Unfortunately, distributed denial of service (DDoS) attacks are becoming increasingly common among websites across the globe.
These attacks can lead to massive downtime and outages, in addition to access challenges and other serious problems. And contrary to what some people may believe, sites of any size can be brought down or otherwise affected by a DDoS attack.
It doesn’t matter how large or small your site is; knowing how DDoS attacks work and how to best protect your site from falling victim is key in today’s increasingly dangerous cyber world.
Understanding the Anatomy of a DDoS Attack
There are several different types of DDoS attacks, but the main similarity between all of them is that these attacks aim to interrupt service to a website by essentially flooding the server with “fake” traffic. The large amounts of generated traffic overwhelm the server, which can cause the site to experience significant slow-downs or even a complete outage due to server downtime.
To better understand DDoS attacks and their many components, it’s important to first learn a few of the most common types of DDoS attacks used on today’s websites. These include resource depletion attacks, zero-day attacks and volumetric attacks.
Volumetric attacks are the most commonly deployed. These are also known as flooding attacks, and they are aptly named because these attacks have a primary focus on overwhelming and bombarding a site’s server to the point that it can no longer keep up with the sheer number of traffic requests. The size of these attacks can vary greatly, with some being recorded as large as several hundred gigabytes per second. As you’ll learn in the next section, these attacks can be large and comprehensive enough to take down some of the largest and most protected servers on the planet.
Resource depletion attacks are also rather common, though not as common as volumetric attacks. Unfortunately, when these attacks do occur and are successful, the consequences can be far-reaching. Not only can a site’s server experience complete downtime as a result of a resource depletion attack, but it is also possible that the site’s speed will be affected even after the server itself goes back up. This can lead to a whole host of headaches for the website owner or admin, and the aftermath can be costly.
Zero-day attacks are probably the least common type of DDoS attack used these days, but they can still occur at any time. These attacks focus on finding vulnerabilities in a website and taking advantage of them to take the site down. Often, these attacks are successful when the server admin has not been keeping up with basic maintenance and security tasks, such as checking for updates and installing patches as needed.
These are just a handful of some of the most common types of DDoS attacks that have been seen in recent years. As mentioned, volumetric attacks tend to be the largest and most powerful in size, giving them the ability to take down large websites.
In the past couple of years alone, many major websites and organizations have been affected by DDoS attacks. These attacks have resulted in hours of downtime, endless technical issues and expensive losses for the respective organizations affected.
One major attack occurred in July of 2016 when the United States Library of Congress server was hit by a large DDoS attack. This attack took down the entire government website and had even further-reaching consequences, such as preventing Library of Congress employees from being able to access their work emails and log-ins.
Also in July 2016, the popular game/app known as Pokemon Go! was affected by a large DDoS attack shortly after the game was launched. This was probably one of the most far-reaching DDoS attacks on record, as users in at least 26 countries were affected by the attack itself. Shortly after the attack, a group took credit and threatened that an even larger attack would be carried out later on, though no such attack has yet been seen on the Pokemon Go! servers.
Earlier in 2016, the BBC website became victim of a DDoS attack of unprecedented size. At 602 gigabytes per second, this attack on the BBC website was one of the largest on record, and it is unlikely that any website (regardless of its security measures) would have been unaffected by an attack of that caliber. As a result of the attack, the site saw many hours of downtime.
These are just a few examples of some the most notable and recent DDoS attacks that have affected major players across the globe. This really drives the point home that websites of all sizes and levels of security can fall victim to a DDoS attack if there are vulnerabilities, or if the attack is large enough.
It is important for website owners and server administrators to understand the far-reaching impacts that a DDoS attack can have on a website. One of the worst things that can happen as a result of a DDoS attack would be website downtime, a situation where the attack is large enough that it completely overwhelms the site’s servers and causes them to go down indefinitely. This, of course, can have its own consequences depending on the nature of the site. For just about any site, downtime can have an effect on reputation. When visitors attempt to visit a site but receive a denial of service error, they may feel unsafe coming back to the site in the future.
And of course, for sites that rely on web traffic for any type of revenue or profit, the consequences of downtime associated with a DDoS attack can be staggering. Sites that generate ad revenue from visitors may find that they experience hours or even days (depending on how long it takes to restore service after the attack) of lost profits. The same goes for e-commerce sites, where a site may go days without making a sale as a result of an attack. In this sense, these attacks can have a serious impact on the site’s ability to bring in revenue.
