Distributed Denial of Service (DDoS) attacks are a way that hackers can interrupt your business. They slow down your website by flooding the network, server or application with huge amounts of fake traffic.
They are an ever-present and growing threat to online businesses. Published in August 2019, the Present Status of Distributed Denial of Service (DDoS) Attacks in Internet World report suggests that there was a 35 per cent increase in the number of DDoS attacks between Q1 and Q2 of 2018, alone.
One of the key roles for a webmaster is telling the difference between a legitimate spike in web-traffic, and an attack.
Research undertaken in the Netherlands, USA and Germany stated, succinctly, that “a third of the Internet is under attack” and that they had observed an average of 28,700 attacks per day.
And no-one is immune. Back in 2011, even the CIA’s website was attacked.
So, along with our security partners at Sucuri, we’ll go through the essentials you need to know, to stop DDoS attacks and highlight the steps you can take to help prevent them in the future.
Sucuri has created a free online guide which details what DDoS attacks are, what variants there are and what motivates people to do them.
DDoS attacks – why should I care?
The costs of DDoS attacks against your business can be various and considerable:
- DDoS attacks will waste your time and bandwidth.
- They might be used to distract your IT team from serious security breaches elsewhere.
- DDoS attacks can also lead to loss of reputation.
- They can affect legitimate traffic to your site for an indeterminate length of time – preventing you from selling your products or offering your services.
- DDoS attacks are commercially available on the dark web. It can cost as little as $150 (£115) to buy a week-long DDoS attack.
How to prevent DDoS attacks
You can see that not being prepared for a DDoS attack can significantly damage your company. So, what do you do?
Activate a WAF
A Web Application Firewall (WAF) is protection that sits between your website and the traffic it receives. Here at Heart Internet, our WAFs are provided by our partners at Sucuri, who go into the workings of our WAF in this blog.
Activate country blocking
Country-based blocking can be effective at minimising the risk of attacks from outside your country and it lessens the danger of mindless bots spamming the connection logs. However, it’s worth noting that IP addresses are not reliably geographical. All a determined attacker would need to do, to defeat this, would be to use a VPN or a proxy based in a country that isn’t blocked.
By their nature, a ‘distributed’ attack comes from various places at once. A modern ‘botnet’ can be made up of thousands of hacked websites, infected computers or unprotected Internet of Things devices distributed around the world.
Also, think about the implications to your business of blocking markets from around the world.
Monitor your website traffic
DDoS attacks can be made of huge amounts of traffic, so keep an eye on your traffic and look for sudden, unexpected spikes. These are called volumetric attacks.
If your website suddenly experienced thousands or even millions of new visitors in an hour – that would be brilliant for your business, if they were all legitimate potential customers. But, what if they’re not?
A dramatic increase in traffic could signify a DDoS attack, so it is essential that you monitor traffic and always check your logs. A few things to look for:
- What time of day do these numerous visits occur? Outside of normal trading hours, such activity might be suspicious.
- What time of year do these visits occur? Some businesses have perfectly legitimate seasonal surges of activity.
- Where are these visits originating from? If you don’t trade in a particular country, it would be unusual to get a lot of traffic from there.
- Also, bear in mind that Googlebot – and other search engine crawlers – will make repeated visits to your website. This might, at first glance, look like suspicious behaviour.
So, be vigilant about your traffic, but also think critically if you do get a spike. It might be good business, not bad news.
What to do during a DDoS attack?
What do you do if your website is under DDoS attack? You block them.
But, the main thing you can do in advance of an attack, is prepare. Here’s a checklist of things to consider:
- Have a plan. Define the responsibilities of key team members to ensure an effective and timely reaction to an attack, bearing in mind it could happen in the middle of the night.
- Develop a full list of assets you should implement to ensure proper DDoS identification and prevention – and ensure every relevant team member has it and understands it.
- Make sure your team members know exactly who to contact – and have up-to-date contact details – in case the attack exceeds their abilities.
- While you are experiencing an attack, you should inform your customers of the possibility of a reduced or degraded service, while you deal with the attack.
Heart Internet Website Security
With Heart Internet Security – powered by Sucuri – our Deluxe, Ultimate, and Express packages offer protection through our Web Application Firewall (WAF). This adds an extra layer of protection, blocking DDoS attacks and giving you HTTPS protection between your visitor’s browser and the firewall.
All three packages also come with Sucuri’s Content Delivery Network (CDN). With a CDN, your site is conveniently cached across the world, making it load faster for your visitors, wherever they are in the world.