What Is a DDoS Attack - and How Can You Effectively Prevent It?

Nick Schäferhoff Last updated 20.10.2020
10 Min.
DDoS Attack
Last updated 20.10.2020

Being targeted by hackers and other suspicious characters is a horror scenario for every website operator. Unfortunately, it is becoming easier and cheaper to use services to make websites inaccessible for normal visitor traffic. Especially DDoS attacks are increasing more and more. In this article, you will learn what dangers exist for your website and how you can prevent DDoS attacks.

Every website owner needs to be aware of the danger posed by a DDoS attack. The abbreviation stands for "Distributed Denial of Service" and is also referred to as a "distributed network attack". Here, the server and other network systems of a website are deliberately overloaded by requests from many devices and brought to their knees.

Unfortunately, attacks of this kind are a widespread threat. The more popular your website is, the more likely it is that someone will try to damage your sales or reputation through a DDoS attack. This can be devastating - especially if you don't know what's going on or how to deal with it.

In today's world, it is getting easier and cheaper to buy DDoS services. As a result, businesses and websites are more at risk than ever. With the right precautions, DDoS attacks can be prevented or even stopped in their tracks.

What is a DDoS attack?

DDoS attacks briefly explained

A DDoS attack is a sudden influx of artificial traffic designed to shut down a website server and make it inaccessible to visitors. If your server receives more requests than it can handle, it slows down or crashes - so your website won't load.

By comparison, a normal denial-of-service (DoS) attack can originate from a single source. In contrast, a DDoS attack consists of a large volume of targeted requests from dozens, hundreds, or even thousands of individual devices. These are usually hijacked computers that have been hacked and are secretly running malicious software in the background. Together, these devices form a botnet or zombie network.

botnet illustration
How a botnet works

However, botnets are not limited to computers and telephones. Tablets, security cameras or even household appliances such as Internet-enabled dishwashers, TVs, surveillance cameras or baby phones (which are often very poorly secured or not secured at all) can also form a botnet.

This is also what makes a DDoS attack so perfidious. Because they involve real devices at different locations, they appear as normal accesses and are difficult to distinguish from real visitors - even during an active attack.

DDoS attacks usually last a few hours at most. In severe cases, however, they can last for days. The longest DDoS attack ever lasted 509 hours, or almost 21 days. But even the most extreme cases usually resolve themselves within a day or two: More than 80 percent of attacks last less than four hours. More than 90 percent are over after nine hours at the latest.

stats-duration-dos-attack
Report on distribution of DDoS attacks by duration (in hours) in Q3 and Q4 2019.

What happens during a DDoS attack?

Network resources such as web servers can only process a certain number of requests simultaneously. The bandwidth of the server Internet connection and other levels of the network is also limited.

Attackers can, therefore, attack different points of attack - even simultaneously. The more complex the offensive, the more difficult it is to distinguish the attack traffic from normal requests. As a consequence, countermeasures may have a worse effect.

What Is a DDoS Attack - and How Can You Effectively Prevent It?
The OSI model explained

As soon as the number of requests to the network components exceeds the capacity limit, your website immediately starts to falter. Loading times increase, users have to wait longer and longer. Eventually, the server may even crash and stop responding to requests altogether. If your WordPress user interface or server administration, such as cPanel, are also located there, you will no longer be able to log in and access them.

Worse, however, are the consequences of a DDoS attack: it can cause considerable economic damage to affected companies and organizations. Depending on the time of sale, the fact of being unavailable for a few minutes can quickly cost tens of thousands of euros in lost profits.

The loss of image should also not be underestimated. 88 percent of users are less likely to return to a website after a bad experience - for example, extremely long load times. Not only might you miss out on new visitors who may never return, but your regular customers are likely to be annoyed and blame you for the downtime.

If you don't manage to quickly talk to your host to get them to shut down the server, you could end up sitting on terabytes of expensive bandwidth overages.

The good news is: While DDoS attacks can have enormous consequences, they are not a direct security risk. Your website can be removed from the internet - but the login information and user names are not automatically compromised.

Why are websites targeted by a DDoS attack?

