What can you do, if your website gets attacked by DDOS attack?

13 replies
Hi all
A lot of websites face DDOS attacks (Distributed denial Of Service). If I have a website and I couldn't buy protection for DDOS attack. What should I do in that case?
#attack #attacked #ddos #website
  • Profile picture of the author florinhangu
    Talk to your hosting provider to offer you DDOS protection.
    Usually provides already have DDOS security installed, but not always.
    However, this might or not be free..

    Other way, you can do nothing, if your site is attacked, you will have it down for couple of minutes, hours...Or at least, thats what i know.
    {{ DiscussionBoard.errors[7627937].message }}
    • Profile picture of the author Igal Zeifman
      Well...

      I never heard about hosting providers that offer free/complimentary DDoS protection (please correct me if I'm wrong).

      Also, at least from my experience, they will usually prefer rely on 3rd-party service providers and resell the services to their clients.

      You see, hardware only DDoS solutions are not very effective.... The main problem is that you can't mitigate all DDoS attacks simply by adding more "pipe". This is not cost effective and eventually you will run out - like with the recent US bank attack.
      (and trust me, none of us have their bandwidth budget in the 1st place)

      To provide effective DDoS mitigation, you need to be able to identify bot traffic + have enough bandwidth to handle the traffic you're filtering and counter volume based attacks.

      Hardware solutions can't really help you with user identification. This is why most DDoS vendors will use proxy technology to combine large-scale server networks with software based visitor filtering solutions.

      There are also low level mitigation techniques - like using IpTables to block IP ranges. This is a free, but it has it's limits and will not counter attacker with spoofed IPs. It can also cause false positives and block some of your legitimate users...

      You can learn more about DDoS types and protection techniques here.
      http://www.incapsula.com/ddos/ddos-protection-service
      {{ DiscussionBoard.errors[7628172].message }}
      • Profile picture of the author CyberAlien
        Originally Posted by Igal Zeifman View Post

        Well...

        I never heard about hosting providers that offer free/complimentary DDoS protection (please correct me if I'm wrong).
        You are wrong. All of the major hosting providers mitigate DDOS attacks that are being performed on their shared servers to prevent other customers from being effected.
        {{ DiscussionBoard.errors[7629546].message }}
        • Profile picture of the author Igal Zeifman
          Originally Posted by Chase Watts View Post

          You are wrong. All of the major hosting providers mitigate DDOS attacks that are being performed on their shared servers to prevent other customers from being effected.
          Thanks - I`m happy to be corrected.

          Still, from what I know (based on personal experience and the experience of others) hosting providers will not provide free anti-DDoS services for their clients.
          When clients gets attacked, he/she will be contacted and offered supplementary anti-ddos protection package for an additional cost.
          If the client decides no to pay and the DDoS attacks continues, he/she will be dropped out of the service.

          Btw, I'm not actually against such policy. From hoster's POV, DDoS is a both resource demanding, extremely costly and harmful to other clients.

          Nothing is really free and many hosting companies are just trying to get by. (worked for hosting company for awhile, so I know how it goes...)
          Even if they wanted to, and I sure many do, they still can't simply provide free services, write down their losses and accept collateral damage to other customers.

          I decided to include here a link to one recent discussion about this...
          My DDoS experience with Letbox, Urpad, FrontRangeHosting, BHost, SecureDragon.

          I`m not actually agree with the OP there (who expects free DDoS protection and didn't get it) but still this is a interesting review from a client's point of view.

          If you have any other information, please share it here.
          All of us can only benefit from it.
          {{ DiscussionBoard.errors[7631864].message }}
    • Profile picture of the author hilarious89
      Originally Posted by florinhangu View Post

      Talk to your hosting provider to offer you DDOS protection.
      Usually provides already have DDOS security installed, but not always.
      However, this might or not be free..

      Other way, you can do nothing, if your site is attacked, you will have it down for couple of minutes, hours...Or at least, thats what i know.
      Thanks for the information. But after that will I get back my site or my site will be totally hacked? Don't take my words otherwise, I am asking caused I haven't get attacked yet.
      Signature
      My Archive :- A blog where you will get everything updated !
      Get Walkthrough Videos of Newly Released Games from Entertainment Discuss!!
      {{ DiscussionBoard.errors[7631887].message }}
      • Profile picture of the author Igal Zeifman
        Originally Posted by hilarious89 View Post

        Thanks for the information. But after that will I get back my site or my site will be totally hacked? Don't take my words otherwise, I am asking caused I haven't get attacked yet.
        Well, DDoS does not necessarily means you got hacked.
        Typical DDoS attack will use other machines (PC, servers and recently even mobile phones) to flood you with "fake" requests until your servers/CPU/memory can't take it any longer and crash or draw to a halt.

