Radar has landed - discover the latest DDoS attack trends. Get ahead, stay protected.Get the report
Under attack?

Products

Solutions

Pricing

Resources

Partners

Why Gcore

Under attack?
Contact us
Contact us Sign up for free
  1. Home
  2. Developers
  3. Error 404 Not Found | How to Fix It

Error 404 Not Found | How to Fix It

  • By Gcore
  • September 27, 2023
  • 8 min read
Error 404 Not Found | How to Fix It

Table of contents

Try for free

Error 404 is an HTTP status code that signifies a server’s inability to retrieve requested web content due to various reasons, such as inaccurate URLs, broken links, or DNS issues. This article is a guide to understanding 404 errors: what they are, why they matter, and how to resolve and prevent them. You’ll learn about the architecture of 404 errors and the impact they have on websites, businesses, users, and customers. Most importantly, you’ll come away with proactive strategies for resolving 404 errors, both as an administrator and as a user.

What Is Error 404?

Error 404 occurs when users try to access a web page that doesn’t exist. The web page could be a nonexistent URL, deleted page, or broken link, among other causes. Users experience frustration when the expected web page doesn’t load and instead this error is shown, so website owners must proactively address this issue through continuous monitoring to avoid Error 404 occurrences, and by offering user-friendly solutions in the event of 404 errors.

The wording of the error message may differ slightly based on the browser in use and the nature of the missing resource. Common variations of the Error 404 include:

  • 404 not found
  • HTTP Error 404
  • HTTP 404
  • 404 Error
  • 404
  • Page not found
  • Error 404. The page you’re looking for can’t be found.
  • 404 File or Directory Not Found

Sometimes, web browsers display an HTML page that describes the error. This message informs the user about the encountered problem and may suggest potential solutions or alternative routes to access the intended web page.

Detailed Error 404 with instructions on how users and support staff can resolve the issue 

What Causes a 404 Error?

Error 404 may occur for a variety of reasons, including:

  • Nonexistent page: Attempting to access a page that doesn’t exist, perhaps because it has been deleted or relocated to a new URL
  • Inaccurate inbound links: Relatedly, outdated or incorrect inbound links can direct users to pages that don’t exist, whether because the page has been deleted, relocated, or simply due to a typo in the link
  • Incorrect URL: Inputting an incorrect URL, for example with a typo
  • Missing assets: The absence of critical web assets, such as files, CSS stylesheets, JavaScript files, or other fundamental components necessary for proper website functioning
  • Server malfunction: A malfunctioning server may be unable to process the request for a web page correctly
  • DNS settings: Incorrect DNS (Domain Name System) settings can lead to the inability to resolve the requested domain or URL
  • Domain propagation: When a domain is still in the process of propagating across the internet, it may result in temporary accessibility issues
  • Misconfiguration: Misconfiguration of server settings or website parameters
  • File permissions: Incorrect file permissions on the server can restrict access to certain files
  • Site operations: During website migration, routine maintenance, or when a server experiences technical problems, Error 404 may surface as a temporary inconvenience
  • Browser cache: In situations where a browser has cached a previous version of a page that resulted in an Error 404, subsequent attempts to access the page may yield the same error until the cache is cleared

What Is The Impact of Error 404? 

The impact of Error 404 on a website can be significant, affecting both user experience and the website’s overall performance:

User Frustration and Loss of Trust

Error 404 messages can frustrate website visitors and cause them to lose trust in the website and its content. Frustration is a natural response when the expected web page doesn’t appear. Users may perceive it as a sign of poor website maintenance or an unreliable organization, which can lead to a negative impression of the business or brand associated with the site. For example, users may not trust information from a site with 404 errors. Ultimately, visitors may abandon the website due to frustration or lack of trust, leading to potential losses in conversions and engagement.

SEO Impact

While typing an incorrect URL typically triggers an Error 404, it does not inherently affect SEO rankings. However, when these errors occur due to broken links or missing pages within a website, it can have a detrimental impact on SEO. Search engines prioritize websites with well-structured, accessible content. Unreachable or dead-end pages hinder effective website crawling, preventing search engines like Google or Bing from discovering and indexing all the website’s pages. This, in turn, can negatively affect the website’s SEO performance.

Reputational Damage

Accumulating a high number of Error 404 on a website can harm its reputation in the eyes of both users and search engines. It suggests a lack of attention to website maintenance and can diminish the site’s credibility with users and algorithms alike.

Bounce Rate

Search engines, such as Google, track user interactions with websites, including the time spent on a page. When users encounter an Error 404 and promptly leave the website or click the back button, it results in a high bounce rate. A high bounce rate can signal to search engines that the website does not provide the content or resources users are seeking. Consequently, search engines may lower the website’s ranking in Search Engine Results Pages (SERP,) making it less visible to potential users.

How to Identify Pages and Links With 404 Errors

Identifying and addressing 404 errors is essential for ensuring a positive online experience for users and optimizing your SERP ranking for SEO. Depending on the size of your website, you can employ different methods and tools to efficiently detect these errors.

Manual Checks for Small Websites

For smaller websites, website owners or administrators can manually check for 404 errors by navigating through all pages and links on the site. This involves clicking on each link and verifying that they are live and lead to the intended content. While this method is feasible for small websites, it becomes impractical for larger sites with hundreds or thousands of pages since a page may be missed out and it would require excessive human time and effort.

