DDoS attacks

What is a DDOS attack and how do you protect your website against the consequences?

Being targeted by shady characters with your own website - that's a nightmare. Unfortunately, it is becoming easier and cheaper to use services to make websites inaccessible to normal traffic. DDoS attacks in particular are on the rise.

The danger of a DDoS attack applies to all websites, and you should be aware of this too. The abbreviation stands for "Distributed Denial of Service" and is also known as a "distributed network attack". Here, the server and other network systems of a website are deliberately overloaded by requests from many devices and brought to their knees.

Attacks of this kind are unfortunately a widespread threat. The more popular your website is, the more likely it is that someone will try to damage your sales or reputation through a DDoS attack. This can be devastating - especially if you don't know what's going on or how to deal with it.

Nowadays, it is also becoming easier and cheaper to buy DDoS services. As a result, companies and websites are more at risk than ever. With the right precautions, DDoS attacks can be prevented or even stopped in their tracks.

What are DDoS attacks?

A DDoS attack is a sudden influx of artificial traffic designed to paralyze a website's server. If your server receives more requests than it can handle, it slows down or crashes - so that no one can load your website.

For comparison: A normal denial of service attack (DoS attack) can originate from a single source. In contrast, a DDoS attack consists of a large number of targeted requests from dozens, hundreds or even thousands of individual devices. These are usually hijacked computers that have been hacked and are secretly running malicious software in the background. Together, these devices form a botnet or zombie network.

DDoS Attack Botnet Illustration
How a botnet works

However, botnets are not limited to computers and telephones. Tablets, surveillance cameras or even household appliances such as internet-enabled dishwashers, televisions or baby monitors (which are often poorly secured or not secured at all) can also form a botnet.

This is what makes a DDoS attack so perfidious. As these are real devices at different locations, they appear as normal accesses and are difficult to distinguish from real clients - even during an active attack.

DDoS attacks usually last a few hours at most. In severe cases, however, they can last for days. The longest DDoS attack of all time lasted for 509 hours or almost 21 days. However, even the most extreme cases usually resolve themselves within a day or two: Over 80 percent of attacks last less than four hours. More than 90 percent are over after nine hours at the latest.

DDoS Attack Statistic Duration
Report on the distribution of DDoS attacks by duration (in hours) in Q3 and Q4 2019

What happens during a DDoS attack?

Network resources such as web servers can only process a certain number of requests at the same time. The bandwidth of the server's internet connection and other levels of the network is also limited.

Different points of attack can therefore be attacked - even simultaneously. The more complex the attack, the more difficult it is to distinguish the attack traffic from normal requests. As a result, countermeasures may be less effective.

DDoS Attack OSI Layers
The OSI model explained

As soon as the number of requests to the network components exceeds the capacity limit, your website immediately grinds to a halt. Loading times increase and it takes longer and longer to access the website. The server may even crash completely and no longer respond to requests at all. If your WordPress user interface or server administration such as cPanel are also located there, you will no longer be able to log in and access them.

Worse, however, is the aftermath of a DDoS attack: for affected companies and organizations, it can mean considerable economic damage. Depending on the time of sale, being unavailable for a few minutes can quickly cost tens of thousands of euros in lost profits.

The loss of image should not be underestimated either. 88 percent are less likely to return to a website after a bad experience - such as extremely long loading times. Not only will you miss out on potential new customers (who may never return), but your regular customers are also likely to be annoyed and blame you for the downtime.

If you don't manage to talk to your host quickly so that they shut down the server, you could end up sitting on terabytes of expensive bandwidth overruns.

The good news is that although DDoS attacks can have enormous consequences, they do not usually pose a direct security risk. Although your website can be taken offline, login information such as usernames are not automatically compromised.

"*" indicates required fields

I would like to subscribe to the newsletter to be informed about new blog articles, ebooks, features and news about WordPress. I can withdraw my consent at any time. Please note our Privacy Policy.
This field is used for validation and should not be changed.

