AI & Machine Learning
Edge Network
Infrastructure as a Service
Platform as a Service
Virtual & Dedicated Servers
Video Streaming Platform
Security
Cloud for Mobile
Custom Services
By Industry
By Service
Referral Program
Bug Bounty Policy
Compliance
Awards and Recognition
Careers
Internet Peering Points
Events
Infrastructure
DDoS attacks are happening more often. The number of “smart attacks” is also increasing, and their duration and capacity are growing. Protecting your online resources is becoming increasingly harder.
In this article, we’ll provide tips on how to effectively protect against increasingly complex DDoS attacks.
What are DDoS attacks?
DDoS attacks are any actions by cybercriminals aimed at making your services inaccessible to clients. There are different ways to do this. The most common is to send a huge number of requests to the server so that it stops coping with them, causing it to work very slowly or crash altogether. But there are other methods as well.
Attackers can attack a single site, application, or entire server.
There are many types of DDoS attacks. They can target different OSI layers and use different techniques.
During a DDoS attack, criminals find vulnerabilities and can, for example, launch a virus on a website and steal your data or the data of your customers.
How do DDoS attacks harm businesses?
The primary harm of a DDoS attack is that your service becomes unavailable for a while. Customers can’t access a website or application and therefore can’t use your services. As a result, they become less loyal to your business.
Worst of all, attackers often attack at critical moments. For example, you’ve launched a promotion on your online store and you expect it to result in a substantial sales growth. But instead of “clean” traffic, a huge number of requests from bots is sent to the server, and real people can’t access the website and make a purchase.
Aside from this, there are other negative aspects:
- If bot requests account for a certain percentage of traffic to your website, it’s difficult to estimate the amount of real traffic. This means you won’t be able to know how appealing and user-friendly your website or application is for real customers, and how often they visit.
- Bot requests increase the bounce rate. This worsens the position of your website in the search engine results.
- If you use paid traffic to attract customers, some of this traffic may not be “real”, causing you to waste part of your budget.
GitHub attack
In early March 2018, the most powerful DDoS attack in history hit GitHub, setting a new record of 1.35 Tbps, or 126.9 million packets per second. Attackers had learned to use Memcached DDoS servers for amplification, which can amplify the attack by more than 50,000 times.
EVE Online attack
In February 2020, a powerful DDoS attack that lasted more than a week completely paralyzed gameplay: chats, ship control, and market transactions were impossible.
Takeaway.com attack
In March 2020, there was a major DDoS attack on the Takeaway.com food delivery network. Restaurants could receive orders, but couldn’t process them.
The attackers demanded 2 bitcoins from the company as payment to stop the DDoS attack. On the same day, the CEO tweeted a screenshot of their message.
Takeaway chose not to pay the ransom, but the DDoS attack itself caused serious damage. They had to provide refunds to all users whose orders were paid but not delivered.
Why do criminals carry out DDoS attacks?
The reasons vary.
Extortion
We’ve already given an example above. Events often proceed in two possible ways:
- You’re warned in advance. The attackers promise to attack your websites if you don’t pay them a certain amount by a specified date.
- You are first attacked, and then a message comes with a request demanding payment to stop the DDoS attack.
If a ransom is demanded from you, you should never pay anything! Criminals will think you give in easily, and they will do it again and again.
Unscrupulous competition
You are actively growing, eventually overtaking your competitors, and one of them envies you. Or maybe you are going to enter new markets, and the companies already there don’t want extra competition.
In any market, there are those who don’t like to play fair. With the help of a DDoS attack, they can try to ruin your business and force you to abandon your plans.
What should you do in this case? Again, don’t give in to the attackers. If your competitors fear you and try to stop you, it means you are moving in the right direction.
In addition to intentional attacks, there are also unintentional ones:
- You are collateral damage. This can happen if your hosting is located on a virtual server. Another website may have been the target of the criminals, but since a DDoS attack affects the entire server, everyone else suffers too.
- It wasn’t an attack at all. You simply didn’t anticipate natural surges in traffic, such as due to sales, and the system couldn’t cope with the influx.
How do you know if your resource has been attacked?
DDoS attacks are usually unexpected. You didn’t offer any promotions or sales. You did nothing to attract customers. And yet for no reason, a huge number of requests are sent to the server. A normal surge in traffic, as opposed to an attack, is usually predictable.
You can check if this is a DDoS attack by analyzing the logs. These are files that are stored on the server’s hard drive. They record information about visitors, transmitted data, and error messages.
Access to the logs is usually granted by the hosting provider via the control panel.
If your resource is under attack, you’ll probably see that a lot of identical requests and packets are coming from the same IP addresses.
How to protect yourself against DDoS attacks on your own?
Let’s be clear: you won’t be able to set up full-fledged protection on your own. There’s no free technique that is guaranteed to protect your website or application. New DDoS attacks appear all the time, and the existing ones get better every day.
But you can still do something.
Prepare for the load
During the New Year’s sale, your website was “crashed” at the most crucial moment. Was it really a DDoS attack?
If you have a competent infrastructure, a balanced load distribution is provided, and possible traffic surges are taken into account, then DDoS attacks won’t be such a threat to you. Invest in infrastructure. It’s better to make one good investment than to scrimp and then suffer losses many times.