Automated Tools for Large Websites

Since manual checks are not feasible for extensive websites with numerous pages and files, administrators can instead utilize various automated tools to identify broken links and unreachable pages. Some popular options include:

  • Google Search Console: This free tool offers an in-built crawler that can detect broken links. After submitting your website to Google Search Console, it will periodically crawl your site and compile a list of pages with issues, including 404 errors. This valuable data helps you pinpoint and address these problems efficiently and effectively.
  • Bing Webmaster Tools: If your website is registered with Bing Webmaster Tools, you can use it to identify pages with 404 errors. Simply log in to your Bing account, navigate to the SEO section, and access the SEO reports. Any pages with 404 errors will be listed under the HTTP 400–499 errors category.
  • Dead link checker: This tool is specifically designed to identify broken links on your website and helps you to fix them efficiently.
  • W3C link checker: W3C’s tool tests and identifies broken pages within your website and also verifies outgoing links to other external websites, ensuring a comprehensive assessment of your site’s links.
  • Premium audit tools: Consider using comprehensive audit tools such as Ahrefs or Sitechecker. These tools offer advanced features for monitoring your website consistently, and can alert you immediately when 404 errors or other issues are detected.
Google Search Console results with the number and details of pages returning 404 not found errors

How To Fix 404 Errors

How you fix a 404 Page Not Found error depends on whether you are a website visitor or the website owner/administrator. Let’s look at both situations.

How Can Website Visitors Fix 404 Errors?

There are various steps website visitors can take to fix an Error 404 Not Found:

  • Reload the page: Sometimes, an Error 404 may occur due to a temporary issue with the page or a momentary connection problem. Simply try reloading the page by clicking the refresh button on your browser. This action can often resolve the issue if it’s transient.
  • Clear browser cache: Your browser may have cached a page that has since been deleted, moved, or updated. Clear your browser’s cache to ensure you are viewing the most current version of the webpage.
  • Check the URL: Ensure that you have entered the correct URL. Mistyped URLs are a common cause of 404 errors.
  • Use a search engine: If you suspect that the URL you have is incorrect or outdated, you can use a search engine to find the page. Enter the website’s name along with relevant keywords to search for the specific page you’re looking for.
Using Google to search for the correct URL for Gcore financial services. Hovering over a page shows its URL at the bottom 

For example, if you encounter a 404 error while trying to access the Cloud For Financial Services page on the Gcore website, you can search on Google using a query like gcore: cloud financial services to locate the correct URL. To search for pages on a specific website, use the site:websiteURL query format, such as site:gcore.com cloud financial services. 

  • Contact website administrator: If you are unable to resolve the issue through the above steps, consider reaching out to the website administrator. They can provide information on whether the page or file still exists, has been moved to a different location, or if there are any issues with accessing it. The website administrator can help you find the desired content.

These steps empower website visitors to troubleshoot and potentially resolve 404 errors, providing a smoother browsing experience.

How to Fix Error 404 as an Admin or Website Owner?

Fixing Error 404 as an admin or website owner involves taking a number of steps and implementing strategies to ensure a smooth user experience and maintain the integrity of your website. Here’s a comprehensive guide on how to address Error 404:

  1. Identify and document 404 errors. Use tools like Google Search Console, Broken Link Checker, or similar utilities mentioned above to identify all pages or assets on your website that are generating 404 errors. Keep a record of these errors for reference.
  2. Prioritize fixes. Focus on addressing errors that have the most significant impact on user experience, such as critical pages or frequently visited content. Some minor 404 errors may not require immediate attention.
  3. Confirm DNS configuration. Use online tools like DNSMap, DNS Checker, or whatsmydns.net to verify that your domain is correctly pointing to the appropriate hosting server. Ensure that DNS settings are correctly configured, especially after server migrations or DNS changes.
  4. Check file and folder permissions. Verify and, if needed, rectify file and folder permissions on your web server. Incorrect permissions can render files or folders inaccessible. Use your hosting control panel (e.g., cPanel) to adjust permissions, typically setting folders to 755 and files to 644 for public resources.
Changing file and folder permissions in cPanel – shows a highlighted folder with a value of 755
  1. Implement redirects for moved pages. If you have moved or renamed pages with new URLs, set up 301 redirects from the old URLs to the new ones. This ensures that users are redirected to the correct page instead of encountering a 404 error.
  2. Restore broken links or corrupt files. If you know which pages have broken links, fix them by updating to the correct URLs or setting up appropriate redirects. For missing or corrupt files, restore them from a backup.
  3. Address permalink issues. In content management systems like WordPress, errors can occur due to permalink or redirect issues. Update permalink settings in your CMS dashboard to resolve site-wide issues.
  4. Create a custom 404 page. Create a user-friendly custom 404 error page that provides valuable information to visitors encountering the error. This page should include:
  • A clear statement explaining the unavailability of the requested resource.
  • Guidance for users to check and correct possible errors in the URL.
  • Suggestions for verifying the URL’s correctness.
  • Top and bottom menus or links to other useful pages on your website.
  • A search bar to facilitate in-site searches.
Gcore 404 Page not found error page with a link to the home page and the top and bottom menus

For example, if you request an invalid page from the Gcore website by typing an incorrect URL, you are presented with a custom page informing you that the page cannot be found and presenting options to return to the homepage or explore other sections of the website. 

By following the steps and best practices outlined here, you can effectively address Error 404 issues, enhance the user experience, and maintain the functionality of your website. Regular monitoring and proactive error resolution are key to ensuring a seamless browsing experience for your visitors.

Conclusion

Every website or online application has the potential to return Error 404 when a requested page, file, or resource is unavailable. To provide a seamless user experience, monitor and fix issues that could result in Error 404. By customizing your website’s Error 404 page to make it more user-friendly, you can help visitors find the resource or relevant information even if Error 404 occurs.

