The Learning Center
Home  »  Learn  »  General Topics  »  DDoS Protection

How DDoS Protection Works

How DDoS Protection Works
 Share the knowledge!

Today, more than ever, cyber attacks are a very real threat. This remains true for websites and online services of all sizes and traffic levels. One of the most common threats websites are seeing these days are known as DDoS attacks, which is why it's become increasingly important for every website owner to be aware of what these attacks are, how they work, and how they can be prevented.

What is a DDoS Attack?

Specifically, a DDoS attack refers to a "Distributed Denial of Service" that bombards a website's servers with large amounts of fake traffic or page requests. This overwhelms the website's servers and can cause them to shut down. One type of DDoS attack that has been in the news uses "bot nets", or internet-connected devices taken over by malicious groups. Due to the availability of such devices, the attacks are increasingly common.

DDoS attacks can be extremely problematic to website and server owners, especially those who rely on their site's uptime to generate income through eCommerce sales, ad revenue, or other means. Depending on the size of a DDoS attack, downtime can result for hours or even days following the infiltration. This can result in damage not only to revenue, but to reputation as well.

Where Do DDoS Attacks Come From?

Unfortunately, instances of DDoS attacks have been on the rise for years. In fact, between 2015 and 2016 alone, there was a reported 140% increase in DDoS attacks greater than 100 Gbps in size (that's a large attack). So, not only are DDoS attacks becoming more common, but the sizes of the attacks themselves are becoming larger as well. Part of the increased frequency of attacks may have to do with the fact that there are more websites and more devices connected to the Internet than ever before, so there are inherently more risks. It is reasonable to anticipate, then, that DDoS attacks will only continue to be on the rise (both in number and in size) as this trend of connectivity continues.

According to research, China is the single largest source of DDoS attacks across the globe, though they can come from just about any source.

Different Types of DDoS Attacks

There are dozens of different types of DDoS attack, but a few types make up the majority of attacks carried out across the globe.

Volumetric Attacks

Volumetric attacks (also known as flooding attacks) are by far the most common. These attacks focus on bombarding a website's server with huge numbers of traffic requests that it cannot keep up with. These attacks can range from 10 Gbps to 100 Gbps or more, and have the capability to take down even some of the biggest websites out there. Volumetric attacks can easily overwhelm a server and cause the entire website to crash, resulting in serious downtime that can take awhile from which to recover.

Zero-Day Attacks

Another relatively common type of DDoS attack is known as a zero-day attack; this type occurs when a hacker finds a flaw or zero-day vulnerability that has either not yet been caught by the host or has been caught, but has not yet been patched or otherwise fixed. These attacks, unfortunately, are among the most difficult to thwart due to the fact that preventing them relies on finding vulnerabilities that are typically not known until an attack occurs. It's a catch-22 of sorts.

Resource Depletion Attacks

Resource depletion attacks are sometimes a double-edged sword because while they may not cause your website's server to crash entirely, they will cause your site to slow down significantly, resulting in slow page load times and other frustrations for visitors. In this sense, resource depletion attacks can sometimes do more damage due to the fact that it can take awhile before a website owner realizes they are being hit with such an attack. Sometimes, these attacks are simply confused for server issues or other problems, allowing them to be overlooked. Meanwhile, site traffic may decrease or even come to a halt as visitors become frustrated by slow load times.

Signs That Your Site is Being Attacked

All website owners should be aware of some of the most common signs of an attack. Doing so will put you in a position to be able to respond as quickly as possible, thus potentially limiting the damage. These signs apply to sites of all sizes. All too often, owners of very small websites assume that their site will never experience a DDoS attack because they only occur to larger and extremely successful or popular websites. This couldn't be further from the truth; DDoS attackers do not have sympathy for smaller sites and generally do not distinguish between a large and small site. All websites are fair game.

It's also worth mentioning that smaller sites are often easier targets for these attackers—especially those who want to "practice" before attacking a larger site.

The most telling (and also often the first) sign of a DDoS attack will be unexplained site downtime. This can sometimes be confusing because a site experiencing a DDoS attack may still load on your computer (especially if you are the site owner) due to stored data, cache, and cookies. However, the site may not load for other visitors due to the server being taken down as a result of the attack. For this reason, it's important to listen to visitor feedback about your site and not to overlook complaints about pages not loading or the site failing to load altogether. Keep an open line of communication between yourself and your site visitors, and make sure your most loyal visitors know how to contact you. This is where social media pages can really come in handy, as your visitors obviously won't be able to contact you through your website forms during a DDoS attack!

In addition to watching out for site downtime, you should also make note of any suspiciously slow loading times. While it's true that these are often just issues with your server or Internet connection, significant or noticeable delays should be reported to your web host, as they can be a sign of an attack.

How DDoS Protection Works

The good news is that many hosting companies these days have begun to offer DDoS protection, which can help to guard websites from these types of attacks and therefore avoid downtime and other security issues. DDoS protection works by carefully filtering website traffic so that non-legitimate requests are not allowed through, while legitimate ones pass through without significant delays in page loading times. Some hosting companies will also offer reporting to website owners if a DDoS attack is attempted so that they have detailed records of when the attempted attack occurred, how large it was, and other important information.

Benefits of Having DDoS Protection

Having DDoS protection built into your hosting is a great way to reduce your site's risk of being affected by any kind of DDoS attack, whether it be a volumetric, resource depletion, zero-day attack, or any other type. Having this protection can also give you peace of mind and an added sense of security in an otherwise uncertain Internet. Having DDoS protection is also a great way to protect your site's reputation. Many site owners don't realize the long-term negative impact a DDoS attack can have on their site's reputation. Once an attack has occurred and once site visitors find out about it, they may be less likely to trust your site from that point on. This could result in hits to your traffic, which is especially problematic if you rely on ad revenue from your site visitors. It can also be a problem if you rely on your visitors inputting payment information or other sensitive information to your site (such as may be the case with an eCommerce site), so you want to avoid these attacks at all costs.

Finally, having DDoS protection allows you to filter out non-legitimate page requests without slowing things down for your legitimate site visitors in the process. This helps to avoid slowdowns that can occur otherwise as people try to access your site and become frustrated with slow load times. DDoS protection is designed to keep things running smoothly for your legitimate web traffic and to stop or filter out all other sources. The entire process should be seamless.

And of course, with DDoS protection, if attack attempts do occur, you'll be able to find out more about the attempts, which could help you better mitigate them in the future. Many hosting companies will provide detailed reports, alerts, and other valuable information on attempted attacks.

How Much DDoS Protection Do You Need?

DDoS attacks can range greatly in size, so knowing how much protection you need isn't always easy. In fact, an attack can range in size anywhere from a couple of Gbps to 100 or more Gbps. Generally, it is best to opt for more protection than you think you may need, as it's better to be safe than sorry. This is especially recommended if you have a larger website that receives high amounts of traffic to begin with. You may also want to make sure you opt for a protection plan that will not count any DDoS traffic towards your allotment of bandwidth. Otherwise, you could end up facing overage charges as a result of an attack.

Some hosting companies these days have even begun to offer free DDoS protection up to a certain size attack. However, you should always have the option to purchase additional protection for larger attacks as needed.

Overall, DDoS attacks pose a serious threat to websites of all sizes, which is why having DDoS protection as part of your dedicated hosting package is becoming more important than ever. Talk to your server host today to make sure you have the protection in place that you need. By doing so, you could avoid a major service disruption to your site and all the complications that come along with it.