A distributed denial of service (DDoS) attack can happen to anyone, at any time. If you have a website that’s running on a dedicated web server, it’s important to understand what a DDoS attack is, how to identify it, and what to do to stop and prevent it.
WhatIs a DDoS Attack?
A distributed denial of service attack is when a hacker uses a botnet to send your web server an overwhelming number of HTTP requests in a very short period of time.
Abotnet is a very large network of computers across the internet thatare infected with a virus that transforms them into a relay for thehacker’s software. Most computers on a botnet are regular computersthat have become infected by a virus, and the user doesn’t evenrealize it.
Duringnormal operation, a web server provides your web page to visitors asfollows:
- A person types your URL into their web browser.
- The web browser issues an HTTP request to the website URL.
- Your ISP’s DNS servers converts the URL into the correct IP address of the web server.
- The HTTP request gets directed across the internet to the web server.
- The web server uses the page requested in the URL to find the correct HTML file.
- The web server responds with all of the content contained in that HTML file.
- The user’s browser receives the HTML file and displays the page to the user.
Mostweb servers are sized with CPU and network hardware to handle theaverage expected traffic per day. For some websites, that could be upto a hundred thousand, or even a million visitors in one day.
However,a hacker hoping to attack your website with a DDoS attack willutilize a botnet of millions of computers from around the world, tosend thousands of HTTP requests per second to your web server.
Since your web server wasn’t sized for that volume of traffic, the web server will respond to your regular website visitors with the error message, Service Unavailable. This is also known as HTTP error 503.
Inrare cases where your site is running on a very small web server withfew available resources, the server itself will actually freeze orcrash.
How To Identify a DDoS Attack?
Howdo you know if your website just went down because of a DDoS attack?There are a few symptoms that are a dead giveaway.
Usually,the HTTP Error 503 described above is a clear indication. However,another sign of a DDoS attack is a very strong spike in bandwidth.
You can view this by logging into your account with your web host and opening Cpanel. Scroll down to the Logs section and select Bandwidth.
Anormal bandwidth chart for the last 24 hours should show a relativelyconstant line, with the exception of a few small spikes.
However,a recent disproportionate spike in bandwidth that remains high overan hour or more is a clear indication that you’re facing a DDoSattack against your web server.
If you believe you’ve identified a DDoS attack in progress, it’s important to act fast. These attacks consume a lot of network bandwidth and if you’ve paid for a hosting provider, that means their data server will experience the same spike in bandwidth. This can have an adverse impact on their other customers as well.
How To Stop a DDoS Attack
There is nothing you can do yourself if you’re facing a DDoS attack. But by calling your web hosting provider , they can immediately block all incoming HTTP requests headed toward your web server.
Thisinstantly relieves the demand on your web server, so that the serveritself won’t crash. It also prevents the attack from adverselyaffecting the hosting provider’s other customers.
Thenext step is to wait until the DDoS attack is over.
Suchan attack actually requires significant resources for hackers.Usually, the attack is paid for by someone who wanted to shut yourwebsite down. These payments are for an attack that last a specificperiod of time, from an hour to several hours.
Thegood news is that there will be an end to the attack. The bad news isthat by blocking all traffic to your web server until the attack isover, the person who wanted to shut down your website essentiallywon.
How To Beat a DDoS Attack
Unfortunately,DDoS attacks are a simple and inexpensive way to shut down a websitefor a short period of time.
Theattacks are never permanent, but they’re intended to send amessage. It means that something you’ve published on your websiteupset someone enough that they were willing to pay hackers to attackyour site.
Ifyou run a critical online operation such as a large business, andneed your site to be resistant to DDoS attacks, it’s possible butit isn’t cheap.
DDoSprotection services work by establishing a sort of counter botnetthat’s larger than the botnet running the DDoS attack. This createsa distributed response to the incoming HTTP requests, even if thereare hundreds of thousands or millions of those requests.
Thereare monthly service fees that come with those services. But if youfind yourself a frequent victim of DDoS attacks, these DDoSprotection services may very well be worth the cost.
DDoSattacks can be at best a minor nuisance that causes you a few hoursof website downtime. At worst, it could cost you a significant amountof lost online business, not to mention a drop in customers who trustyour website.
Understandinghow to identify a DDoS attack and how to stop it could reduce yourdowntime, and reduce the time it takes for you and your hostingprovider to recover from it.