Table of contents

Try for free

Related articles

Optimize your workload: a guide to selecting the best virtual machine configuration

Virtual machines (VMs) offer the flexibility, scalability, and cost-efficiency that businesses need to optimize workloads. However, choosing the wrong setup can lead to poor performance, wasted resources, and unnecessary costs.In this guide, we’ll walk you through the essential factors to consider when selecting the best virtual machine configuration for your specific workload needs.﹟1 Understand your workload requirementsThe first step in choosing the right virtual machine configuration is understanding the nature of your workload. Workloads can range from light, everyday tasks to resource-intensive applications. When making your decision, consider the following:Compute-intensive workloads: Applications like video rendering, scientific simulations, and data analysis require a higher number of CPU cores. Opt for VMs with multiple processors or CPUs for smoother performance.Memory-intensive workloads: Databases, big data analytics, and high-performance computing (HPC) jobs often need more RAM. Choose a VM configuration that provides sufficient memory to avoid memory bottlenecks.Storage-intensive workloads: If your workload relies heavily on storage, such as file servers or applications requiring frequent read/write operations, prioritize VM configurations that offer high-speed storage options, such as SSDs or NVMe.I/O-intensive workloads: Applications that require frequent network or disk I/O, such as cloud services and distributed applications, benefit from VMs with high-bandwidth and low-latency network interfaces.﹟2 Consider VM size and scalabilityOnce you understand your workload’s requirements, the next step is to choose the right VM size. VM sizes are typically categorized by the amount of CPU, memory, and storage they offer.Start with a baseline: Select a VM configuration that offers a balanced ratio of CPU, RAM, and storage based on your workload type.Scalability: Choose a VM size that allows you to easily scale up or down as your needs change. Many cloud providers offer auto-scaling capabilities that adjust your VM’s resources based on real-time demand, providing flexibility and cost savings.Overprovisioning vs. underprovisioning: Avoid overprovisioning (allocating excessive resources) unless your workload demands peak capacity at all times, as this can lead to unnecessary costs. Similarly, underprovisioning can affect performance, so finding the right balance is essential.﹟3 Evaluate CPU and memory considerationsThe central processing unit (CPU) and memory (RAM) are the heart of a virtual machine. The configuration of both plays a significant role in performance. Workloads that need high processing power, such as video encoding, machine learning, or simulations, will benefit from VMs with multiple CPU cores. However, be mindful of CPU architecture—look for VMs that offer the latest processors (e.g., Intel Xeon, AMD EPYC) for better performance per core.It’s also important that the VM has enough memory to avoid paging, which occurs when the system uses disk space as virtual memory, significantly slowing down performance. Consider a configuration with more RAM and support for faster memory types like DDR4 for memory-heavy applications.﹟4 Assess storage performance and capacityStorage performance and capacity can significantly impact the performance of your virtual machine, especially for applications requiring large data volumes. Key considerations include:Disk type: For faster read/write operations, opt for solid-state drives (SSDs) over traditional hard disk drives (HDDs). Some cloud providers also offer NVMe storage, which can provide even greater speed for highly demanding workloads.Disk size: Choose the right size based on the amount of data you need to store and process. Over-allocating storage space might seem like a safe bet, but it can also increase costs unnecessarily. You can always resize disks later, so avoid over-allocating them upfront.IOPS and throughput: Some workloads require high input/output operations per second (IOPS). If this is a priority for your workload (e.g., databases), make sure that your VM configuration includes high IOPS storage options.﹟5 Weigh up your network requirementsWhen working with cloud-based VMs, network performance is a critical consideration. High-speed and low-latency networking can make a difference for applications such as online gaming, video conferencing, and real-time analytics.Bandwidth: Check whether the VM configuration offers the necessary bandwidth for your workload. For applications that handle large data transfers, such as cloud backup or file servers, make sure that the network interface provides high throughput.Network latency: Low latency is crucial for applications where real-time performance is key (e.g., trading systems, gaming). Choose VMs with low-latency networking options to minimize delays and improve the user experience.Network isolation and security: Check if your VM configuration provides the necessary network isolation and security features, especially when handling sensitive data or operating in multi-tenant environments.﹟6 Factor in cost considerationsWhile it’s essential that your VM has the right configuration, cost is always an important factor to consider. Cloud providers typically charge based on the resources allocated, so optimizing for cost efficiency can significantly impact your budget.Consider whether a pay-as-you-go or reserved model (which offers discounted rates in exchange for a long-term commitment) fits your usage pattern. The reserved option can provide significant savings if your workload runs continuously. You can also use monitoring tools to track your VM’s performance and resource usage over time. This data will help you make informed decisions about scaling up or down so you’re not paying for unused resources.﹟7 Evaluate security featuresSecurity is a primary concern when selecting a VM configuration, especially for workloads handling sensitive data. Consider the following:Built-in security: Look for VMs that offer integrated security features such as DDoS protection, web application firewall (WAF), and encryption.Compliance: Check that the VM configuration meets industry standards and regulations, such as GDPR, ISO 27001, and PCI DSS.Network security: Evaluate the VM's network isolation capabilities and the availability of cloud firewalls to manage incoming and outgoing traffic.﹟8 Consider geographic locationThe geographic location of your VM can impact latency and compliance. Therefore, it’s a good idea to choose VM locations that are geographically close to your end users to minimize latency and improve performance. In addition, it’s essential to select VM locations that comply with local data sovereignty laws and regulations.﹟9 Assess backup and recovery optionsBackup and recovery are critical for maintaining data integrity and availability. Look for VMs that offer automated backup solutions so that data is regularly saved. You should also evaluate disaster recovery capabilities, including the ability to quickly restore data and applications in case of failure.﹟10 Test and iterateFinally, once you've chosen a VM configuration, testing its performance under real-world conditions is essential. Most cloud providers offer performance monitoring tools that allow you to assess how well your VM is meeting your workload requirements.If you notice any performance bottlenecks, be prepared to adjust the configuration. This could involve increasing CPU cores, adding more memory, or upgrading storage. Regular testing and fine-tuning means that your VM is always optimized.Choosing a virtual machine that suits your requirementsSelecting the best virtual machine configuration is a key step toward optimizing your workloads efficiently, cost-effectively, and without unnecessary performance bottlenecks. By understanding your workload’s needs, considering factors like CPU, memory, storage, and network performance, and continuously monitoring resource usage, you can make informed decisions that lead to better outcomes and savings.Whether you're running a small application or large-scale enterprise software, the right VM configuration can significantly improve performance and cost. Gcore offers a wide range of virtual machine options that can meet your unique requirements. Our virtual machines are designed to meet diverse workload requirements, providing dedicated vCPUs, high-speed storage, and low-latency networking across 30+ global regions. You can scale compute resources on demand, benefit from free egress traffic, and enjoy flexible pricing models by paying only for the resources in use, maximizing the value of your cloud investments.Contact us to discuss your VM needs

