We’ve all been there – that moment when your server’s traffic figures begin to spike. The steady rise in volume for what can feel like days with no sign of slowing down. Phone calls start coming in – customers having problems with your website. The server’s load time steadily inches towards capacity. Your monitoring system shows thousands of requests for connections to your server…
And then it happens. Your site goes down. These are the moments that webmasters, systems administrators and security managers all fear – the harsh realization that your site has been taken down by a DDoS attack.
So What Does a DDoS Attack Actually Mean for You?
A DDoS (distributed denial of service) attack is a series of attempts made to disrupt the availability of network resources by the users of that network. A very common example is the attempt to knock a server offline by overloading it with traffic. Servers do only operate within a certain capacity, and once those limits are reached, they begin experiencing problems. These attacks stem from conscious efforts to create these disruptions and they’ve become rather common – particularly in the gaming world. The initial “D” in DDoS stands for “distributed.” What this means is that the DoS attack is coming from several outlets rather than a single source.
How to Combat DDoS Attacks
While DDoS attacks are typically not even noticed until it’s too late to prevent damage, there are several methods for fighting against the attack. Here are a few of the more common methods of defense:
Overprovisioning describes the strategy of buying more bandwidth than a webmaster may actually need to handle unusual spikes in server activity. This, however, can become quite expensive.
Blackholing is the process of diverting harmful traffic to a “black hole” rather than allowing it to reach its intended destination – that which it is attacking. The problem with this method, though, is that any potentially harmful traffic you deflect still has to be driven somewhere.
For certain attacks, routers may be able to effectively filter out unwanted traffic using access control lists (ACLs). These routers, however, do not always work and can only be utilized against certain types of DDoS attacks.
One final method is to confront a DDoS attack at its root. DDoS attacks do not typically happen at random. These are conscious, malicious initiatives that someone is actively instigating. It is wise to investigate all attacks to find out not only where they’re coming from but also who is behind them. In the meantime, until the issue is resolved, you may have to take your server offline. Obviously no one wants to bite that bullet and take their own site down, but it may be the safest bet until you can resolve the issue that led to the attack in the fist place. At least with your site offline, other VPS containers on your server will no longer suffer from that resource drain created by the attack.
Early DDoS Detection
The best chance you have to get through a DDoS is to know that it’s coming. Carefully monitoring server logs and responding quickly to seemingly unusual (read: potentially threatening) behavior before it begins creating problems. As we mentioned above, DDoS attacks are not carried out at random. If someone has chosen to attack you, your best defense is to find out why and resolve the issue.