If you operate any type of website, you need to know about what types of threats exist that could cause it to go offline. Distributed denial of service (DDoS) attacks are a major problem that impact millions of websites every day.

Understanding what DDoS attacks are and how they work help you to make the best decisions possible to protect your site from this type of problem.

Key Takeaways

  • A DDoS attack is an effort by a party to take down a website, server, or another internet-connected device by flooding it with huge amounts of traffic.
  • The best way to protect your site from a DDoS attack is to make sure your website is hosted by a company that offers DDoS mitigation and protection services.
  • There are many sites that are associated with the more popular attack targets which may also get hit, whether your site is in a high-risk category or not, you need to take steps to protect it.

What Is a DDoS Attack?

DDOS imageSource: InMotionHostingA DDoS attack is an effort by a party to take down a website, server, or other internet-connected device by flooding it with huge amounts of traffic. By overwhelming the site with traffic, the hosting servers are unable to process it all and end up either crashing or being unable to respond to the valid traffic.

These are one of the most common types of malicious attacks on the internet today, and it’s important for all website operators to at least have a basic understanding of what they are, how they work, and what can be done to avoid them.

How Do DDoS Attacks Work?

Web servers are designed to be able to handle many requests since thousands, or even potentially millions, of people may be trying to access a site at the same time. Despite their large bandwidth, however, there are limits to every hosting server. When an attacker wants to take down a site, they direct huge amounts of traffic toward the site until it reaches the point that the servers are unable to respond.

Attackers can do this by infecting computers and other devices around the world with viruses or malware. The malware sits on the computer without causing any problems until the attacker instructs it to begin sending traffic to the address that they want to attack.

Once activated, all of the infected devices begin sending the traffic. Since each infected device is only sending a modest amount of traffic, the average user doesn’t even notice any problem, so they never remove the malware.

With millions of infected devices all attacking the same address, the amount of traffic can be astronomical. The largest recorded DDoS attack so far sent 2.4 terabits per second (Tb/s) of traffic toward Microsoft Azure services. This occurred in October 2021. Of course, most attacks are much smaller, but they can still be devastating.

Why Do DDoS Attacks Occur?

There are many reasons that hackers and other bad actors run these types of attacks. Sometimes, it’s “just for fun” as newer hackers are learning how to use various tools.

Some hackers get paid by third parties to target specific sites to try to take them down. For example, if someone got bad customer service from a small business, they may be willing to pay for a DDoS attack against their website.

Other attacks are politically motivated and go after political party websites, specific candidate websites, or websites that support a specific cause.

One last, and very concerning, reason that DDoS attacks are launched is to create a distraction. While the information technology (IT) teams are working to stop the DDoS attack, the hackers are attempting to gain unauthorized access into key systems.

This is sometimes effective because the DDoS attack overwhelmed the security devices for the site.

Types of DDoS Attacks

  • ICMP floods
    SYN floods
  • Ping of death attacks
  • HTTP flood:
Phishing infographic
Source: Logrythm.com

The term DDoS is used to describe a whole category of cyberattacks that work by flooding traffic to a target system. There are many different types of attacks within this category, including:

  • ICMP floods: By flooding a server with massive numbers of ping requests, the attacker may be able to overwhelm the system with both incoming and outgoing traffic. This is because most web services are configured to reply to a ping with an echo packet.
  • SYN floods: SYN floods send a large number of SYN requests to the target system. The target system then replies with a SYN-ACK and waits for a final ACK as a response. The infected systems never send the ACK, causing the target systems to get stuck waiting for responses. This type of attack takes advantage of the way TCP connection requests work.
  • Ping of death attacks: The ping of death attack exploits the fact that the max packet length for internet protocol (IP) is 65,535 bytes. The attackers send multiple large packet pings of various sizes, each of which is sent out over multiple messages. When the target computer reassembles them, the size is beyond the limit, which can cause memory buffer issues and other problems.
  • HTTP flood: An HTTP flood is essentially when the attacker sends a large number of seemingly authentic requests for information from a website. The requests target the largest files on the system, so the web server quickly becomes overwhelmed.