11 simple tips for securing your APIs

A vast 84% of organizations have experienced API security incidents in the past year. APIs (application programming interfaces) are the backbone of modern technology, allowing seamless interaction between diverse software platforms. However, this increased connectivity comes with a downside: a higher risk of security breaches, which can include injection attacks, credential stuffing, and L7 DDoS attacks, as well as the ever-growing threat of AI-based attacks.Fortunately, developers and IT teams can implement DIY API protection. Mitigating vulnerabilities involves using secure coding techniques, conducting thorough testing, and applying strong security protocols and frameworks. Alternatively, you can simply use a WAAP (web application and API protection) solution for specialized, one-click, robust API protection.This article explains 11 practical tips that can help protect your APIs from security threats and hacking attempts, with examples of commands and sample outputs to provide API security.#1 Implement authentication and authorizationUse robust authentication mechanisms to verify user identity and authorization strategies like OAuth 2.0 to manage access to resources. Using OAuth 2.0, you can set up a token-based authentication system where clients request access tokens using credentials. # Requesting an access token curl -X POST https://yourapi.com/oauth/token \ -d "grant_type=client_credentials" \ -d "client_id=your_client_id" \ -d "client_secret=your_client_secret" Sample output: { "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...", "token_type": "bearer", "expires_in": 3600 } #2 Secure communication with HTTPSEncrypting data in transit using HTTPS can help prevent eavesdropping and man-in-the-middle attacks. Enabling HTTPS may involve configuring your web server with SSL/TLS certificates, such as Let’s Encrypt with nginx. sudo certbot --nginx -d yourapi.com #3 Validate and sanitize inputValidating and sanitizing all user inputs protects against injection and other attacks. For a Node.js API, use express-validator middleware to validate incoming data. app.post('/api/user', [ body('email').isEmail(), body('password').isLength({ min: 5 }) ], (req, res) => { const errors = validationResult(req); if (!errors.isEmpty()) { return res.status(400).json({ errors: errors.array() }); } // Proceed with user registration }); #4 Use rate limitingLimit the number of requests a client can make within a specified time frame to prevent abuse. The express-rate-limit library implements rate limiting in Express.js. const rateLimit = require('express-rate-limit'); const apiLimiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 100 }); app.use('/api/', apiLimiter); #5 Undertake regular security auditsRegularly audit your API and its dependencies for vulnerabilities. Runnpm auditin your Node.js project to detect known vulnerabilities in your dependencies.  npm audit Sample output: found 0 vulnerabilities in 1050 scanned packages #6 Implement access controlsImplement configurations so that users can only access resources they are authorized to view or edit, typically through roles or permissions. The two more common systems are Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) for a more granular approach.You might also consider applying zero-trust security measures such as the principle of least privilege (PoLP), which gives users the minimal permissions necessary to perform their tasks. Multi-factor authentication (MFA) adds an extra layer of security beyond usernames and passwords.#7 Monitor and log activityMaintain comprehensive logs of API activity with a focus on both performance and security. By treating logging as a critical security measure—not just an operational tool—organizations can gain deeper visibility into potential threats, detect anomalies more effectively, and accelerate incident response.#8 Keep dependencies up-to-dateRegularly update all libraries, frameworks, and other dependencies to mitigate known vulnerabilities. For a Node.js project, updating all dependencies to their latest versions is vital. npm update #9 Secure API keysIf your API uses keys for access, we recommend that you make sure that they are securely stored and managed. Modern systems often utilize dynamic key generation techniques, leveraging algorithms to automatically produce unique and unpredictable keys. This approach enhances security by reducing the risk of brute-force attacks and improving efficiency.#10 Conduct penetration testingRegularly test your API with penetration testing to identify and fix security vulnerabilities. By simulating real-world attack scenarios, your organizations can systematically identify vulnerabilities within various API components. This proactive approach enables the timely mitigation of security risks, reducing the likelihood of discovering such issues through post-incident reports and enhancing overall cybersecurity resilience.#11 Simply implement WAAPIn addition to taking the above steps to secure your APIs, a WAAP (web application and API protection) solution can defend your system against known and unknown threats by consistently monitoring, detecting, and mitigating risks. With advanced algorithms and machine learning, WAAP safeguards your system from attacks like SQL injection, DDoS, and bot traffic, which can compromise the integrity of your APIs.Take your API protection to the next levelThese steps will help protect your APIs against common threats—but security is never one-and-done. Regular reviews and updates are essential to stay ahead of evolving vulnerabilities. To keep on top of the latest trends, we encourage you to read more of our top cybersecurity tips or download our ultimate guide to WAAP.Implementing specialized cybersecurity solutions such as WAAP, which combines web application firewall (WAF), bot management, Layer 7 DDoS protection, and API security, is the best way to protect your assets. Designed to tackle the complex challenges of API threats in the age of AI, Gcore WAAP is an advanced solution that keeps you ahead of security threats.Discover why WAAP is a non-negotiable with our free ebook

