What is DDoS and How to Protect Your Website?
There are different ways to hack a website, but one of the most popular and easiest ways is the DDoS (distributed denial of services) attack that makes your website unavailable for visitors interrupting or suspending services of the web host company connected to the Internet. A DDoS attack is the distributed attack of a DoS hack where usually are involved more than one unique IP addresses.
Hackers often target sites or services such as banks, credit card payment gateways, but also business or personal websites for revenge, blackmail, and activism.
DDoS attacks is illegal in the US and other countries, so I recommend against using it! Although you can find and purchase services that will perform a DDoS attack against someone’s website, you should never use such service, moreover, you should rapport these websites to your local police.
Example – What is DDoS Attack?
Anyone can make a DOS attack, you only need a good computer and internet bandwidth and you can use your browser by entering multiple times on the same time website and automatically refreshing using an add-on/ plugin/ extension at every couple of seconds. Most of the web hosts will not have a problem with this small exemplified DoS attack, but if you ask friends to join you this will be a DDoS and you will use more resource and eventually there is the possibility that the targeted website to be unavailable.
Statistics – Who is the Most Targeted?
As mentioned before, DDoS is an illegal activity, however there are people who will attack any website or network of your choice for $150. I’m not aware of such services, but some time ago I came across some forum posts where people were offering such services. Obviously these websites are taken down and authorities are trying to find the authors of such posts.
China, the USA, and Canada are the most targeted web resources in 2015 followed by Russia, Vietnam, South Korea, Germany, France, The Netherlands and Hong Kong in the top ten.
Most of the attacks are launched Thursday and they last more than 4 hours, Linux being used to launch attacks more often than Windows.
Symptoms – How to Determine if Your Site is Under Attack?
There is a list of symptoms for DDoS attacks, but it isn’t too accurate because the same symptoms may appear if your web host has hardware or Internet issues:
- Unusually slow loading of the website or of the features of the website;
- Unavailable website connection;
- Unusually high number of emails received;
- Unusually a high number of accounts, posts, topics and other spam activities.
How to Protect Your Site Against DDoS Attacks?
Even if you only have a personal website it is better to protect your investment because there are people who launch DDoS attacks for revenge or just to test the web host and the type of the DDoS attack they use.
There are several ways to protect your website from DDoS attacks such as
- Choosing the proper Internet Service Provider (ISP) that has the proper hardware and has a contract agreement with your web host. Usually, ISP provides DDoS mitigation and even you have more ISP for your web host you can maximize uptime and protect your network links.
- Having a cloud mitigation provider that offers you DDoS mitigation from the cloud having a lot of bandwidth and mitigation capacity and your own data will be safely saved in one or more internet clouds. Cloud mitigation providers have a team composed by security engineers and researchers who are working to protect their customers against DDoS attacks.
- Using routers, switches and firewalls you can stop simple ping attacks and stop invalid IP addresses filtering non-essential protocols and they provide automatic rate limiting, delayed binding, traffic shaping, Bogon filtering and deep packet inspection
- Having a properly configured server applications you can minimize the damage of a DDoS attack, especially if an administrator defines what resources an application can use and also makes real-time updates in case of an attack.
- Using an intrusion-detection system (IDS) to detect anomalies regarding traffic, but this isn’t an automated system and you need manually to activate it.
- Buying excess bandwidth can handle various spikes in the traffic.
- Using an application front end hardware that analyzes data packets and identifies the regular, priority or dangerous ones.
- Using DDS based defense that can block connection based DoS attacks and address protocol attacks.
- Using an application level Key Completion Indicators to indicate if an incoming traffic is legitimate or not.
- Using a blackholing process that sends all the attacks to a null interface.
- Using a sinkholing process that routes traffic and rejects bad packets.
- Having a cleaning center that uses various methods such as proxies, tunnels, and circuits separating legitimate traffic from the bad one.
- Using the IP verify unicast reverse-path that verifies each packet received for DDoS attacks.
- Dumping the logs because your web server logs can’t tell the difference between good traffic and bad traffic and the log files are becoming too large.
- Capturing evidence using a Linux workstation that can process the flow of packets and the snoop program to capture them.
- Contacting law enforcement and asking them to help you.
There are many software that can help you protect your website against DDoS attacks such as:
- CloudFlare that offers protection against DoS attacks of all forms and sizes, support, Anycast for DNS and TCP, absorption of attacks before they overload your server, mitigation of apps and volumetric attacks, uptime, global, distributed network, automatic learning and legitimate traffic. CloudFlare defended more than 2 million websites and the largest DDoS attack stopped was about 600Gbps.
- DDoS Protector that blocks DoS attacks within seconds with multi-layered protection and offers up to 40 Gbps of performance. This software also uses new techniques and traditional ones in order to block a wide range of attacks having advanced challenge techniques, behavioral protection, and automatically signatures.
- FortiWeb Application Firewall offers multiple DoS and DDoS-specific protection policies, network and application layer protection, HTTP and HTTPS protection, sophisticated botnet challenge and response protection and Geo IP Analysis.
- Secure64 DNS Authority offers DNS DDoS mitigation protecting DNS servers and bandwidth. In addition, Secure64 DNS Authority can detect the high volume of DDoS attacks allowing you to ensure the availability of your DNS even while attacks, eliminating the overprovision and the need for dedicated network security equipment.
- FortGuard Anti-DDoS Firewall offers you the most accurate highest performance protection against attacks, built-in IPS, protection against SYN, arp spoofing, port scan, SQL injection and TCP Flooding, real-time visibility of the attack, TCP flow control, packets filtering, IP whitelist and blacklist, Proxy management and log records.
All these ways to defend against DDoS attacks will help your website to continue its operations through a DDoS attack if it is the case.