Businesses lose billions of dollars to malicious hackers every year, with DDoS emerging as one of the most common techniques used to attack websites. Thankfully, there are steps you can take to lessen the risk. There’s a process for implementing DDoS mitigation. This starts with understanding just what DDoS is and what it does. With that said, from a high level, you should:
- Understand the causes and effects of DDoS.
- Weigh the risks and costs of impact against cost of mitigation for a site.
- Know the difference between a DDoS attack and innocent traffic spikes.
You worked hard to establish your online presence, whether you created it with the elegantly simple GoCentral Website Builder from GoDaddy, or the robust functionality available through WordPress Hosting. Regardless of the platform, DDoS poses a real threat. Let’s take a sec to look at the ins and outs of DDoS mitigation.
What is distributed denial of service (DDoS)?
A Distributed Denial of Service (DDoS) attack is a technique focused on making a resources or services — like a website, web application or web server — unavailable. It works by overwhelming the target with traffic from multiple sources. The attacker sends multiple requests from multiple computers. The target’s resources get exhausted to the point where it cannot respond to new incoming requests.
There’s no admin access or data loss because the hackers don’t get their hands on any data on the service. All they did was deny access to other users.
A DDoS attack is not usually done by one attacker sitting at one computer. The attacker normally directs hundreds or even thousands of compromised "zombie" hosts (computers) against a single target. These zombie hosts are unwittingly recruited from the millions of unprotected devices accessing the internet through high-bandwidth, "always-on" connections.
By planting "sleeper" codes on these machines, often through malware, hackers can quickly build a legion of zombies, all waiting for the command to launch a DDoS attack. For example, a massive internet outage in October 2016 was caused by cameras, DVRs, and other devices infected with malware. Starting to understand the importance of DDoS mitigation?
What’s the impact of a DDoS attack?
OK, so service is denied. But the bad guys don’t get their hands on your data, and they never have admin access. DDoS mitigation isn’t that big a deal, right? Wrong-O. As the dust settles following a DDoS attack, victims see a negative impact in a few key areas:
If someone tries to visit the website for the first time to find it’s not available, they might think the organization is no longer in business and look for another service. Existing users might switch to an alternative provider, as they’re concerned about security issues, or simply can’t afford to have an unavailable service.
DDoS attacks usually affect both site users and owners. An attack on web or network resources can interfere with a company’s business and have unexpected costs associated with it. The unexpected cost might arise when the affected owners tries to get their service back to normal. In other cases, the revenue loss is obvious (e.g. downtime for an eCommerce business).
In some cases the DDoS attack might be a case of misdirection. By disrupting the service and attracting attention to the DDoS attack, advanced hackers use the opportunity to execute a more sophisticated attack, stealing funds, customer data, and intellectual property.
How to know if you’re targeted for a DDoS attack?
Effective DDoS mitigation starts with awareness. The result of a successful DDoS attack is always associated with the service becoming unavailable to users. But just because a service is unavailable, it doesn’t mean it’s due to a DDoS attack. Sometimes the spike in traffic might be from legitimate users. For example, referral traffic from a popular website like Reddit may take down a website that wasn’t built to handle that many visitors.
Signs of a potential DDoS attack:
- Slow or denied service continues for days, rather than a brief spike.
- Large volume of requests from a single IP address.
- Log analysis show a huge spike in traffic from suspicious sources.
- The TTL (time to live) on a ping request times out.
How do you implement DDoS mitigation?
DDoS mitigation is a set of techniques or tools lessening the impact of DDoS attacks. In the context of protecting a website from DDoS, there are several steps you can take:
- Keep an eye on web logs — You want to accurately distinguish good traffic from bad traffic, not just detect an attack, and you don’t want to mistake a spike in traffic from legitimate visitors with a DDoS attack.
- Use a hosting plan that can easily scale if traffic spikes — This is especially important for eCommerce websites that can’t afford any downtime.
- Use a website security service — A web application firewall (WAF), like the one provided by GoDaddy Website Security, powered by Sucuri is designed to protect and speed up sites. It works by inspecting traffic targeting your site. If the traffic is deemed unsafe, it’s blocked by the DDoS mitigation service.
- Use a Content Delivery Network (CDN) — A CDN distributes the burden of loading a site from a single server (i.e. the web host) to many. When traffic is sent to the website, it’s routed to the CDN server geographically closest to the requester.
How do you recover from a DDoS attack?
A DDoS attack can certainly be an unsettling experience. But it’s critical to get back on your feet to begin restoring things to normal via DDoS mitigation. Here are a few pointers for getting that done the most efficient possible way:
- Get unblocked by the hosting provider — DDoS attacks can consume bandwidth needed by other hosting customers. We sometimes call this the “noisy neighbor problem.” The web host may block the targeted website so that other customers are not affected by the DDoS attack.
- Prepare for another potential traffic spike — When the site is back online, your customers may all try to connect at once. They may have been trying to connect for the time you were down, and that pent-up demand, coming all at once, could be a problem, potentially creating an application layer DDoS effect with thousands of sessions reconnecting.
- Implement DDoS mitigation steps and get help — If you suspect another DDoS attack may occur, or if the risk of a attack isn’t worth taking, then take the DDoS mitigation steps outlined above. If you’re working with multiple client websites, consider partnering with a security specialist (or a team of security specialists) who can provide DDoS mitigation service.
DDoS mitigation means taking precautions
DDoS is one of the security threats that every website faces. DDoS mitigation requires taking steps to block bad traffic from hitting the site, as well as being able to handle spikes from traffic (good or bad) that does get through. Investing in a specialized security service like GoDaddy Website Security is one way to make the DDoS mitigation process easier to handle.