What are zero-day attacks? Risks, prevention tips, and new trends

Zero-day attack is a term for any attack that targets a vulnerability in software or hardware that has yet to be discovered by the vendor or developer. The term “zero-day” stems from the idea that the developer has had zero days to address or patch the vulnerability before it is exploited.In a zero-day attack, an attacker finds a vulnerability before a developer discovers and patches itThe danger of zero-day attacks lies in their unknownness. Because the vulnerabilities they target are undiscovered, traditional defense mechanisms or firewalls may not detect them as no specific patch exists, making attack success rates higher than for known attack types. This makes proactive and innovative security measures, like AI-enabled WAAP, crucial for organizations to stay secure.Why are zero-day attacks a threat to businesses?Zero-day attacks pose a unique challenge for businesses due to their unpredictable nature. Since these exploits take advantage of previously unknown vulnerabilities, organizations have no warning or time to deploy a patch before they are targeted. This makes zero-day attacks exceptionally difficult to detect and mitigate, leaving businesses vulnerable to potentially severe consequences. As a result, zero-day attacks can have devastating consequences for organizations of all sizes. They pose financial, reputational, and regulatory risks that can be difficult to recover from, including the following:Financial and operational damage: Ransomware attacks leveraging zero-day vulnerabilities can cripple operations and lead to significant financial losses due to data breach fines. According to recent studies, the average cost of a data breach in 2025 has surpassed $5 million, with zero-day exploits contributing significantly to these figures.Reputation and trust erosion: Beyond monetary losses, zero-day attacks erode customer trust. A single breach can damage an organization’s reputation, leading to customer churn and lost opportunities.Regulatory implications: With strict regulations like GDPR in the EU and similar frameworks emerging globally, organizations face hefty fines for data breaches. Zero-day vulnerabilities, though difficult to predict, do not exempt businesses from compliance obligations.The threat is made clear by recent successful examples of zero-day attacks. The Log4j vulnerability (Log4Shell), discovered in 2021, affected millions of applications worldwide and was widely exploited. In 2023, the MOVEit Transfer exploit was used to compromise data from numerous government and corporate systems. These incidents demonstrate how zero-day attacks can have far-reaching consequences across different industries.New trends in zero-day attacksAs cybercriminals become more sophisticated, zero-day attacks continue to evolve. New methods and technologies are making it easier for attackers to exploit vulnerabilities before they are discovered. The latest trends in zero-day attacks include AI-powered attacks, expanding attack surfaces, and sophisticated multi-vendor attacks.AI-powered attacksAttackers are increasingly leveraging artificial intelligence to identify and exploit vulnerabilities faster than ever before. AI tools can analyze vast amounts of code and detect potential weaknesses in a fraction of the time it would take a human. Moreover, AI can automate the creation of malware, making attacks more frequent and harder to counter.For example, AI-driven malware can adapt in real time to avoid detection, making it particularly effective in targeting enterprise networks and cloud-based applications. Hypothetically, an attacker could use an AI algorithm to scan for weaknesses in widely used SaaS applications, launching an exploit before a patch is even possible.Expanding attack surfacesThe digital transformation continues to expand the attack surface for zero-day exploits. APIs, IoT devices, and cloud-based services are increasingly targeted, as they often rely on interconnected systems with complex dependencies. A single unpatched vulnerability in an API could provide attackers with access to critical data or applications.Sophisticated multi-vector attacksCybercriminals are combining zero-day exploits with other tactics, such as phishing or social engineering, to create multi-vector attacks. This approach increases the likelihood of success and makes defense efforts more challenging.Prevent zero-day attacks with AI-powered WAAPWAAP solutions are becoming a cornerstone of modern cybersecurity, particularly in addressing zero-day vulnerabilities. Here’s how they help:Behavioral analytics: WAAP solutions use behavioral models to detect unusual traffic patterns, blocking potential exploits before they can cause damage.Automated patching: By shielding applications with virtual patches, WAAP can provide immediate protection against vulnerabilities while a permanent fix is developed.API security: With APIs increasingly targeted, WAAP’s ability to secure API endpoints is critical. It ensures that only authorized requests are processed, reducing the risk of exploitation.How WAAP stops AI-driven zero-day attacksAI is not just a tool for attackers—it is also a powerful ally for defenders. Machine learning algorithms can analyze user behavior and network activity to identify anomalies in real time. These systems can detect and block suspicious activities that might indicate an attempted zero-day exploit.Threat intelligence platforms powered by AI can also predict emerging vulnerabilities by analyzing trends and known exploits. This enables organizations to prepare for potential attacks before they occur.At Gcore, our WAAP solution combines these features to provide comprehensive protection. By leveraging cutting-edge AI and machine learning, Gcore WAAP detects and mitigates threats in real time, keeping web applications and APIs secure even from zero-day attacks.More prevention techniquesBeyond WAAP, layering protection techniques can further enhance your business’ ability to ward off zero-day attacks. Consider the following measures:Implement a robust patch management system so that known vulnerabilities are addressed promptly.Conduct regular security assessments and penetration testing to help identify potential weaknesses before attackers can exploit them.Educate employees about phishing and other social engineering tactics to decease the likelihood of successful attacks.Protect your business against zero-day attacks with GcoreZero-day attacks pose a significant threat to businesses, with financial, reputational, and regulatory consequences. The rise of AI-powered cyberattacks and expanding digital attack surfaces make these threats even more pressing. Organizations must adopt proactive security measures, including AI-driven defense mechanisms like WAAP, to protect their critical applications and data. By leveraging behavioral analytics, automated patching, and advanced threat intelligence, businesses can minimize their risk and stay ahead of attackers.Gcore’s AI-powered WAAP provides the robust protection your business needs to defend against zero-day attacks. With real-time threat detection, virtual patching, and API security, Gcore WAAP ensures that your web applications remain protected against even the most advanced cyber threats, including zero-day threats. Don’t wait until it’s too late—secure your business today with Gcore’s cutting-edge security solutions.Discover how WAAP can help stop zero-day attacks

