

There are several steps you can take to at least mitigate DDoS attacks on a VPS server:

  1. Make sure you can detect a DDos Attack early.

The quicker you recognize an attack is underway, the more likely you are to successfully survive it.   You need to be able to identify your standard traffic patterns.  You also need to distinguish between a “normal” abnormal traffic pattern and a DDoS attack starting up.   Perhaps a sudden spike in traffic is because of a marketing campaign you launched that morning.

  1. Solid Perimeter Defenses

You can do a few things to lessen the effects of a DDoS attack:

  • Provide increased bandwidth. That may give you extra time to put your other measures in place.   The attack will continue but won’t overwhelm the server.
  • Apply Rate Limits to incoming traffic to protect the Web Server.
  • Drop spoofed and malformed packets.

Understand, though, that this won’t stop an attack. All these measures are likely to do is to give you some time.

  1. External Assistance

You, or an upstream service provider, could take several actions:

  • They could drop you to protect the rest of their network. You will have no service while they sort things out.
  • You or they could divert all incoming traffic to your site to a cleaning service or a “scrubber.” The scrubber drops evident DDoS packets before forwarding hopefully legitimate ones to your web server.

Another approach, especially for massive DDoS attacks, is to call in an attack specialist.

DDoS Mitigation Specialists have a massive infrastructure and a range of specialist tools, including scrubbing, to keep your server up.  They are highly experienced in DDoS.  Their infrastructure can handle high traffic volumes.   All your incoming traffic is diverted to them for cleaning. When it is cleaned, they forward it to your website.

  • Share:
Send a Message