There are many reasons why you might be attacked. But the goal in each case is to make your website inaccessible to others. This can happen for various reasons:

  • As a reaction to a controversial statement on your part. Or to a decision by a company with which the attacker disagrees (hacktivism).
  • A competitor may decide to shut down your website during a key sales period, leaving only their website accessible.
  • To damage your reputation.
  • To distract your IT staff while hackers break into your website. (This is a rare case where DDoS attacks can be dangerous)
  • To demand a ransom.
  • Or out of boredom.

It is surprisingly easy and cheap to rent a botnet and shut down a website for a short period. Other hackers have already done the preliminary work, and now anyone can buy their services temporarily.

As a result, the frequency and strength of DDoS attacks has increased sharply over the course. In 2019 alone, there was a 180 percent year-over-year increase. Whatever the motivation behind it, easier access is a major incentive for smaller DDoS attacks. Fortunately, these are the easiest to stop.

How to prepare for a DDoS attack

aBeing prepared is the best remedy against attacks of this kind. Develop a plan for the worst-case scenario before anything happens. The question is not necessarily if, but when an attack on your website will happen. Therefore caution is better than leniency. Here are a few tips on how to avoid DDoS attacks.

Formulate a contingency plan

As mentioned above, the best way to encounter this threat is to be prepared. Within your IT team and developers, exactly decide what to do in case of an emergency.

Contingency plan for DDoS defense

Draw up an emergency plan that outlines exactly what everyone must do when dealing with a DDoS attack: Who is responsible for IP blocking? Who contacts the web host and security providers? Who monitors how and where the attack occurs?

Be prepared for an influx of customer complaints via phone, email and social media. Your visitors will want to know what's going on and why they can't access your site. Think about how to automate as many of these interactions as possible. Because your team's skills will be needed elsewhere for the duration of the attack.

Choose Managed Hosting

If you don't have a team of experienced IT professionals who can deal with this issue, managed hosting is the next best option. Choose a host that offers DDoS protection measures. That way, they'll take care of all the technical stuff to protect your website and get it back up and running as quickly as possible.

It is important to do your research. Ask your hosting provider if they offer DDoS protection, what exactly they do during an attack, and how they deal with bandwidth overrun charges.

Set up uptime monitoring

The automatic monitoring of your site availability is a crucial early detection method. An uptime monitoring service notifies you by email and pushes messages within minutes if your site crashes or slows down significantly.

Your web host may offer this service out of the box. If not, there is a paid, professional solution with Pingdom or a free one with Uptime Robot, which pings your website every five minutes. Another German solution is Uptrends. You can find more solutions here.

Use a firewall and a Content Delivery Network (CDN)

A web application firewall (WAF) is one of the best defenses against a DDoS attack. It sits between your website and user requests, filtering network traffic to exclude malicious access. This not only helps protect against hacker attacks, but can also contain DDoS attacks by limiting requests.

web-application-firewall-diagram
How a Web Application Firewall Works

If an attacker doesn't use sophisticated technology, the DDoS attack may not get through to your website. Even with partial success, a large amount of traffic will be eliminated.

To set up a firewall, you can try a service like Cloudflare (available in German) or Sucuri (English only). Cloudflare , unlike Sucuri, has a free plan with DDoS protections, but it doesn't include a web application firewall. If you want the best protection, you'll have to pay, unfortunately. You can find more providers here.

A CDN, or Content Delivery Network, can also help you with this - because a website that uses such a network is a bit harder to take down. With a CDN, copies of site are on different servers in different locations.

content-delivery-network-chart
Local Server vs. Content Delivery Network

This way, a comeback after a heavy load is easier. However, it is not a fail-safe solution. If your main server is under direct attack, a CDN can only reduce the impact, not stop it. Still, it's a good investment, especially since many services bundle both a CDN and DDoS protection in their packages.

What to do during a DDoS attack?

Whether you are reading this while an attack is happening or just to prepare for the worst-case scenario: Here are some tips on what to do if your website is attacked. You can't always do something to stop an attacker once he has you in his sights, but you're not completely powerless either.

1. Don't panic

It can be scary to receive an email saying your website is down. A mailbox full of user complaints is equally unpleasant. You try to visit your website or log in - and it just refuses to load. Panic sets in.