        Imagine millions of people getting remote access to your PC and each of them trying to run one of your programs or a script that connects to your PC remotely and trying to run a new program every millisecond... This is DDoS simplified.

        What I`m trying to say here is - DDoS is not a result of a hack, it's a different type of attack entirely.

        Hope I could help
        {{ DiscussionBoard.errors[7631954].message }}
  • Profile picture of the author adisini
    you can order 3rd party anti-DDOS support. The free strategy is using cloudflare nameserver. You can check cloudflare.com for more information.
    {{ DiscussionBoard.errors[7628235].message }}
  • Profile picture of the author vishalduggal
    You can use Cloudflare for protection from small DDoS attacks and spams.
    You can use anti DDoS protected hosting services like KoDDos.

    However, if attack is big you might have to get some help from bigger Anti DDoS protection service providers like Vistnet.
    {{ DiscussionBoard.errors[7631933].message }}
  • Profile picture of the author so11
    Hello,

    there are many different types of DOS attacks:
    1. Somebody trying to connect to your site opening 100s or 1000s connections at the same time;
    2. Brute forcing your admin account and locking it out so you cant access it...
    3. Injecting some code so you can't provide service to you clients.

    All of the above are examples of DOS attacks. And DDOS is just a type of DOS (actually the way it is performed).

    Internet host providers might provide some services to minimize risks related to DOS attacks. But the truth is you cant really stop them. Remember Gdaddy a couple of month ago?

    So to conclude, you need make sure that all of the technical and security related configurations are reinforced. When a DOS attack occurs you need to identify what is under attack and take actions from there...

    good luck
    Signature
    www.groupesoloviev.com
    We help businesses manage cyber risk and compliance requirements.
    {{ DiscussionBoard.errors[7632940].message }}
    • Profile picture of the author IMMaster
      Originally Posted by so11 View Post

      Hello,

      there are many different types of DOS attacks:
      1. Somebody trying to connect to your site opening 100s or 1000s connections at the same time;
      2. Brute forcing your admin account and locking it out so you cant access it...
      3. Injecting some code so you can't provide service to you clients.

      All of the above are examples of DOS attacks. And DDOS is just a type of DOS (actually the way it is performed).

      Internet host providers might provide some services to minimize risks related to DOS attacks. But the truth is you cant really stop them. Remember Gdaddy a couple of month ago?

      So to conclude, you need make sure that all of the technical and security related configurations are reinforced. When a DOS attack occurs you need to identify what is under attack and take actions from there...

      good luck
      Very helpful information
      {{ DiscussionBoard.errors[7646111].message }}
  • Profile picture of the author Sarevok
    It depends how big the attack is; if the attack is small a pattern can be recognized. DDOS prevention is all about pattern recognition.

    Contrary to popular belief, massive DDOS attacks are very difficult (if not impossible) to protect from.

    Simple DOS attacks are simple to prevent; the pattern can easily be disrupted coming from a single source.

    Or even a few hundred sources. The problem arises when a DDOS attack is coming from several hundred thousand sources.

    Sure, people will bring up some IDS or firewall system; but remember if someone has a botnet with 5,000,000 zombies from 7 continents; it's gonna be a problem.



    But nobody has a botnet that big, right?
    {{ DiscussionBoard.errors[7646131].message }}
  • Profile picture of the author Sarevok
    PS: A DDOS in itself doesn't indicate a server actually getting its administration breached.

    A DDOS attack is merely a "distributed denial of service attack"; meaning that several access points continually "ping" or otherwise access a web server to the point of a "denial of service"; the purpose is to overload a server.

    A DOS attack is a "denial of service" attack; meaning it's not "distributed" and is only coming from a single source. It's a much simpler version of a DDOS; only a single point of access is attempted.

    Other attacks can accompany a DDOS attack; but a DDOS attack in its essence is merely "overloading" a server.

    The source of this attack is a "botnet", or an array of infected computers (in modern times, this can be any device with Internet access that's infected).

    As you can imagine, the bigger (and more diverse) the botnet, the more difficult it is to stop it.
    {{ DiscussionBoard.errors[7646150].message }}

Trending Topics