There are many other types of DDoS attacks out there. Many of them can be stopped using similar strategies, though the attackers are always working on updating their strategies.

How To Protect Your Site From DDoS Attacks

Blue-shield antiphishing graphics
Source: Ironscales.com

One of the biggest reasons that DDoS attacks are such a serious threat is that they’re difficult to stop. Depending on the type of attack being run, the traffic from any individual attacking device will seem to be legitimate. It’s only when combined with thousands, or millions, of other devices that it becomes problematic.

Stopping a DDoS Attack on Your Small Business Website

Stopping a DDoS attack is almost impossible for an individual website, especially a site run by an individual or small business.

This is because it requires advanced hardware and software solutions that can analyze incoming traffic rapidly so that it can either be allowed to continue or it can be blocked.

For most people, the best way to protect your site from a DDoS attack is to make sure your website is hosted by a company that offers DDoS mitigation and protection services. Good hosting companies that have this service either operate their own protection services or pay for a third-party DDoS mitigation company to handle it for them.

Either way, all the traffic that’s being directed at any site hosted by that company are analyzed to see if it’s a part of a DDoS attack. Based on that analysis, the traffic may be dropped so that it never reaches your servers.

These advanced DDoS mitigation services also identify the source of the attack traffic so that it can be more effectively blocked going forward.

Why Would Your Small Business Site Get Attacked?

DDOS mitigation diagram
Source: LiquidWeb

One of the biggest mistakes that website owners make is assuming that their site is safe because nobody would want to attack it.

The fact is, however, that no website is off-limits for these types of attacks. You never know who would want to bring your site offline or why.

Of course, some types of sites are targeted more frequently than others. Some categories of sites that are at the greatest risk of a DDoS or other hacking attack include:

  • Highly public sites: Major sites like Amazon, Sony, Microsoft, and others are often targeted because if the group performing the attack can take their services down or access their private information, it improves their reputation greatly within the hacking community.
  • Financial services: Banks and other financial services websites are almost constantly under attack. The DDoS attacks are often used as smokescreens to try to cover up other hacking attempts that are attempting to access sensitive data.
  • Any online store: Any site that accepts payments or even just collects email addresses is at significant risk of an attack. Hackers and other bad actors are always trying to collect credit card information, email addresses, and other personal information so that it can be used later.
  • Adult entertainment sites: Major pornography sites are often a target. The hackers want to collect the email addresses, IP addresses, and other information from those who visit the sites so that they can attempt to use it to extort them in the future.
  • Medical sites: Hospitals, doctor’s offices, and insurance companies are a popular target as they house huge amounts of personal data that the hackers could use.

Of course, there are many sites that are associated with the more popular attack targets which may also get hit. Whether your site is in a high-risk category or not, you need to take steps to protect it.

Just as importantly, if you’re using shared hosting, your site is impacted directly if any of the other sites on your same server are targeted. Even if you’re on a virtual private server (VPS) or dedicated server, your site may be impacted if a large enough attack is launched on any site run by the same hosting company. This is because even though a hosting company has the capacity for a large amount of traffic, DDoS attacks may still be able to overwhelm the entire connection.

With this in mind, it’s easy to see how every site on the internet today is at risk for these types of attacks. The fact that they’re easy to run by hackers and other bad actors mean sites are at even greater risk and need to be protected.

Make Sure Your Sites Are Protected Now

It will take you quite some time to stop an attack if you don’t have a DDoS strategy in place before the attack begins. This is large because once your site is under attack, it’s often difficult to make changes or updates to the systems since they’re being bogged down by the attack traffic. Most attacks on unprotected systems continue until the attacker stops the attack on their own.

So, it’s essential that you consider putting DDoS attack protection in place quickly. Choosing a web hosting company that offers this type of protection is usually sufficient for most sites.

But larger websites should pay for a third-party DDoS mitigation company that can handle the largest types of attacks. No matter what type of site you run, make sure that you are ready should an attack ever come your way.