A Denial of Service (DoS) occurs when there is too much traffic going to a site, which causes the site to shut down services to its users. Having a lot of traffic can be a really good sign that your site it really popular, or it could mean that you are being attacked.
How to Stop a DDoS Attack If You’re Currently Being Attacked
The first thing you want to do if you are being hit by a DDoS attack is to change your IP address. This will mitigate the effects of the attack, and may even stop the flow of traffic completely. Contact your provider immediately to see if they can change your IP address.
For more information on what to do if you are currently being DDoS attacked, please continue reading
A site can be purposefully attacked with a Distributed Denial of Service (DDoS) in order to shut the site down. It used to be difficult because it involved gathering a massive number of people, all of whom had to be willing to flood a site at the same time. For example, when a few credit card companies boycotted WikiLeaks in 2010, supporters of the site got together to carry out a coordinated DDoS attack, which temporarily shut down their websites.
Now, a DDoS can be launched by a single user with a network of “zombie” computers. Together, these zombie computers make up a bot-network (or botnet) that can be comprised of hundreds, or even thousands of computers or other IoT devices that were previously infected with Trojan horses or worms. Once they are infected, they can be manipulated by a single user anywhere in the world. Your computer could be performing a DDoS attack right now, and you wouldn’t even know it.
The amount of traffic that these botnets can create is immense. With all their traffic focused on a single point, with even a simple request to view a web page or receive a packet of information, together, these can create a tidal wave of information flowing into and out of the site. That amount of information is what can cause even the biggest and most secure sites to crash.
DDoS attacks happen every day, so it is necessary to understand them in order to protect your site from an attack. And while most DDoS attacks you hear about usually happen to very large enterprises, small businesses and even personal sites get attacked all the time too.
In fact, in Kaspersky’s most recent Security Risks Survey, they found that half of the businesses they surveyed experienced some level of disruption due to a DDoS attack in the past year.
There are many reasons that a site will get attacked, the most obvious is money. While hackers cannot access a company’s financial information directly through a DDoS attack, they often demand a ransom in order to prevent an attack, or to stop an attack that is already underway.
However, most DDoS attacks are just meant to cause disruption to the site owners. Hacktivists use DDoS attacks to shut down sites that they disagree with for political, religious, or social reasons. Other DDoS attacks are launched purely for revenge; an employee that was fired, a gamer that didn’t like the way you played, or even a competitor who is trying to shut you down for their advancement. It is not hard for the technologically impaired to run an attack, they can simply pay for one.
The DDoS-for-Hire marketplace, allows anyone to hire a botnet for an average of $38 an hour.
Any time your site goes down, you are losing money. No matter what your site is, you want it to be up all the time.
In fact, Kaspersky’s most recent Security Risks Survey finds that the average DDoS attack can cost a small business $38,000 in losses, while large enterprises average about $551,000 in losses. An attack on your servers can result in bandwidth costs, a loss of reputation and reliability from your customers, as well as the loss of productivity, as your employees wait for their services to be restored. In fact, Ponemon report found that DDoS attacks cost businesses $173,169 a year solely from the loss of productivity.
In the most severe cases, a DDoS attack can turn into a PDos attack (Permanent Denial of Service) where the physical hardware components actually break down from the strain and need to be replaced.
And while most DDoS attacks usually only shut a site down for a short period of time, they can also use the attack as a distraction for more malicious hacking. In 2011, Sony was hit by a DDoS attack, only to find that as they were fixing their services, hackers snuck into their network, and sole personal details for 77 million of their customers.
This is such a common technique that the Kaspersky report found that 74 percent of companies that experienced a DDoS attack, also experienced another attack to their servers. In fact, 26 percent of businesses which reported a DDoS attack said that sensitive data was stolen in the confusion.
While it is impossible to completely protect your site from being attacked, there are a few steps that you can take to lessen the effects of the attack.
The best way to prevent a DDoS attack is to detect it early. Therefore, you must know how your network functions on an average basis. Half the battle involves knowing what to look for; if you don’t know how much bandwidth your site uses on an average day, then how will you be able to detect when the network is being flooded by users? You should also invest in extra bandwidth. If you have more than you need, it will be easier to handle a flood of traffic.
Make sure to stay updated on all your patches and updates to your firewalls. They will not stop a determined attack, but they can prevent other attacks from sneaking past you while you deal with the chaos from the DDoS.
Contact your internet service provider (ISP) and inquire about the protection they offer you in the event of a DDoS attack. Some ISPs do not offer any protection, and many of them do not have the necessary tools to defend your website, while others will shut down your site in order to protect the rest of our customers on that server. If you want extra protection, think about getting a redundant ISP in the event of an attack to keep your business running.