DDoS attacks are happening more often. The number of “smart attacks” is also increasing, and their duration and capacity are growing. Protecting your online resources is becoming increasingly harder.
In this article, we’ll provide tips on how to effectively protect against increasingly complex DDoS attacks.
DDoS attacks are any actions by cybercriminals aimed at making your services inaccessible to clients. There are different ways to do this. The most common is to send a huge number of requests to the server so that it stops coping with them, causing it to work very slowly or crash altogether. But there are other methods as well.
Attackers can attack a single site, application, or entire server.
There are many types of DDoS attacks. They can target different OSI layers and use different techniques.
During a DDoS attack, criminals find vulnerabilities and can, for example, launch a virus on a website and steal your data or the data of your customers.
The primary harm of a DDoS attack is that your service becomes unavailable for a while. Customers can’t access a website or application and therefore can’t use your services. As a result, they become less loyal to your business.
Worst of all, attackers often attack at critical moments. For example, you’ve launched a promotion on your online store and you expect it to result in a substantial sales growth. But instead of “clean” traffic, a huge number of requests from bots is sent to the server, and real people can’t access the website and make a purchase.
Aside from this, there are other negative aspects:
In early March 2018, the most powerful DDoS attack in history hit GitHub, setting a new record of 1.35 Tbps, or 126.9 million packets per second. Attackers had learned to use Memcached DDoS servers for amplification, which can amplify the attack by more than 50,000 times.
In February 2020, a powerful DDoS attack that lasted more than a week completely paralyzed gameplay: chats, ship control, and market transactions were impossible.
In March 2020, there was a major DDoS attack on the Takeaway.com food delivery network. Restaurants could receive orders, but couldn’t process them.
The attackers demanded 2 bitcoins from the company as payment to stop the DDoS attack. On the same day, the CEO tweeted a screenshot of their message.
Takeaway chose not to pay the ransom, but the DDoS attack itself caused serious damage. They had to provide refunds to all users whose orders were paid but not delivered.
The reasons vary.
We’ve already given an example above. Events often proceed in two possible ways:
If a ransom is demanded from you, you should never pay anything! Criminals will think you give in easily, and they will do it again and again.
You are actively growing, eventually overtaking your competitors, and one of them envies you. Or maybe you are going to enter new markets, and the companies already there don’t want extra competition.
In any market, there are those who don’t like to play fair. With the help of a DDoS attack, they can try to ruin your business and force you to abandon your plans.
What should you do in this case? Again, don’t give in to the attackers. If your competitors fear you and try to stop you, it means you are moving in the right direction.
In addition to intentional attacks, there are also unintentional ones:
DDoS attacks are usually unexpected. You didn’t offer any promotions or sales. You did nothing to attract customers. And yet for no reason, a huge number of requests are sent to the server. A normal surge in traffic, as opposed to an attack, is usually predictable.
You can check if this is a DDoS attack by analyzing the logs. These are files that are stored on the server’s hard drive. They record information about visitors, transmitted data, and error messages.
Access to the logs is usually granted by the hosting provider via the control panel.
If your resource is under attack, you’ll probably see that a lot of identical requests and packets are coming from the same IP addresses.
Let’s be clear: you won’t be able to set up full-fledged protection on your own. There’s no free technique that is guaranteed to protect your website or application. New DDoS attacks appear all the time, and the existing ones get better every day.
But you can still do something.
During the New Year’s sale, your website was “crashed” at the most crucial moment. Was it really a DDoS attack?
If you have a competent infrastructure, a balanced load distribution is provided, and possible traffic surges are taken into account, then DDoS attacks won’t be such a threat to you. Invest in infrastructure. It’s better to make one good investment than to scrimp and then suffer losses many times.
If you have no resources to build your own infrastructure, consider purchasing a third-party IT solution. One option is to sign up for a CDN—a content delivery network.
If you’re being attacked, and you haven’t set up any protection for your website, there are several actions that you can take.
