What is DDoS attack and how do I prevent it?

A distributed denial-of-service (DDoS) is a type of cyber attack where a malicious player strives to render a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of traffic, resulting in a denial of service to additional users – hence the name.

DDoS attacks work by using multiple compromised computer systems as sources of attack traffic.

Think of a DDoS attack as a traffic jam: with an expected level of cars clogging up the highway preventing regular car traffic from arriving at its destination. But in this case, the unexpected internet traffic stops your customers from visiting your site. 

How does a DDoS attack work?

DDoS attacks use networks of machines connected to the internet, including computers and IoT devices, which have been infected with malware, allowing them to be controlled remotely. These are more commonly known as bots, and a group of these bots is called a botnet. 

After establishing a botnet the attacker can then directly send remote instructions to each bot. 

During an attack, each bot in the botnet will send requests to an IP address, which causes the server or network to be overwhelmed. Resulting, in a denial-of-service to normal traffic. 

As each bot is a legitimate Internet device, it can be difficult to separate bot traffic from your regular traffic. 

How to identify a DDoS attack

The most obvious sign of a DDoS attack is if your site suddenly becomes slow or unavailable and you have an unexpected jump in traffic. There can be legitimate reasons for a spike in traffic – so you need to use traffic analytic tools such as Google Analytics to help you spot some of the signs:

• Suspicious amounts of traffic originating from a single IP address or IP range
• A flood of traffic from users who share a single behavioural profile, such as device type, geolocation, or web browser version
• An unexplained surge in requests to a single page or endpoint
• Odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural (e.g. a spike every 10 minutes)

How to prevent a DDoS attack?

The easiest way to help protect yourself is to ensure all your server security is updated. Not only will this protect you against DDoS attacks it will also protect you against any server vulnerabilities.

It’s also important that you have a good understanding of your site’s traffic. That way, when unusual activity occurs, you can identify the symptoms of a DDoS attack.

If you have the resources you can also scale up your bandwidth. The more bandwidth you have, the harder it is to overwhelm the network. 

You could also opt for a load-balanced solution. Whilst this wouldn’t stop an attack from occurring, it would mean that you didn’t experience downtime as a result, as the other server in your setup would assume the hosting of your site and services.

There are a wide range of anti-DDoS hardware and/or software on the market that you can use to prevent an attack from happening. Take a look at the products available at CWCS.

Ultimately preventing a DDoS attack is much easier and likely cheaper than dealing with one that has caught you off guard so it’s worth investing in these extra precautions to ensure you don’t fall foul of this particular type of attack. Ensure you’re adopting best practices in terms of your server security and doing what’s right for your business, it’s website and infrastructure. Make sure you have a clear plan to follow if the worst does happen.

Speak to an adviser at CWCS managed hosting today for more information on how we can help you to avoid DDoS attacks.