How They Work
It is usually the case that the computers sending requests in a DDoS attack do so without the knowledge of the computer's owner. DDoS attacks are usually carried out using a botnet.
What is a Botnet?
A botnet is a network of computers infected with a malicious Trojan horse. It allows the author of the malware to use the computer to send out specific internet transmissions.
A single botnet controller can cause thousands of computers to simultaneously and continuously attempt to access a specific website or online service.
The way the process works is this:
- Inadequate Security
- Mass Infection
- Botnet Controller
- Activation of the Botnet
- Instructions are Followed
Norse is a popular source to use for tracking worldwide DDoS activity. Screenshot via Norse.
A computer user accesses the internet without adequate security measures in place. This leaves a loophole for a hacker to infect the computer without trouble.
The vulnerable computer is infected by a Trojan horse. From this point on, the user will struggle to reverse the process without technical knowledge of cybersecurity.
The above step happens to more than one computer. Now multiple computers are infected by the Trojan horse, a malicious computer program.
The botnet controller gains control over parts of the infected machines. The botnet controller is usually the creator of the Trojan horse virus.
Activation of the Botnet
Once the infected computers are successfully acknowledged, the botnet controller activates the botnet itself. This is done remotely.
Instructions are Followed
Now that the botnet is active, all infected machines follow the instructions remotely rendered by the controller. The DDoS attack is carried out.
The Result of a DDoS Attack
The result is that the server hosting the website, the domain name server hosting the domain name, or the web server hosting the service is overwhelmed. They begin to reject requests.
When legitimate traffic tries to access the same resources, it can't. All server resources are busy handling bogus traffic, creating chaos.
How Common Are DDoS Attacks?
Unfortunately, DDoS attacks are quite common. While a small website is unlikely to be targeted in a DDoS attack, large, successful websites are targeted with alarming regularity.
Main Targets of Attack
In 2015, Verizon found that more than half of all financial institutions had been on the receiving end of this sort of coordinated attack. There are even cybercriminal organizations that specialize in initiating this sort of attack. Demanding a ransom payment to stop the attack is not uncommon.
A small website may not be targeted by a DDoS attack. Saying that, if the website is part of the same network as a larger website that is under attack, they can still see the effects of the attack. For this reason, webmasters who run relatively low-traffic sites can still benefit from picking a hosting provider that offers robust DDoS protection.
Looking for the right host for DDoS protection?
InMotion Hosting provides DDoS-protected VPS server plans. Unlike many hosts, they don't charge extra for this. Use this discount link to get special pricing on those plans.
Defending against a DDoS attack requires a few different steps:
- The attack has to be detected.
- Traffic has to be identified as either legitimate or part of the detected DDoS attack.
- Measures must be put in place to deny attack traffic while allowing legitimate traffic access to the requested server resources.
Techniques to Block or Detect Attacks
There are a variety of techniques hosts deploy to detect attacks, classify traffic, and deal with illegitimate requests. The simplest technique is to deploy a firewall. This blocks traffic originating from specific IP addresses or based on other traffic signatures.
However, this tactic is not usually powerful enough to block sophisticated attacks. In such cases more advanced blocking strategies are necessary.
|Firewall||Blocks traffic based upon simple rules|
|Traffic Filtering||Blocks malicious traffic based upon network packets|
|Intrusion prevention||Blocks traffic with illegitimate content|
|DoS Defense System||Blocks traffic based on protocol and rate-based attacks|
The more advanced techniques like intrusion-prevention systems (IPS) and DoS defense systems (DDS) are necessary for modern, intentional attacks.
Services such as Comodo offer a free firewall. Screenshot via Comodo.
Scanning Web Visitors
Some companies, like Cloudflare, specialize in mitigating DDoS attacks. One of their features involves attempting to scan web visitors.
Scans are carried out to see if they're human or if they're bots participating in a DDoS attack. You might occasionally see Cloudflare's challenge when you try to visit certain sites.
How Large Organizations Prepare
Larger web hosting companies can afford to throw more money and resources at the problem by hiring more employees familiar with security and building better networks.
It's better to have a plan in place for DDoS mitigation before an attack occurs. You should have an idea of what's normal traffic for your site versus what might be an attack. Did Stephen Colbert mentioned your site on his show? Then a spike in traffic is to be expected. If nothing like that happened, you might really be under attack.
New Techniques Against Evolved DDoS Attacks
As the level of sophistication of DDoS attacks rises, hosting providers are trying to outmaneuver them. Cloud providers are developing new techniques to combat DDoS attacks.