What are virtual machines?

A virtual machine (VM), also called a virtual instance, is a software-based version of a physical computer. Instead of running directly on hardware, a VM operates inside a program that emulates a complete computer system, including a processor, memory, storage, and network connections. This allows multiple VMs to run on a single physical machine, each with its own operating system and applications, as if they were independent computers.VMS are useful because they provide flexibility, isolation, and scalability. Since each VM is self-contained, it can run different operating systems (like Windows, Linux, or macOS) on the same hardware without affecting other VMs or the host machine. This makes them ideal for testing software, running legacy applications, or efficiently using server resources in data centers. Because VMs exist as software, they can be easily copied, moved, or backed up, making them a powerful tool for both individuals and businesses.Read on to learn about types of VMs, their benefits, common use cases, and how to choose the right VM provider for your needs.How do VMs work?A virtual machine (VM) runs inside a program called a hypervisor, which acts as an intermediary between the VM and the actual computer hardware. Every time a VM needs to perform an action—such as running software, accessing storage, or using the processor—the hypervisor intercepts these requests and decides how to allocate resources like CPU power, memory, and disk space. You can think of a hypervisor as an operating system for VMs, managing multiple virtual machines on a single physical computer. Popular hypervisors like VirtualBox and VMware enable users to run multiple operating systems simultaneously while providing strong isolation.Modern hypervisors optimize performance by giving VMs direct access to certain hardware components when possible, reducing the need for constant intervention. However, some level of overhead remains because the hypervisor still needs to manage and coordinate resources efficiently. This means that while VMs can leverage most of the system’s hardware, they can’t use 100% of it, as some processing power is always reserved for managing virtualization itself. This small trade-off is often worth it, as hypervisors keep each VM isolated and secure, preventing one VM from interfering with another.VM layersFigure 1 illustrates the layers of a system virtual machine setup. The layer model can vary depending on the hypervisor. Some hypervisors include a built-in host operating system, while modern hardware offers native virtualization support. Many hypervisors can also manage multiple physical machines and VMs efficiently.VM snapshots are an essential feature in cloud computing, allowing users to quickly restore a virtual machine to a previous state.Figure 1: Layers of system virtual machinesHypervisors that emulate hardware architectures different from what the guest OS expects have a bigger overhead, as they can’t relay commands directly to the hardware without first translating them.VM snapshotsVM snapshots are an essential feature in cloud computing, allowing users to quickly restore a virtual machine to a previous state. The hypervisor can save the complete state of the VM and restore it at a later time to skip the boot process of the guest OS. The hypervisor can also move these snapshots between different physical machines, making the software running in the VM completely independent from the underlying hardware.What are the benefits of using VMs?Virtual machines offer benefits including resource efficiency, isolation, simplified operations, easy migration, faster deployment, cost savings, and security. Let’s look at these one by one.Multiple VMs can run on a single physical machine, making sharing resources between various guest operating systems easier. This is especially important when each guest OS needs to be isolated from the others, such as when they belong to different customers of a cloud service provider. Sharing resources through VMs makes running a server cheaper because you don’t have to buy or rent a whole physical machine, but only parts of it.Since VMs abstract the underlying hardware, they also improve resilience. If the physical machine fails, the hypervisor can perform a quick recovery by moving the snapshots to another machine without changing the guest OS installations to minimize downtime. This abstraction also allows operations teams to focus their deployment efforts on a standardized VM instead of considering different physical implementations.Migrations become easier with snapshots as you can simply move them to a faster machine without modifying the software running inside the VM.Faster deployments are possible because starting a VM is just a software execution instead of setting up a physical server in a data center. While you had to buy a server or rent it for months, with fast deployments, you can now rent a machine for hours, minutes, or even seconds, which allows for quite some savings.Modern CPUs have built-in virtualization features that enable easy resource sharing and enforce the isolation at the hardware layer. This prevents the services of one VM from accessing the resources of the others, improving security compared to running multiple apps inside one OS.Common use cases for VMsVMs have a range of use cases. Let’s look at the most popular ones.Cloud computingThe most popular use case is cloud computing, where VMs allow the secure sharing of the cloud provider’s resources, enabling their customers to rent only the resources they need for the period their workload will run.Software development and testingSoftware development often requires specific tools and libraries