1. Ban the IP addresses from which the attack is carried out. They can be found in the logs.
To avoid manually blocking each request, you can use grep. It’s a tool that allows you to find certain elements in a file and perform simple actions with them—for example, block.
You will be very lucky if the attack on your website is short. In this case, you can figure out right away where the “junk” traffic originated, allowing you to block it.
But such luck is rare. A DDoS attack can last for several days and stem from thousands of different IP addresses. It’s not possible to block them all, even using grep.
Besides, stopping smart attacks by blocking IP addresses isn’t a very effective tactic. If the perpetrators use dynamic IP addresses, then no block can save you.
2. Block requests by geolocation. This method works only if you see that a lot of requests to your website come from a specific area of the world. For example, your users live in Eastern Europe, but suddenly a huge amount of traffic comes from Africa.
But once again, this is rare. Most DDoS attacks these days are “smart”, and attackers most likely won’t make such a mistake.
3. Block the “heavy” section of your website. The attack may be aimed not at the entire website, but at the most vulnerable part of it, such as the search feature. If it’s not the most important element of your website, you can simply disable access to it for all users. Customers may not be able to use search, but everything else will function normally.
The drawback to this method is that it’s useless for most attacks.
These methods can help stop some simple types of DDoS attacks. Besides, all of them are designed to repel attacks on servers and will in no way rid you of bots on the website, which can also cause big problems.
For instance, if you have a limited number of products, an attacker can launch bots that will add all the products to their carts, preventing real users from buying anything.
On top of that, even if you manage to repel the attack, you’ll have spent time solving the problem. That means your services will be unavailable for some time.
In order to avoid frantically taking emergency measures, it’s better to buy hosting with built-in protection against DDoS attacks from the very beginning or to enable paid protection against DDoS attacks for your server.
1. Protection at all layers. A DDoS attack can occur at the network (L3), transport (L4), or application (L7) layers. The methods listed above will help in the event of a DDoS attack at one layer. But attacks are different. And it is extremely difficult to protect all layers on your own.
Professional protection is a well-designed filtering platform that all traffic passes through and that blocks suspicious requests. “Junk” data packets will be stopped on the way to the resource.
2. Load balancing. A good security system usually provides for an even distribution of traffic between nodes. This makes it harder for criminals to “crash” your website. Additionally, it will also speed up the loading of the website and help with natural traffic surges.
3. Protection of web application vulnerabilities. Any website or app has weak spots, and attackers don’t hesitate to exploit them. They detect vulnerabilities and exploit them to gain access to confidential user data.
Web Application Firewall is a firewall that hides application vulnerabilities and blocks suspicious traffic.
When choosing a firewall, it’s important to pay attention to how it works. It is a good idea to choose a “smart” WAF with self-learning algorithms. Such screens are able to analyze the contents of packets and avoid blocking real customers along with bots.
4. Refund guarantee. If you are securing your website with whatever tools are available, there is no guarantee that these tools will help. And even if your own protection has more or less coped for now, tomorrow hackers may invent a new type of DDoS attack and your methods will be useless.
On the other hand, if you purchase professional protection, good companies always provide a refund guarantee for their services. If the protection doesn’t work, you can get your money back.
At the same time, professional systems are constantly evolving and taking into account the emergence of new DDoS attacks.
We offer protection for websites and applications from bots and secure hosting on our servers. We can also enable server protection for your own infrastructure.
The protection solution is based on our own traffic filtering centers in Russia and Europe. The total filtering bandwidth is more than 1.5 Tbps.
The system blocks any bot traffic, including parsing and brute-force.
It blocks sessions, not IP addresses. Self-learning algorithms are built into the platform. It remembers “trustworthy” customers and doesn’t verify subsequent requests from them. The false positive rate is less than 0.01%.
In addition to protection, you can buy a smart firewall for your web application.
Protect your resources with a comprehensive solution and forget about DDoS attacks.