Many of them employ application layer analysis of traffic to distinguish human traffic from bots. A site having more human users than it can cope with at one time can still have the same effect.
Spotting Real Users
Application layer analysis involves using statistical methods to predict what legitimate users are likely to do on a site. Human shoppers at an online store will search for items, browse, and pay for them using the online form.
Bots might just refresh the homepage over and over. The goal is to block bots while keeping the site up for legitimate users.
Partial Solutions and Constant Challenges
Some more blunt tools include rate-limiting and "black-holing" or "sink-holing". This is to redirect traffic to a non-existent server. The problem with this is that actual users are affected by these attempts at mitigation.
Even with the increasing power of DDoS mitigation, hackers will always find ways around it. Similar to how nature always finds a way in Jurassic Park.
DDoS mitigation will be an arms race between hackers and site owners for the foreseeable future. Botnets are already trying to mimic human users as much as possible.
6 Things to Ask When Choosing a Host
You should choose your hosting provider carefully if you're concerned about DDoS attacks.
There are several things, in particular, you should ask about:
- Future Plans
- Security Updates
- Third Parties
- SLAs and Compensation
- Customer Feedback
You should ask about any plans they have in place to mitigate DDoS attacks. It is vital to know about their alertness and preparation.
An up to date protocol in terms of security is a priority for any hosting provider. Do they keep up with security updates on a regular basis? If it's their priority too, you're in good hands.
Having adequate firewalls prevents a degree of unauthorized access. Ensure your selected host is prepared and up to date with their firewalls.
Third parties such as Cloudflare can be brilliant. As a CDN company, they specialize in DDoS mitigation. With a capacity of 15 tbs, they can handle large DDoS attacks.
SLAs and Compensation
Is there an SLA? If your site goes down due to a DDoS attack, you might be eligible for compensation if the contract includes DDoS mitigation. It's important to have yourself covered.
Looking for high-performance DDoS protection?
Liquid Web performed extremely well in our speed tests. Right now our readers can get special pricing on their plans. Use this discount link to get a deal.
Try talking to existing customers. Have they had any issues with the host? If so, what has been done to resolve it? This is always a good way to gain insight into their first-hand experience.
Top 3 Hosts for DDoS Protection
While providers like to advertise their security, DDoS prevention is only a small part and thus not usually advertised as a make-or-break feature. What hosting provider wants to be known as the one that encourages DDoS attacks against its customers?
Some providers offer higher tiers of service to those who are big targets: major companies, government institutions, and public figures.
InMotion is one site that offers DDoS mitigation. They have a 24/7 technical staff that will do their best to resolve any security issues.
Liquid Web specializes in cloud hosting and VPS plans. They offer volumetric mitigation at 250 Mbps to two gigabytes per second. They also offer higher service tiers to clients who face more targeted attacks.
KnownHost is another VPS provider that our users rate highly. The company doesn't have any special DDoS mitigation tools apart from the mod_evasive cPanel plug-in, but they do have a 99.995% uptime guarantee. They also recommend third-party tools like Cloudflare.
What You Should Know
Focusing on having appropriate DDoS protection can eliminate hassles for you once your business is large enough to become a potential target. Hosts assist in lowering your chances of being attacked by:
- Filtering website traffic
- Safeguarded web servers with constantly updated security filters
- Fake IP traffic filtering.
Other features in Specialty
- Multiple Domain hosting
- Domain Name
- Streaming Audio/Video
- Green Hosting
- Unlimited Sites
DDoS Protection Frequently Asked Questions
- Can a free Cloudflare account help with DDoS?
The free Cloudflare plan includes the ability to activate "I'm Under Attack" mode. If your site is under DDoS attack, activating this mode will help block much of the illegitimate traffic while letting through real visitors.
- Can a DDoS attack cause lasting damage?
In most cases, the effects of a DDoS attack are temporary. However, a subset of DDoS attacks called Permanent DoS (PDoS) attacks involve attacking known firmware vulnerabilities and damaging it or replacing it with malicious software. The result is that the affected piece of hardware is rendered unusable until it is repaired or replaced.
- Should I pay a DDoS ransom?
If you ever find yourself facing a DDoS attack coupled with a ransom demand most internet security experts advise against paying the ransom. If you do pay it, you can expect a short-lived reprieve followed by a renewed attack and another demand of payment. The best thing to do when facing an attack is to find partners, such as your hosting provider, who can help you fend off the attack.
- How do cybercriminals get access to a botnet?
Believe it or not, you can actually rent access to a botnet. Some botnet controllers will gladly use their botnet to initiate attacks on behalf of paying customers. As a result, cybercriminals don't have to create a botnet to gain the use of one.