Why are websites targeted by a DDoS attack?

There are many reasons why you could be attacked. In any case, the aim is to make your website inaccessible to others. This can happen for various reasons:

  • As a reaction to a controversial statement on your part or to a decision by a company with which someone disagrees (hacktivism).
  • Your economic competition may decide to shut down your website during an important sales period, leaving only their website accessible.
  • To damage your reputation.
  • To distract your IT staff while your website is being broken into. (This is a rare case where DDoS attacks can actually be dangerous).
  • To demand a ransom.
  • Or simply out of boredom.

It is surprisingly easy and cheap to rent a botnet and shut down a website for a short time. Others have already done the groundwork and now anyone can buy their services temporarily.

As a result, the frequency and strength of DDoS attacks has increased significantly over time. Whatever the motivation behind it, easier access is an important incentive for smaller DDoS attacks. Fortunately, these are the easiest to stop.

How to prepare for DDoS attacks

Being prepared is the best remedy against attacks of this kind. Develop a plan for the worst-case scenario before something happens. The question is not necessarily if, but when an attack on your website will take place. Therefore, better safe than sorry. Here are a few tips on how to avoid DDoS attacks.

Formulate an emergency plan

As mentioned above, the best way to counter this threat is to be prepared. Sit down with your IT team so that everyone knows exactly what to do if the worst happens.

Emergency plan for DDoS defense

Create an emergency plan that sets out exactly what everyone has to do in the event of a DDoS attack: Who is responsible for IP blocking? Who contacts the web host and security providers? Who monitors how and where the attack takes place?

Also be prepared for an influx of complaints via phone, email and social media. People will want to know what's going on and why they can't access your website. Think about how to automate as many of these interactions as possible, as all eyes will be needed elsewhere for the duration of the attack.

Choose Managed Hosting

If you don't have a team of experienced IT professionals who can deal with this issue, managed hosting is the next best option. Choose a host that offers DDoS protection measures. This way, they will take care of all the technical stuff to protect your website and get it back up and running as quickly as possible.

It is important to do thorough research. Ask your web host if they offer DDoS protection, what exactly they do during an attack and how they deal with bandwidth overage charges.

Set up uptime monitoring

Automatically monitoring the accessibility of your website is a crucial early detection method. An uptime monitoring service notifies you via email and push notifications within minutes if your website crashes or slows down significantly.

Your web host may offer this service out of the box. If not, there is a paid, professional solution with Pingdom or a free one with Uptime Robot, which pings your website every five minutes. Another solution is Uptrends.

Use a firewall and a content delivery network (CDN)

A web application firewall (WAF) is one of the best defenses against a DDoS attack. It sits between your website and the requests and filters the network traffic to exclude malicious access. This not only helps to protect against attacks, but can also contain DDoS attacks by limiting requests.

DDoS Attack Web Application Firewall
How a web application firewall works

If sophisticated technology is not used in the attack, the DDoS attack may not even reach your website. Even if partially successful, much of this traffic will be eliminated.

To set up a firewall, you can try a service like Cloudflare or Sucuri. You can find other providers here.

A CDN or Content Delivery Network can also help you with this - because a website that uses such a network is somewhat more difficult to switch off. With a CDN, copies of the website are stored on different servers in different locations.

DDoS Attack Content Delivery Network
Local server vs. content delivery network

This makes it easier to come back after a heavy load. However, it is not a fail-safe solution. If your main server is directly attacked, a CDN can only reduce the impact, not stop it. Nevertheless, it is a good investment, especially since many services bundle both a CDN and DDoS protection in their packages.

What to do during a DDoS attack?

Whether you're reading this when the baby has already fallen into the well, or just to prepare for the worst-case scenario: Here are a few tips on what to do if your website is under attack. You can't always do anything to stop a DDoS attack, but you're not completely powerless either.