that aren’t available on a production machine, so having a development VM with all these tools preinstalled can be helpful. An example is cloud IDEs, which look and feel like regular IDEs but run on a cloud VM. A developer can have one for each project with the required dev tools installed.VMs also allow a developer to set up a machine for software testing that looks exactly like the production environment. Here, the opposite of the development VM is required; it should not have any development tools installed because they would also be missing from production.Cross-platform developmentA special case of the software development use case is cross-platform development. When you implement an app for Android or iOS, for example, you usually don’t do this on a mobile device but on your computer. With VMs, developers can simulate different hardware environments, enabling cross-platform testing without requiring physical devices.Legacy system supportIf the hardware your application requires is no longer in production, a VM might be the only way to keep running your software without reimplementing it. This is similar to the cross-platform development use case, as the VM emulates different hardware, but the difference is that the hardware no longer exists.How to choose the right VM providerTo find the right provider for your workload, the most important factor to assess is your own workload requirements. Ask the following questions and compare the answers to what providers offer.Is your workload compute or I/O-bound?Many workloads, like web servers, are I/O-bound. They don’t make complex calculations but rather simply load data and send it over the network. If you need a VM for an I/O-bound workload, you care more about disk and memory size, as well as network speed.However, compute-heavy workloads, such as AI inference or Kubernetes clusters, require careful resource allocation. If you’re evaluating whether to run Kubernetes on bare metal or VMs, check out our white paper on Bare Metal vs. VM-based Kubernetes Clusters for an in-depth comparison.If your workload is compute-bound instead, you need a high-performance CPU or a GPU and loads of memory. An AI inference engine, for example, only sends a bit of text to a client, but it does many calculations to generate this text.How long will your workload run?Web servers usually run indefinitely, but some workloads only run a few hours or minutes. If you’re doing AI training, you don’t want to pay for your huge VM cluster 24/7 if it only runs a few hours or days a week. In such cases, looking for a provider that allows renting your desired VM type hourly on a pay-as-you-go model might be worthwhile.Certain cloud providers offer cost-effective spot instances, which provide lower prices for non-critical workloads that can tolerate interruptions. These cheap VMs can get shut down at any time with minimal notice, but if your calculations aren’t time-critical, you might save quite a bit of money here.How does your workload scale?Scaling in the cloud is usually done horizontally. That is, by adding more VMs and distributing the work between them. Workloads can have different requirements for when and how fast they must be added and removed.In the AI training example, you might know in advance that one training takes more resources than the other, so you can provision enough VMs when starting. However, a web server workload might change its requirements constantly. Hence, you need a load balancer that automatically scales the instances up and down depending on the number of clients that want to access your service.Do you handle sensitive data?You might have to comply with specific laws and regulations depending on your jurisdiction(s) and industry. This means you must check whether the cloud provider also complies. How secure are their data centers? Where are they located? Do they support encryption in transit, at rest, and in process?What are your reliability requirements?Reliability is a question of costs and, again, of compliance. You might get into financial or regulatory troubles if your workload can’t run. Cloud providers often boast about their guaranteed uptimes, but remember that 99% uptime a year still means over three days of potential downtime. Check your needs and then seek a provider that can meet them reliably.Do you need customer support?If your organization doesn’t have the know-how for operating VMs in the cloud, you might need technical support from the provider. Most cloud providers are self-service, offering you a GUI and an API to manage resources. If your business lacks the resources to operate VMs, seek out a provider that can manage VMs on your behalf.SummaryVMs are a core technology for cloud computing and software development alike. They enable efficient resource sharing, improve security with hardware-enforced guest isolation, and simplify migration and disaster recovery. Choosing the right VM provider starts with understanding your workload requirements, from resource allocation to security and scalability.Maximize cloud efficiency with Gcore Virtual Machines—engineered for high performance, seamless scalability, and enterprise-grade security at competitive pricing. Whether you need to run workloads at scale or deploy applications in seconds, our VMs provide enterprise-grade security, built-in resilience, and optimized resource allocation, all powered by cutting-edge infrastructure. With global reach, fast provisioning, egress traffic included, and pay-as-you-go pricing, you get the scalability and reliability your business needs without overspending. Start your journey with Gcore VMs today and experience cloud computing that’s built for speed, security, and savings.Discover Gcore VMs

