The Ultimate DDoS Manual
DDoS (or Distributed Denial of Service) attacks are attacks that are being done by cybercriminals more often and on a larger scale.
For the involved websites, those attacks will cause major damage. Not only reputational damage, but perhaps even worse, enormous financial damage.
But, what is a DDoS attack exactly? How can you recognize one? What are the symptoms and what can you do against it?
In this article, we will answer these questions comprehensively. After reading this article, you will be totally informed about everything regarding DDoS attacks.
A DDoS attack is an attack done by one or more cybercriminals who sends an enormous amount of traffic to a network or server at the same time. This is done by a so-called botnet, whose objective is to shut down the server or network. With the consequence that normal website visitors can’t reach the website.
The meaning of DDoS is Distributed Denial of Service. This already explains the meaning behind the attack, to shut down the server or service.
The network or service will be shut down because there will be sent many requests to the network or server at once. The network is not able to handle this much load (requests) at once so eventually it will shut down. The entire bandwidth, CPU and RAM will go to these fake requests and there will be no more resources left for the 'normal' visitor.
We can take a bakery as an example. On a busy day, there will be a maximum of 15 to 20 people in the bakery at the same time. This number of people just fit into the shop, but the baker can help them all.
Then, 100 people decide to go to the bakery at the same time. The baker did not expect this; customers are inside and even outside the shop waiting in line. Consequence: the bakery is not available for regular customers that have to wait a long time outside the shop.
As a website visitor it is possible to recognize a possible DDoS attack on an always-working website, because the website is not working properly without a clear reason.
It is hard for webshops managers (who are often a victim of DDoS attacks) and hosting specialists to predict DDoS attacks. However, when a DDoS happens, you can see some clear patterns.
Senior Network Specialist Gert-Jan de Boer quotes the following: “You can recognize a DDoS by the pattern of the network traffic. You can see many network plans with almost the same characteristics. These can be analyzed perfectly”.
What is the reason for DDoS attacks? There is not just one specific reason for this, there are 3 main reasons that can be categorized into 3 categories that will show why DDoS attacks happen.
- Attackers don’t agree with your personal/political preferences
A reason for a DDoS attack could be the case of a disagreement. Often, this is political-related and cybercriminals launch an attack.
A common reason for a DDoS attack is financial win. DDoS attackers launch enormous botnets to shut down big e-commerce websites.
When doing this with a shop that generates €10,000 a day, it will cost the webshop owner 50,000 euros for a downtime of 5 days (which is not unrealistic).
After shutting down your webshop, cybercriminals will offer you a lucrative offer to not push through the attack, in return for a certain amount of money.
Of course, this is a lot of money. However, it is often cheaper than losing 5 days of revenue.
- Trolling / fun
The third category are the cybercriminals who do DDoS attacks for fun. It gives them a kick when this is done in a good way and even more satisfaction when this is big news. Mainly, this group consists of young people who try to get prestige in the hacking world.
Gamers belong also under this category. Gamers can eliminate competitors by placing a targeted DDoS attack on the IP-address of their competitor. This will occur a lag (the game falters) and makes sure the competitor is not able to continue with the game normally.
In the past, many DDoS attacks were on the news. Especially the big DDoS attacks on governments or big banks. This is a direct motivation for ‘hobbyists’ who kick on the fact they reach the national news.
Some known examples are the DDoS attacks on DigiD, the UWV and Tax authority. In 2018, it created national commotion and a lot of experts argued for a national firewall.
Also banks have to deal with DDoS attacks. Dutch banks like ING, Rabobank and ABN Amro have all suffered from the consequences of a certain attack.
Websites were down, online banking was not possible, iDeal did not work. You can imagine, certain attacks have a huge impact on the economy. When many banks are down at the same time, payment traffic can't get through.
It is hard to prevent a DDoS attack when a hacker has its eye on you. However, you can take some measures that will help you to reduce the chance of a DDoS attack.
Below, you can read 7 measures you can take to protect your webshop from a DDoS attack:
- Make use of WAF (Web Application Firewall)
A WAF helps you to protect your website against malicious cybercriminals. A WAF is an online tool, which ensures the protection of your web application by filtering and checking the HTTP-traffic between the web application and the internet.
Turning on WAF for your website can be done for example via Cloudflare.
- Switch on Captcha
Switch on Captcha for your website. Captcha is a measure that ensures that bots can’t take action automatically on your website. Think about automatically completing forms or placing replies on your blog posts.
Captcha can be switched on by signing up at reCaptcha of Google.
- Whitelisting of IP-addresses for your backend
With whitelisting specific IP-addresses you can ensure only the permitted traffic will come through. This makes your website safe for DDoS attacks focused on your backend. IP-addresses that are not on the whitelist, will be blocked automatically.
- MySQL measures
Concerning MySQL, there are a couple of actions that can be taken to prevent DDoS attacks. It is really important that MySQL is up to date on your server, and will be updated and patched regularly.
Besides that, it is really recommended to turn off the MySQL port (the standard is port 3306) to block traffic from outside. Usually, your webshop runs on the same server as the MySQL server, so traffic from outside is not needed. You may want to connect an external program or external client to your database. The best way to do this is to connect it through a SSH-tunnel.
In the end, we recommend using strong passwords for users who connect with MySQL.
- Be aware of the signals of a DDoS attack
Actually, you are already doing this. With reading this article you get a lot more insights about what a DDoS attack is and what the signals are. Recognizing these signals in an early stage ensures you to take measures to stop the attack on time.
Signals of a DDoS are, for example, an extremely slow (or unstable) website or a slow network, and please note: a lot slower than normal.
- Ensure having up to date software
This is always important, but especially for preventing a DDoS attack. Ensure there are no leaks in your software code that can lead to easy openings for cybercriminals. Make sure to update your software frequently to reduce the risk.
- Invest in good hosting
A good, reliable hosting partner invests a lot in the security of its servers. Software is always up to date and state of the art hardware reduces the chance of a successful DDoS attack. Make good agreements with your hosters about which bandwidth you need and speak about the risks of DDoS attacks.
We are aware that we, as web hoster, have an important role in preventing DDoS attacks. A good security of your webshop on server level is for us the most important service we deliver.
Because DDoS attacks are happening more and more, we have invested majorly in our software and hardware.
State of the art infrastructure
At Hipex we only go for the best, our infrastructure is a big part of this. Our hardware complies with the highest quality requirements and is connected to a fast, stable and secure network.
We have a bad bot blocker. This measure ensures all the requests of ‘bad bots’ will be blocked immediately. The blocker filters the bad bots out and only lets the ‘good’ reliable traffic through.
Another standard measure that is not always common with other web hosters is closing ‘critical locations’ at for example, Magento 1 shops by default. In addition, we provide advice and help to shield the backend of your website.
So the botnets don't have access to critical folders where they shouldn’t be anyway.
Besides all the measures your hoster and you can take, it is important to be prepared.
Recognize a DDoS attack in time and estimate the risks. Don’t underestimate an attack and don’t think: “this will not happen to me”.
Of course, we would like to think along with you and offer professional advice. Do you have questions regarding DDoS attacks? Please contact us and start a conversation with our security specialists.