1. do not panic

It can be scary to receive an email saying your website is down. A mailbox full of complaints is equally unpleasant. You try to visit your website or log in - and it just refuses to load. Panic sets in.

But even if it is an unpleasant situation, DDoS attacks are not dangerous per se. Your data is still safe, your login has not been hacked. You should of course be vigilant and make sure that no one tries to hack your administrator account by brute force in all the excitement. But a DDoS attack alone is only a threat to your reputation and nothing more.

Regardless of whether you are prepared or are dealing with it for the first time: At a certain point, there's nothing to do but wait and see. A DDoS attack costs attackers money and resources - so it won't go on forever.

Only very large and prominent companies are likely to be subject to protracted attacks. Chances are good that it will all be over in a few hours. Follow the steps below and otherwise don't stress.

2. let your web host know

In the event of a DDoS attack, you should contact your web host as soon as possible to inform them of the situation. If you haven't already, ask them about overage fees and DDoS protection measures. If they offer this, they will quickly get to work to stop the attack.

Even if this is not the case, you will find out what (if anything) the attack will cost you. What's more, the provider can shut down your server if the situation lasts too long.

Bandwidth overages can be expensive and traffic from hijacked computers flows fast. Talk to your host as soon as possible and - if you haven't already - look for one that offers DDoS prevention and emergency services as a package.

3. set up a CDN and a firewall

If your server does not yet have a CDN and firewall set up, now is a good time to do so. Security service providers will be happy to help you and will often work directly with you to block the malicious traffic immediately.

Sucuri and Cloudflare are the two most popular DDoS prevention services. Once you have them up and running, their automatic measures should kick in immediately and reduce the impact of the attack. In German-speaking countries, there is also Akamai.

If you do not see any results, activate Cloudflare's "Under Attack Mode" or contact your provider and ask for additional support.

4. use geoblocking and IP blocking

You can also improve the situation manually by blocking IP addresses that do not belong to real clients. IP addresses are the individual identification that each device receives on the Internet.

If a particular IP visits your website dozens, hundreds or thousands of times during an active attack, simply block it. Then the device can do no further damage and will simply be rejected. This way you can fix part of the problem yourself. Your web host may also offer an IP blocker for such purposes.

IP blocking function with Raidboxes

Alternatively, you can simply use the IP blocking function of Raidboxes. You can find it in your box settings.

Geoblocking is also a good solution. Here, IP addresses from entire parts of the world are blocked across the board. This is very suitable if the majority of data traffic comes mainly from certain countries. This function is part of many WordPress security plugins. There are also extensions such as IP2Location Country Blocker that can be used specifically for this purpose.

IP blocking is not always effective - or not effective for very long - as it may simply change the IP address and flood your website with requests again. But it's worth a try.

Web application firewalls perform many of these functions automatically. However, you can also check here whether it is possible to block proxies, switch on access restrictions or activate existing IP access control lists.

Conclusion: Effectively preventing DDoS attacks

Unfortunately, if someone is determined enough and has the resources, it's impossible to stop them from launching a DDoS attack against your website. But that doesn't mean you should just sit back and relax. You can take various measures to prevent the majority of smaller attacks and minimize the consequences.

Even if a person really wants to take revenge on your company, they won't be able to hold out for long without paying exorbitant amounts of money. Compared to the damage caused, it's usually not worth it. Ultimately, every DDoS attack must come to an end - even if it's only when the person gets bored.

A firewall, a CDN and a high-quality web host are your best method of preventing DDoS attacks. Take precautions before the worst happens. And have a plan in place so that you and your team can get everything under control as quickly as possible.

If you are interested in other IT security topics, please read our articles on brute force, cross-site scripting and cross-site request forgery.

What questions do you have about DDoS attacks?

Feel free to use the comment function. Would you like to be informed about new articles and tips for more security? Then follow us on Twitter, Facebook or via our newsletter.

Did you like the article?

With your rating you help us to improve our content even further.

Write a comment

Your e-mail address will not be published. Required fields are marked with *