Why do bad actors carry out Minecraft DDoS attacks?

One of the most played video games in the world, Minecraft, relies on servers that are frequently a target of distributed denial-of-service (DDoS) attacks. But why would malicious actors target Minecraft servers? In this article, we’ll look at why these servers are so prone to DDoS attacks and uncover the impact such attacks have on the gaming community and broader cybersecurity landscape. For a comprehensive analysis and expert tips, read our ultimate guide to preventing DDoS attacks on Minecraft servers.Disruption for financial gainFinancial exploitation is a typical motivator for DDoS attacks in Minecraft. Cybercriminals frequently demand ransom to stop their attacks. Server owners, especially those with lucrative private or public servers, may feel pressured to pay to restore normalcy. In some cases, bad actors intentionally disrupt competitors to draw players to their own servers, leveraging downtime for monetary advantage.Services that offer DDoS attacks for hire make these attacks more accessible and widespread. These malicious services target Minecraft servers because the game is so popular, making it an attractive and easy option for attackers.Player and server rivalriesRivalries within the Minecraft ecosystem often escalate to DDoS attacks, driven by competition among players, servers, hosts, and businesses. Players may target opponents during tournaments to disrupt their gaming experience, hoping to secure prize money for themselves. Similarly, players on one server may initiate attacks to draw members to their server and harm the reputation of other servers. Beyond individual players, server hosts also engage in DDoS attacks to disrupt and induce outages for their rivals, subsequently attempting to poach their customers. On a bigger scale, local pirate servers may target gaming service providers entering new markets to harm their brand and hold onto market share. These rivalries highlight the competitive and occasionally antagonistic character of the Minecraft community, where the stakes frequently surpass in-game achievements.Personal vendettas and retaliationPersonal conflicts can occasionally be the source of DDoS attacks in Minecraft. In these situations, servers are targeted in retribution by individual gamers or disgruntled former employees. These attacks are frequently the result of complaints about unsolved conflicts, bans, or disagreements over in-game behavior. Retaliation-driven DDoS events can cause significant disruption, although lower in scope than attacks with financial motivations.Displaying technical masterySome attackers carry out DDoS attacks to showcase their abilities. Minecraft is a perfect testing ground because of its large player base and community-driven server infrastructure. Successful strikes that demonstrate their skills enhance reputations within some underground communities. Instead of being a means to an end, the act itself becomes a badge of honor for those involved.HacktivismHacktivists—people who employ hacking as a form of protest—occasionally target Minecraft servers to further their political or social goals. These attacks are meant to raise awareness of a subject rather than be driven by personal grievances or material gain. To promote their message, they might, for instance, assault servers that are thought to support unfair policies or practices. This would be an example of digital activism. Even though they are less frequent, these instances highlight the various reasons why DDoS attacks occur.Data theftMinecraft servers often hold significant user data, including email addresses, usernames, and sometimes even payment information. Malicious actors sometimes launch DDoS attacks as a smokescreen to divert server administrators’ attention from their attempts to breach the server and steal confidential information. This dual-purpose approach disrupts gameplay and poses significant risks to user privacy and security, making data theft one of the more insidious motives behind such attacks.Securing the Minecraft ecosystemDDoS attacks against Minecraft are motivated by various factors, including personal grudges, data theft, and financial gain. Every attack reveals wider cybersecurity threats, interferes with gameplay, and damages community trust. Understanding these motivations can help server owners take informed steps to secure their servers, but often, investing in reliable DDoS protection is the simplest and most effective way to guarantee that Minecraft remains a safe and enjoyable experience for players worldwide. By addressing the root causes and improving server resilience, stakeholders can mitigate the impact of such attacks and protect the integrity of the game.Gcore offers robust, multi-layered security solutions designed to shield gaming communities from the ever-growing threat of DDoS attacks. Founded by gamers for gamers, Gcore understands the industry’s unique challenges. Our tools enable smooth gameplay and peace of mind for both server owners and players.Want an in-depth look at how to secure your Minecraft servers?Download our ultimate guide

How to deploy DeepSeek 70B with Ollama and a Web UI on Gcore Everywhere Inference

Large language models (LLMs) like DeepSeek 70B are revolutionizing industries by enabling more advanced and dynamic conversational AI solutions. Whether you’re looking to build intelligent customer support systems, enhance content generation, or create data-driven applications, deploying and interacting with LLMs has never been more accessible.In this tutorial, we’ll show you exactly how to set up DeepSeek 70B using Ollama and a Web UI on Gcore Everywhere Inference. By the end, you’ll have a fully functional environment where you can easily interact with your custom LLM via a user-friendly interface. This process involves three simple steps: deploying Ollama, deploying the web UI, and configuring the web UI and connecting to Ollama.Let’s get started!Step 1: Deploy OllamaLog in to Gcore Everywhere Inference and select Deploy Custom Model.In the model image field, enter ollama/ollama.Set the Port to 11434.Under Pod Configuration, configure the following:Select GPU-Optimized.Choose a GPU type, such as 1×A100 or 1×H100.Choose a region (e.g., Luxembourg-3).Set an autoscaling policy or use the default settings.Name your deployment (e.g., ollama).Click Deploy model on the right side of the screen.Once deployed, you’ll have an Ollama endpoint ready to serve your model.Step 2: Deploy the Web UI for OllamaGo back to the Gcore Everywhere Inference console and select Deploy Custom Model again.In the Model Image field, enter ghcr.io/open-webui/open-webui:main.Set the Port to 8080.Under Pod Configuration, set:CPU-Optimized.Choose 4 vCPU / 16 GiB RAM.Select the same region as before (e.g., Luxembourg-3).Configure an autoscaling policy or use the default settings.Name your deployment (e.g., webui).Click Deploy model on the right side of the screen.Once deployed, navigate to the Web UI endpoint from the Gcore Customer Portal.Step 3: Configure the Web UIFrom the Web UI endpoint and set up a username and password when prompted.Log in and navigate to the admin panel.Go to Settings → Connections → Disable the OpenAI API integration.In the Ollama API field, enter the endpoint for your Ollama deployment. You can find this in the Gcore Customer Portal. It will look similar to this: https://<your-ollama-deployment>.ai.gcore.dev/.Click Save to confirm your changes.Step 4: Pull and Use DeepSeek 70BOpen the chat section in the Web UI.In the Select a model field, type deepseek-r1:70b.Click Pull to download the model.Wait for the download to complete.Once downloaded, select the model and start chatting!Your AI environment is ready to exploreBy following these steps, you’ve successfully deployed DeepSeek 70B on Gcore Everywhere Inference with Ollama. This setup provides a powerful and user-friendly environment for experimenting with LLMs, prototyping AI-driven features, or integrating advanced conversational AI into your applications.Ready to unlock the full potential of AI? Gcore Everywhere Inference offers outstanding scalability, performance, and support, making it the perfect solution for developers and businesses working with advanced AI models. Dive deeper into our powerful tools and resources by exploring our AI blog and docs.Discover Gcore Everywhere Inference

Subscribe to our newsletter

Get the latest industry trends, exclusive insights, and Gcore updates delivered straight to your inbox.

Subscribe