One common question website admins tend to have about DDoS attacks is, “just where are these attacks coming from?” Unfortunately, many hackers and others who carry out these attacks are able to remain anonymous, so unless they come forward and take credit for the individual attacks themselves, it can be difficult or even impossible to “track down” the source. What is known about DDoS attacks is that between the years of 2015 and 2016, occurrences of these attacks rose an unprecedented 140% (and this is just referring to attacks of 100 gigabytes per second or larger). Unfortunately, as more websites continue to be launched and more people are using the Web, it is only likely that the rate of these attacks will continue to rise unless more website owners take the necessary precautions to reduce their risks.
Fortunately, if you’re a website owner or admin and are looking for ways to protect your site, there are plenty of steps you can take that don’t need to cost you a lot of time or money.
Perhaps the best preventative measure you can take when it comes to DDoS attacks is that of selecting your hosting company wisely. These days, many hosting companies actually offer DDoS protection that you can add to your account. Protection can vary based on the size of the attack you wish to have coverage against. For example, some hosting companies have begun to offer dedicated servers that include free “standard” protection for small attacks of up to 10 gigabytes per second. While this is helpful, this level of protection may simply not be enough for more popular sites that could become targets of much larger attacks.
For this reason, if you’re shopping for a server with DDoS protection, it’s important to carefully consider how much protection you need to purchase accordingly. Many hosting companies will offer DDoS protection packages for coverage against attacks of up to 100 gigabytes per second or greater.
How does DDoS protection work? It’s actually quite simple. With DDoS protection in place, your site’s server is able to quickly filter through web traffic requests as they come in. This allows the server to deny any requests that are suspicious while continuing to allow your legitimate website traffic through without delay. DDoS protection is probably the simplest and most effective step you can take to reduce your chances of falling victim to downtime or other problems associated with DDoS attacks.
In addition to going out of your way to purchase at least some basic level of DDoS protection, it’s also important that you take any feedback you receive about your website seriously. For example, if you begin to notice that you’re receiving a lot of complaints from visitors about your site’s pages loading slowly, or about being unable to access certain pages of the site, then you need to take a step back and consider the fact that you could be experiencing a DDoS attack (or, the very least, an attempt). This is yet another reason why allowing website users to easily reach out to you and contact you with site feedback is important. Of course, feedback is only useful when you take the time to read it and take it seriously. If you don’t already have an easy option for website users to contact or reach out to you, now is a good time to set it up.
Aside from receiving feedback from website visitors about slow page loading times or an inability to access your site, there are some other “red flags” you’ll want to be on the lookout for that could indicate that your site is experiencing a DDoS attack. All too often, website owners will overlook the occasional slow-to-load page as a glitch, but this could very well be a sign of an attack. Unfortunately, many site owners will not experience the same obvious signs of a problem that site visitors will. This is because site admins will have saved cache, cookies and other stored data that may allow the site to appear to run normally, even when it’s not running properly for its other visitors.
It’s also worth noting that if your site is down, your visitors will not have an easy way of getting in touch with you to let you know via your site’s contact form. This is why having a strong social media presence is also a good idea for security purposes. During a DDoS attack, your usual site visitors can still use social media to get ahold of you and communicate the problems to you. Likewise, you can use social media platforms to communicate to your site visitors about the attack and the timeline you anticipate for having your site back up and running.
If you think your site is experiencing a DDoS attack, there are several important steps that need to be taken. The first and perhaps most important step to take is to let your hosting company know about the attack (or the suspected signs of an attack) right away. This will allow them to further investigate and determine what’s going on. And of course, if your site is experiencing any downtime as a result of the attack, the sooner your hosting company is informed, the sooner they can get your site back up and running as normal.
In addition to letting your hosting company know about the attack, you’ll also want to find an outlet for communicating with your site users. Putting up a temporary error page on your site will let users know that your site is still safe and secure, but you’re experiencing some temporary downtime. This will give visitors peace of mind and will encourage them to check back later, rather than letting them jump to conclusions and assume that your site is no longer safe to visit. If you have a social media page for your site or business, this would also be a good time to send out an announcement on your page so visitors can be informed of what’s going on. You don’t necessarily need to disclose that you’ve fallen victim to a DDoS attack; simply letting users know that your server is temporarily down will suffice.
And of course, if you don’t already have some form of DDoS protection in place, now would be a good time to add this to your hosting account. If you do have protection in place, but the attack you experienced was greater than your protection level, this could also be a sign that it’s time to upgrade your protection.
Even the largest of websites can fall victim to a DDoS attack, so make sure you’re taking the necessary precautions.