How to Identify and Stop a Distributed Denial of Service Attack fast

Posted on 19/11/2018 by Samantha in Optimisation, Web Hosting, Website
Back To Blog
Stop DDoS Attacks

Have you ever tried to access a website only to find it down? If so, it is quite possible that the website in question was subject to a Distributed Denial of Service attack, or more commonly known as a DDoS Attack. As a website owner, it is your job to ensure that you safeguard and put measures in place to have the utmost in web security. However, sometimes, a determined hacker can’t be thwarted from launching an assault on your website. This article is going to shed light on what a DDoS attack really is, how to properly identify it, safeguard against it and mitigate it fast.

What is a DDoS Attack?

Simply put, a DDoS attack is done by flooding a server with a very large number of packet request or traffic until it is overwhelmed. Usually, the source of the traffic or packet requests is from a network of compromised “zombie” computers. These infected computers, also known as a botnet, sends high streams of traffic with a simple command from a hacker. Hacker forums, blogs, and even YouTube creators share accessible information all the time. In how to set up a DDoS attack, making it so that practically anyone with an Internet connection can launch their own attack on any business. In April 2018 the UK National Crime Agency highlighted DDoS attacks as the leading threat to online business. Rest assured, there are ways to alleviating and preventing DDoS attacks from happening.

How to tell if you’re under a DDoS Attack

One problem facing website owners is determining whether or not a lag or disruption of their website is due to an actual spike in traffic or a launched DDoS assault. The real determiner of a DDoS attack versus a spike of traffic during an influx of users lies solely with the amount of downtime experienced by the site.

The length of time your servers are down will determine if you are under a DDoS attack. If it is a prolonged disruption of service over a course of a few days then perhaps it is time to call your Tech Support team and find out what is going on. Genuine traffic from users can cause delay, slow loading times and if there is a significant spike can knock your servers down for a few hours.

Furthermore, if the identical source address is querying for the same data long before the Time to Live (TTL) has passed, it could be a signal that they are up to no good. Unfortunately, you cannot simply check to see if all of the traffic is coming from one IP, as this is the exact purpose of a DDoS assault having traffic pour in from multiple sources/computers.

Why do Hackers Target Websites with DDoS Assaults?

  • Easy to Use: It doesn’t take expert skill to launch a DDoS attack. Bottom line it is a simple way to attack any website and it works quite effectively. But what’s more, it is often quite challenging for the security team, technical support or law enforcement to track down the hackers because they use proxies to assault your website from different locations.
  • Extortion: A lot of hackers use a DDoS attack to extort money from businesses. They levy peace or a cease of attack in order to get cash. This can hurt your business financially while making the anonymous and hard to track hacker just that much richer.
  • Kill the Competition: One way to get ahead in an industry is to stop the competition dead in the water. Sometimes companies higher hackers to end the competition or at least damage their reputation so that they can get ahead.
  • Hacktivism: Some hackers do it in Protest of a righteous cause. Individuals do sometimes DDoS governments or companies because they disagree with them ethically and want to silence them.

Preparing your Website for a DDoS Attack

There is absolutely no reason for you to lie in wait for an attack to happen. Prevention is always better than cure. Be preemptive and prepare your website to thwart a DDoS attack if necessary. This can save you time, money, loss of data and damage to your business’ reputation. Just follow these simple steps to help you safeguard and prepare for an attack.

1. Be Aware and Vigilant

When considering your hosting options, invest in software solutions that allow you to track your network’s normal pattern of behaviour; and will notify you in the event of suspicious activity in the event of an attempted DDoS attack.

2. Increase Capacity

Make sure you allocate enough server capacity and allow adjustment for the best performance under high load. Build the largest network you can with effective elements for advanced mitigation. Use a CDN to help you.

3. Drill your Defence Strategy

Practice, Practice, Practice. You want to know your defence strategy inside and out and practice employing it. Commit to practice drills with your staff so that they know exactly what to do.

4. Get Help

If you don’t have the resources or technical support in-house to deal with attacks then outsource the technical support. Use a managed DNS Provider or your Hosting Solutions Technical Support team to redirect your site visitors to hosts that aren’t down. Use advanced features like load balancing and performance monitoring.

5. Be Prepared

The best way to avoid any disruption of your website from a DDoS attack is to be prepared for it. If you are going back and forth on deciding whether or not you actually need to invest in a stronger prevention technique (e.g. you believe your industry or business is at a low risk of a DDoS attack), think about the impact it would have on your company financially if it was to happen not to mention your reputation with your clients/end users. Even though it may not be an apparent risk it is very much a possibility. The costs associated with being attacked is usually much higher than the cost to take safeguards.

Fixing a DDoS Assault Fast

Perhaps despite your best efforts at prevention, your site has been bombarded by a DDoS assault and it is now down. You need to fix the problem fast to avoid either being extorted by the hackers to solve the problem themselves, or damaging your reputation in the eyes of your customers. Here’s the solution you or your team can employ to get your site back up and running.

Step 1: Identify the Attack Immediately

This requires vigilance. Sure you may have been running an advertising campaign which may have increased traffic to your website and thus no worries of an attack. However, if you notice a large burst of traffic to your site causing it to lag or go down act immediately.

Step 2: Allocate more Bandwidth

If you are under attack having more bandwidth allocated to your site can give you enough time you need to salvage a line of defence. While having an increased bandwidth won’t stop an attack it can afford you the time necessary to act.

Step 3: Line of Defence at the Network Perimeter

If you run your own server there are a few technical things you can do in the event of a DDoS attack:

  • Set a rate limit on your router to prevent your Web server from getting overwhelmed.
  • Add filters to tell your router to drop packets from obvious sources of attack even if they are using proxies which most likely they are.
  • Timeout half-open connections more aggressively.
  • Drop spoofed or malformed packages.
  • Set lower SYN, ICMP, and UDP flood drop thresholds.

Nevertheless, the truth is these tactics have been effective in the past against DDoS attacks. Today, DDoS attacks are now usually too large for these measures to be able to stop an attack completely. Again, the most you can hope for is that they will buy you a little time as a DDoS attack ramps up to act quickly.

Step 4: Contact your Hosting Provider

Let them know you are under a DDoS attack and ask them to assist you in mitigating and diffusing the attack before it gets out of hand. When a DDoS attack is large enough, the first thing a hosting company or ISP is likely to do is “null route” your traffic. This results in packets destined for your Web server being dropped before they arrive and preventing damage in the first place. To get the website back online, your hosting company may divert traffic to a “scrubber,” remove malicious packets, before the legitimate ones are sent to your Web server.

Step 5: Use a DDoS Mitigation Specialists

With very large scale DDoS attacks, it’s likely that your website’s best chance of staying online is to use a specialist DDoS Mitigation Provider. These organisations have the large-scale infrastructure. They also use an assortment of technologies, including data scrubbing, to help your website stay online. You may need to contact a DDoS mitigation company directly, or your hosting provider may have a partnership agreement with one to handle large attacks for you.

2 votes