Being targeted by hackers and other suspicious characters is a horror scenario for every website operator. Unfortunately, it is becoming easier and cheaper to use services to make websites inaccessible for normal visitor traffic. Especially DDoS attacks are increasing more and more. In this article, you will learn what dangers exist for your website and how you can prevent DDoS attacks.
Every website operator must be aware of the danger of a DDoS attack. The abbreviation stands for "Distributed Denial of Service" and is also known as "distributed network attack": The server and other network systems of a website are deliberately overloaded and brought to their knees by requests from many devices.
Unfortunately, attacks of this kind are a widespread threat. The more popular your website is, the more likely it is that someone will try to damage your sales or reputation through a DDoS attack. This can be devastating - especially if you don't know what's going on or how to deal with it.
In today's world, it is getting easier and cheaper to buy DDoS services. As a result, businesses and websites are more at risk than ever. With the right precautions, DDoS attacks can be prevented or even stopped in their tracks.
What is a DDoS attack?
DDoS attacks briefly explained
A DDoS attack is a sudden influx of artificial traffic designed to shut down a website server and make it inaccessible to visitors. If your server receives more requests than it can handle, it slows down or crashes - so your website won't load.
For comparison: a normal denial of service (DoS) attack can originate from a single source. In contrast, a DDoS attack consists of a large number of targeted requests from dozens, hundreds or even thousands of individual devices. These are usually hijacked computers that have been hacked and secretly run malicious software in the background. Together these devices form a Botnet or a so-called zombie network.
However, botnets are not limited to computers and telephones. Tablets, security cameras or even household appliances such as Internet-enabled dishwashers, TVs, surveillance cameras or baby phones (which are often very poorly secured or not secured at all) can also form a botnet.
That's what makes a DDoS attack so perfidious. Because they are real devices at different locations, they appear as normal accesses and are difficult to distinguish from real visitors, even during an active attack.
DDoS attacks usually last a few hours at most. In severe cases, however, they can last for days. The longest DDoS attack of all time stretched over 509 hours or almost 21 days. But even the most extreme cases usually resolve themselves within a day or two: Over 80 per cent of attacks take less than four hours. More than 90 per cent are over in nine hours at the most.
What happens during a DDoS attack?
Network resources such as web servers can only process a certain number of requests simultaneously. The bandwidth of the server Internet connection and other levels of the network is also limited.
Attackers can, therefore, attack different points of attack - even simultaneously. The more complex the offensive, the more difficult it is to distinguish the attack traffic from normal requests. As a consequence, countermeasures may have a worse effect.
As soon as the number of requests for the network components exceeds the capacity limit, your website immediately comes to a standstill. Loading times increase, users have to wait longer and longer. The server may even crash completely and no longer respond to requests. If your WordPress user interface or server administration like cPanel is also located there, you won't be able to log in and access it.
Worse, however, are the consequences of a DDoS attack: it can cause considerable economic damage to affected companies and organizations. Depending on the time of sale, the fact of being unavailable for a few minutes can quickly cost tens of thousands of euros in lost profits.
The loss of image should not be underestimated. 88 per cent of users return to a website less often after a bad experience - for example extremely long loading times. Not only may you miss new visitors who may never return, but your regular customers are likely to be upset and blame you for the downtime.
If you don't manage to talk to your hoster quickly to get them to shut down the server, you could end up with terabytes of expensive bandwidth overruns.
The good news is: While DDoS attacks can have enormous consequences, they are not a direct security risk. Your website can be removed from the internet - but the login information and user names are not automatically compromised.
Why are websites targeted by a DDoS attack?
There are many reasons why you might be attacked. But the goal in each case is to make your website inaccessible to others. This can happen for various reasons:
- As a reaction to a controversial statement on your part. Or to a decision by a company with which the attacker disagrees (hacktivism).
- A competitor may decide to shut down your website during an important sales period so that only his website is accessible.
- To damage your reputation.
- To distract your IT staff while hackers break into your website. (This is a rare case where DDoS attacks can be dangerous)
- To demand a ransom.
- Or out of boredom.
It is surprisingly easy and cheap to rent a botnet and shut down a website for a short period. Other hackers have already done the preliminary work, and now anyone can buy their services temporarily.
As a result, the frequency and severity of DDoS attacks have increased sharply over time. In 2019 alone, a Increase of 180 per cent in comparison to the previous year. Whatever the motivation behind this, easier access is an important incentive for minor DDoS attacks. Fortunately, these are the easiest to stop.
How to prepare for a DDoS attack
aBeing prepared is the best remedy against attacks of this kind. Develop a plan for the worst-case scenario before anything happens. The question is not necessarily if, but when an attack on your website will happen. Therefore caution is better than leniency. Here are a few tips on how to avoid DDoS attacks.
Formulate an emergency plan
As mentioned above, the best way to encounter this threat is to be prepared. Within your IT team and developers, exactly decide what to do in case of an emergency.
Emergency plan for DDoS defence
Draw up an emergency plan that outlines exactly what everyone must do when dealing with a DDoS attack: Who is responsible for IP blocking? Who contacts the web hoster and security providers? Who monitors how and where the attack occurs?
Be prepared for an influx of customer complaints via phone, email and social media. Your visitors will want to know what's going on and why they can't access your site. Think about how to automate as many of these interactions as possible. Because your team's skills will be needed elsewhere for the duration of the attack.
Choose Managed Hosting
If you don't have a team of experienced IT professionals to deal with this issue, managed hosting is the next best thing. Choose a host that offers DDoS protection. This way, they will take care of all the technical stuff to protect your website and get it up and running as quickly as possible.