If you have no resources to build your own infrastructure, consider purchasing a third-party IT solution. One option is to sign up for a CDN—a content delivery network.
The Gcore CDN delivers any heavy content around the world. It’s a fast and secure network with over 70 points of presence on all continents, as well as a spot in the Guinness World Records.
You are under attack right now. What do you do?
If you’re being attacked, and you haven’t set up any protection for your website, there are several actions that you can take.
1. Ban the IP addresses from which the attack is carried out. They can be found in the logs.
To avoid manually blocking each request, you can use grep. It’s a tool that allows you to find certain elements in a file and perform simple actions with them—for example, block.
You will be very lucky if the attack on your website is short. In this case, you can figure out right away where the “junk” traffic originated, allowing you to block it.
But such luck is rare. A DDoS attack can last for several days and stem from thousands of different IP addresses. It’s not possible to block them all, even using grep.
Besides, stopping smart attacks by blocking IP addresses isn’t a very effective tactic. If the perpetrators use dynamic IP addresses, then no block can save you.
2. Block requests by geolocation. This method works only if you see that a lot of requests to your website come from a specific area of the world. For example, your users live in Eastern Europe, but suddenly a huge amount of traffic comes from Africa.
But once again, this is rare. Most DDoS attacks these days are “smart”, and attackers most likely won’t make such a mistake.
3. Block the “heavy” section of your website. The attack may be aimed not at the entire website, but at the most vulnerable part of it, such as the search feature. If it’s not the most important element of your website, you can simply disable access to it for all users. Customers may not be able to use search, but everything else will function normally.
The drawback to this method is that it’s useless for most attacks.
Why are these methods often ineffective?
These methods can help stop some simple types of DDoS attacks. Besides, all of them are designed to repel attacks on servers and will in no way rid you of bots on the website, which can also cause big problems.
For instance, if you have a limited number of products, an attacker can launch bots that will add all the products to their carts, preventing real users from buying anything.
On top of that, even if you manage to repel the attack, you’ll have spent time solving the problem. That means your services will be unavailable for some time.
In order to avoid frantically taking emergency measures, it’s better to buy hosting with built-in protection against DDoS attacks from the very beginning or to enable paid protection against DDoS attacks for your server.
Benefits of using a specialized service to protect against DDoS attacks
1. Protection at all layers. A DDoS attack can occur at the network (L3), transport (L4), or application (L7) layers. The methods listed above will help in the event of a DDoS attack at one layer. But attacks are different. And it is extremely difficult to protect all layers on your own.
Professional protection is a well-designed filtering platform that all traffic passes through and that blocks suspicious requests. “Junk” data packets will be stopped on the way to the resource.
2. Load balancing. A good security system usually provides for an even distribution of traffic between nodes. This makes it harder for criminals to “crash” your website. Additionally, it will also speed up the loading of the website and help with natural traffic surges.
3. Protection of web application vulnerabilities. Any website or app has weak spots, and attackers don’t hesitate to exploit them. They detect vulnerabilities and exploit them to gain access to confidential user data.
Web Application Firewall is a firewall that hides application vulnerabilities and blocks suspicious traffic.
When choosing a firewall, it’s important to pay attention to how it works. It is a good idea to choose a “smart” WAF with self-learning algorithms. Such screens are able to analyze the contents of packets and avoid blocking real customers along with bots.
4. Refund guarantee. If you are securing your website with whatever tools are available, there is no guarantee that these tools will help. And even if your own protection has more or less coped for now, tomorrow hackers may invent a new type of DDoS attack and your methods will be useless.
On the other hand, if you purchase professional protection, good companies always provide a refund guarantee for their services. If the protection doesn’t work, you can get your money back.
At the same time, professional systems are constantly evolving and taking into account the emergence of new DDoS attacks.
How does Gcore protect customers against DDoS attacks?
We offer protection for websites and applications from bots and secure hosting on our servers. We can also enable server protection for your own infrastructure.
The protection solution is based on our own traffic filtering centers in Europe. The total filtering bandwidth is more than 1.5 Tbps.
How does it work?
- The filtration centers make all traffic go through them. The centers analyze the traffic along the way.
- Not only are packets checked, but also the behavioral factors of the person who sent the request. For example, the system analyzes how much time the user spent on the website, as well as the intervals between requests and sub-requests.
- This data is compared with the parameters to determine whether the request is legitimate or not. Simply put, the system calculates whether a real person or a bot visited your website.
- If the request seems suspicious, it’s blocked.
The system blocks any bot traffic, including parsing and brute-force.
It blocks sessions, not IP addresses. Self-learning algorithms are built into the platform. It remembers “trustworthy” customers and doesn’t verify subsequent requests from them. The false positive rate is less than 0.01%.
The advantages of our Protection
- We block DDoS attacks from the first request.
- We ensure load balancing.
- You pay only for legitimate traffic. We don’t charge for 5% of surges, which means you won’t have to pay for natural surges, such as during promotions.
- We provide reports.
- We guarantee the availability of your websites by 99.5%. We’ll refund the money if the protection doesn’t work.
- To enable protection, you just need to set up a DNS record.
In addition to protection, you can buy a smart firewall for your web application.
Protect your resources with a comprehensive solution and forget about DDoS attacks.