A distributed denial of service (DDoS) attack can happen to anyone, anytime. If you have a website running on a dedicated web server, it is important to understand what a DDoS attack is, how to identify it, and what to do to stop and prevent it.
What is a DDoS attack?
What is a DDoS attack?
A distributed denial of service attack is when a hacker uses a botnet to send a huge number of HTTP requests to your web server in a very short period of time.
A botnet is a very large network of computers on the Internet that are infected with a virus that turns them into a relay for hacker’s software. Most computers in a botnet are ordinary computers infected with a virus, and the user does not even realize it.
During normal operation, a web server presents your web page to visitors as follows:
- A person enters your URL into their web browser.
- The web browser issues an HTTP request to the website URL.
- Your ISP’s DNS servers resolve the URL to the correct IP address of the web server.
- An HTTP request is sent over the Internet to a web server.
- The web server uses the page requested in the URL to find the correct HTML file.
- The web server responds with all content contained in this HTML file.
- The user’s browser receives the HTML file and displays the page to the user.
Most web servers are equipped with a processor and networking hardware to handle the average expected traffic per day. For some websites, this can be up to one hundred thousand or even a million visitors per day.
However, a hacker hoping to attack your website with a DDoS attack would use a botnet of millions of computers around the world to send thousands of HTTP requests per second to your web server.
Since your web server is not designed for this amount of traffic, it will respond to your regular visitors with a “Service not available” error message. This is also known as HTTP Error 503.
On the rare occasion that your site is running on a very small web server with few resources available, the server itself actually freezes or crashes.
How to identify a DDoS attack?
How to recognize a DDoS attack?
How do you know if your site just went offline due to a DDoS attack? There are several obvious symptoms.
Usually the HTTP 503 error described above is a clear sign. However, another sign of a DDoS attack is a very large leap in bandwidth.
You can view this by logging into your account on your web host and opening cpanel. Scroll down to the Logs section and select Bandwidth.
On a graph of normal throughput over the past 24 hours, the line should be relatively constant except for a few small spikes.
However, a recent disproportionate jump in bandwidth that has remained high for an hour or more is a clear sign that you are facing a DDoS attack on your web server.
If you think you have determined that a DDoS attack is happening, it is important to act quickly. These attacks consume most of the network bandwidth, and if you paid for a hosting provider, that means that their data server will experience the same bandwidth surge. This can negatively affect their other clients as well.
How to stop a DDoS attack
How to stop a DDoS attack
There is nothing you can do yourself if you are faced with a DDoS attack. But by calling your web hosting provider, they can immediately block all incoming HTTP requests directed to your web server.
This instantly reduces the load on your web server so that the server itself doesn’t crash. It also prevents the attack from negatively affecting other customers of the hosting provider.
The next step is to wait until the DDoS attack ends.
Such an attack really requires significant resources from hackers. Usually someone who wanted to shut down your site pays for the attack. These payments are intended for an attack that lasts for a specific period of time, from an hour to several hours.
The good news is that the attack will be over. The bad news is that by blocking all traffic to your web server before the attack is complete, the person who wanted to shut down your website essentially won.
How to counter a DDoS attack
How to Beat a DDoS Attack
Unfortunately, DDoS attacks are an easy and inexpensive way to shut down a website for a short period of time.
Attacks are never permanent, but they are designed to send a message. This means that what you posted on your website upset someone so much that they were willing to pay hackers to attack your site.
If you are performing an important online transaction, such as a large business, and you want your site to be protected from DDoS attacks, this is possible, but not cheap.
DDoS Protection Services work by creating a kind of counter botnet that is larger than the botnet performing the DDoS attack. This creates a distributed response to incoming HTTP requests, even if there are hundreds of thousands or millions of such requests.
A monthly service fee is charged with these services. But if you are a frequent victim of DDoS attacks, these DDoS protection services may well pay off.
DDoS attacks can be a minor nuisance at best, leading to several hours of website downtime. In the worst case scenario, it can cost you significant loss of online business, not to mention a decrease in the number of customers who trust your site.
Understanding how to identify a DDoS attack and how to stop it can reduce downtime and reduce the time it takes for you and your hosting provider to recover from it.