It is important to do your research. Ask your hoster if they offer DDoS protection, what exactly they do during an attack, and how they deal with bandwidth overrun charges.
Set up an uptime monitoring
The automatic monitoring of your site availability is a crucial early detection method. An uptime monitoring service notifies you by email and pushes messages within minutes if your site crashes or slows down significantly.
Your web host may offer this service from their own site. If not Pingdom a professional solution for a fee or with uptime robot a free one that pings your website every five minutes. Another solution in German is Uptrends. You will find further solutions here.
Use a Firewall and Content Delivery Network (CDN)
A Web application firewall (WAF) is one of the best defences against a DDoS attack. It transfers between your website and user requests and filters network traffic to prevent malicious access. Not only does this help protect you from hacker attacks, but it can also help restrain DDoS attacks by narrowing down requests.
If an attacker doesn't use sophisticated technology, the DDoS attack may not get through to your website. Even with partial success, a large amount of traffic will be eliminated.
To set up a firewall, you can use a service like Cloudflare (available in German) or Sucuri (English only). Unlike Sucuri, Cloudflare has a free plan with DDoS protection measures but does not include a web application firewall. If you want the best protection, unfortunately, you have to pay. You can find more providers here.
A CDN or Content delivery network can also help you with this - because a website that uses such a network is a bit more difficult to turn off. In the case of a CDN, copies of the site data on different servers are in different locations.
In this way, a comeback after a heavy load is easier. However, it is not a fail-safe solution. If your main server is under direct attack, a CDN can only reduce the impact, not stop it. Still, it is a good investment, especially since many services bundle both CDN and DDoS protection in their packages.
What to do during a DDoS attack?
Whether you are reading this while an attack is happening or just to prepare for the worst-case scenario: Here are some tips on what to do if your website is attacked. You can't always do something to stop an attacker once he has you in his sights, but you're not completely powerless either.
1. Don't panic
It can be frightening to receive an email saying that your website is no longer available. A mailbox full of user complaints is just as unpleasant. You try to visit or log in to your website - and it simply refuses to load. Panic sets in.
But even if it is an unpleasant situation, DDoS attacks are not dangerous per se. Your data is still secure, your login has not been hacked. You should, of course, be vigilant and make sure that in all the excitement no one tries to hack your administrator account with brute force. But a DDoS attack alone is only a threat to your reputation and nothing else.
Regardless of whether you are prepared or you are dealing with it for the first time: At a certain point, there's nothing to do but wait. A DDoS attack costs the instigator money and resources, so it won't go on forever.
Only very large and prominent companies are likely to be exposed to protracted attacks. The chances are that in a few hours everything will be over. Follow the steps below and do not stress yourself otherwise.
2. Tell your web host
In case of a DDoS attack, you should contact your hosting provider - as soon as possible - to inform them about the situation. If you haven't already done so, ask them about overdraft fees and DDoS protection measures. If he offers something like that, he will quickly get to work to stop the attack.
Even if this is not the case, you will know what (if anything) the attack will cost you. Also, the provider can shut down your server if the situation lasts too long.
Bandwidth overruns can be expensive and traffic from hijacked computers flows fast. Talk to your host as soon as possible and - if you haven't already done so - look for one that offers DDoS prevention and emergency services as a package.
3. Set up a CDN and a firewall
If your server does not have a CDN and firewall set up yet, now is a good time to do so. Security service providers will be happy to help you and will often work directly with you to block malicious traffic immediately.
Sucuri and Cloudflare are the two most popular DDoS prevention services. Once you put them into operation, their automatic measures should take effect immediately and reduce the impact of the attack. In German-speaking countries, there are also Akamai.
If you do not see any results, activate the "Under Attack Mode"from Cloudflare or contact your provider and ask for additional support.
4. Use geo-blocking and IP-blocking
You can also manually improve the situation by blocking IP addresses that do not belong to real visitors. IP addresses are the unique identifier given to each device on the Internet.
If a particular IP visits your website dozens, hundreds or thousands of times during an active attack, simply block it. Then the device cannot cause any further damage and is simply rejected. So you can fix part of the problem yourself.
Your hosting provider may offer an IP blocker for such purposes. Alternatively, you can simply use the IP blocking feature of RAIDBOXES. You can find it via your BOXsettings:
Geo-blocking also is a good solution because it blocks IP addresses from all over the world. This is very suitable if a large part of the data traffic mainly comes from certain countries. This feature is part of many WordPress security plugins. There are also extensions like IP2Location Country Blockerwhich can be used specifically for this purpose.
IP blocking is not that effective because the attacker may simply change his address and flood your website with requests again. But it's worth a try.
Web application firewalls offer a lot of functions automatically. But you can also doublecheck if it is possible to block proxies, turn on access restrictions, or enable existing IP access control lists.
Conclusion: Prevent DDoS attacks effectively
Unfortunately, if someone is determined enough and has all the required resources, it is impossible to stop that person from launching a DDoS attack against your website. This does not mean that you should just sit back and relax. You can take numerous steps to stop the majority of minor attacks and minimize the outcomes.
Even if someone wants to take revenge on your company, they will not be able to hold out for long without paying outrageous sums of money. Compared to the damage they have done, it's usually not worth it. Ultimately, every DDoS attack must end - if it's because the attacker gets bored.
A firewall, a CDN and a quality hosting provider are your best way to prevent DDoS attacks. Take precautions before the worst happens. Draw up a plan to make sure everything is under control as quickly as possible.