But even if it is an unpleasant situation, DDoS attacks are not dangerous per se. Your data is still secure, your login has not been hacked. You should, of course, be vigilant and make sure that in all the excitement no one tries to hack your administrator account with brute force. But a DDoS attack alone is only a threat to your reputation and nothing else.

Regardless of whether you're prepared or you're dealing with it now for the first time: At a certain point, there's nothing to do but wait. A DDoS attack costs the instigator money and resources, so it won't last forever.

Only very large and prominent companies are likely to be subjected to protracted attacks. Chances are, it will all be over in a matter of hours. Follow the steps below and don't stress about anything else.

2. Tell your web host

In case of a DDoS attack, you should contact your hosting provider as soon as possible to inform them about the situation. If you haven't already done so, ask him about overdraft fees and DDoS protection measures. If they offer something like that, they'll get to work quickly to stop the attack.

Even if this is not the case, you will know what (if anything) the attack will cost you. Also, the provider can shut down your server if the situation lasts too long.

Bandwidth overages can be expensive and traffic from hijacked computers flows quickly. Talk to your host as soon as possible and - if you haven't already - look for one that offers DDoS prevention and emergency services as a package.

3. Set up a CDN and a firewall

If you don't already have a CDN and firewall set up on your server, now is a good time to do so. Security service providers will be happy to help and will often work directly with you to block the malicious traffic immediately.

Sucuri and Cloudflare are the two most popular DDoS prevention services. Once you have them up and running, their automatic measures should kick in immediately and reduce the impact of the attack. In German-speaking countries, there is also Akamai.

If you don't see any results, activate the "Under Attack Mode"of Cloudflare or contact your provider and ask for additional support.

4. Use geo-blocking and IP-blocking

You can also manually improve the situation by blocking IP addresses that do not belong to real visitors. IP addresses are the unique identifier given to each device on the Internet.

If a particular IP visits your website dozens, hundreds or thousands of times during an active attack, simply block it. Then it won't be able to do any further damage and will simply be rejected. This way you can fix part of the problem yourself.

Your hosting provider may offer an IP blocker for such purposes. Alternatively, you can simply use the IP blocking feature of RAIDBOXES. You can find it via your BOXsettings:

rb_ip_blocking
IP blocking function in the RAIDBOXES dashboard

Geo-blocking is also a good solution. Here, IP addresses from entire parts of the world are blocked across the board. This is very suitable if a large part of the data traffic comes mainly from certain countries. This feature is part of many WordPress -security-Plugins. There are also extensions like IP2Location Country Blocker that can be used specifically for this.

IP blocking is not that effective because the attacker may simply change his address and flood your website with requests again. But it's worth a try.

Web application firewalls offer a lot of functions automatically. But you can also doublecheck if it is possible to block proxies, turn on access restrictions, or enable existing IP access control lists.

Conclusion: Effectively prevent DDoS attacks

Unfortunately, if someone is determined enough and has all the required resources, it is impossible to stop that person from launching a DDoS attack against your website. This does not mean that you should just sit back and relax. You can take numerous steps to stop the majority of minor attacks and minimize the outcomes.

Even if someone wants to take revenge on your company, they will not be able to hold out for long without paying outrageous sums of money. Compared to the damage they have done, it's usually not worth it. Ultimately, every DDoS attack must end - if it's because the attacker gets bored.

A firewall, a CDN and a quality hosting provider are your best way to prevent DDoS attacks. Take precautions before the worst happens. Draw up a plan to make sure everything is under control as quickly as possible.

What questions do you have for Nick about DDoS attacks?

Feel free to use the comment function. You want to be informed about new articles and tips for more security? Then follow us on Twitter, Facebook or via our newsletter.

Nick Schäferhoff is an online entrepreneur, marketing expert and professional blogger. He first got involved with WordPress when he required a website for his start-up. Since then, he can't get away from it. When he's not building websites, writing blog articles or helping his clients, he enjoys playing sports and travelling with his wife.

Related articles

Comments on this article

Post a comment

Your email address will not be published. Required fields are marked with *.