DDoS attack protection methods
Even people who are far from the technical side of the Internet are familiar with the concept of a DDoS attack. We face its results in our lives regularly: websites hang up, applications glitch and fail to load pages, online games shows connection error messages. How do these attacks happen? How much does a business lose due to these attacks? Is it possible to protect your project from bot attacks? How to protect a server from DDoS? We will try to answer these questions in this article.
What is a DDoS?
A Distributed Denial Of Service Attack (or DDoS attack) is an attack on Internet resources in order to disable them and make them unavailable to visitors. In a nutshell, it is sending a huge amount of requests to a certain web resource over the Internet. As a result, the server can not handle this amount of incoming data and hangs. Another possible result is that the communication channel of this server is so clogged that requests from real users stop coming in, and the cost of paying for it exceeds reasonable limits. In all cases, access to the resource becomes unavailable.
A significant fraction of attacks occurs according to the following algorithm:
- Collecting analytics about the target to identify possible vulnerabilities and select the best scenario of the attack.
- Creation of a special network of bots (botnet) from infected or vulnerable devices, from which the attack will be performed.
- Simultaneous requests from multiple bots.
- Analysis of the results: whether the targets have been reached, whether additional data collection about the architecture and vulnerabilities is needed.
Sometimes an attack is organized without deploying botnets. The attacking computer sends requests while spoofing its own IP address with IP of the victim. All this causes much higher response volume, which is received by the victim's server. DDoS attacks can also target a specific segment of a web service. "Smart" cyberattacks select individual resource-intensive segments and load them directly, leading to the failure of the entire web application.
There are many classifications of DDoS. The most common classification is based on the seven-layer Open Systems Interconnection (OSI) model of data network architecture:
- Network layer (L3): This kind of attacks targets network devices directly, such as routers, switches and switches. The attack uses the following protocols: IP OSPF, ICMP, IGMP, RIP, DVMRP PIM-SM, IPsec, IPX, DDP.
- Transport layer (L4): This is where hackers attack the servers themselves and some Internet services, such as gaming portals. The attack targets TCP and UDP protocols, and DP Lite, DCCP, SCTP, RUDP subprotocols.
- Application layer (L7): Here, attackers target imperfections in the programming code of web applications. The attack is performed via DNS, HTTP, HTTPS, etc.
How dangerous are DDoS attacks?
Modern companies are very dependent on information and communication technology. Almost every business can be called an IT project in a way. Digitalization has turned IT channels into critical points for data exchange with clients and partners, for internal communication and analytics. Failures of digital infrastructure, downtime of corporate portals lead to significant losses and damage to the reputation of entire corporations.
With the massive going online after the pandemic, not only banking, government, gaming, and e-commerce services can become a target for DDoS attacks. Small business websites, food deliveries, healthcare portals are also in danger now.
DDoS attacks have become a popular tool of hackers and malefactors: they are relatively easy to launch, inexpensive, and effective. The cost of organizing a single botnet attack starts from $50 per day. You can even find dedicated services on the darknet that provide DDoS services with ratings and cashback.
Possible losses of business owners is disproportionately higher than the costs of a DDoS attack itself. Even if you run a small sushi delivery shop, you can calculate that with an average check of $50 and 60 orders per day, you can lose $90 000 in revenue per month and at the same time you will receive significant damage to your business reputation. While for hackers, this attack will only cost about $1500.
Obviously, for large corporations, the cost of damage and risks are much higher. For example, the recent October disruption of Facebook, Instagram, and WhatsApp, when users reported problems with logging in, downloading, and accessing the platforms, cost Mark Zuckerberg $6.6 billion.
Protecting your website from DDoS: what can you do yourself?
We should mention that it is barely possible to create a full-fledged web protection by yourself. Attempting to fight back network raids on your own is complicated by the fact that a barrage of messages from bots can block communication channels even before your filtering system. There is not a single guaranteed free method of protecting your website from DDoS attack. Nevertheless, there is something you can still do:
- Capacity expansion. This is an expensive option, which is commonly used by large web resources to back up. Investments in bandwidth and computing resources allow more information to be processed at the same time.
- Router configuration. The traffic router can be configured to filter "garbage" traffic. The main disadvantage of this method is that it can be difficult to determine what traffic should be blocked and what should be allowed through. After all, requests from a botnet can come from different regions, have different content and even be masked to look like real people.
- Fine-tuning and regular software updates. Some DDoS attacks target specific vulnerabilities in the software code or operating system of the main server. Developers of good proprietary software products keep an eye out for new hacker techniques and fix problems in their next updates. The default OS and web server settings of Apache or Nginx often have significant limitations. This is especially true for the performance of servers running on Nginx and the Linux network stack. Also, if a third-party CMS (like WordPress, Joomla, Opencart) is used on a website, you should thoroughly read the optimization manual.
- Server status monitoring. It is strongly recommended to connect monitoring of key indicators: CPU load, percentage of RAM usage, number of visitors, and so on. So you will be able to detect unusual events on time and minimize possible losses.
DDoS protection services
If your bandwidth and computing resources are insufficient to repel attacks on your own, you can consider using DDoS protection solutions offered by hosting providers. What are the advantages of such IT solutions?
- Protection at all OSI layers. Self-protection methods are applicable if a cyberattack occurs at one particular layer. Specialized technologies comprehensively filter botnet traffic using several tools at once, which helps secure all layers L3-L7.
- You'll get only a "clear" traffic. The protection system of hosting providers processes the incoming traffic before it reaches your server. All operations on "clearing" Internet traffic do not reduce your performance.
- Scalability. Since you don't need to integrate protection into your own IT infrastructure, you don't have to rebuild the architecture and buy more equipment when expanding. You just need to choose a more suitable tariff.
- Technical support during accidents. Attackers constantly invent sophisticated ways and approaches, and if your server becomes a target for a bot invasion, you won't be left alone with the problem and you can count on professional help.
- Big capacities. Hosting companies that provide DDoS protection have a powerful dedicated internal infrastructure, designed specifically to clean up requests that can not be compared to the capabilities of a single project.
So what to do?
The impact of DDoS attacks on businesses is increasing proportionately with the degree of digitization of the economy and the growing "Internet addiction" of companies. For many projects, the failure of a website, even for one day, means huge losses. Attackers uses the newest technologies and discover new vulnerabilities. It looks like a real war between hackers and coders: who will outsmart whom. And to protect yourself in this war, it is better to seek for a professional IT-service.
Melbicom provides professional DDoS attack protection services. The distinctive feature of this service is charging regardless of the attack volume, 24-hour technical support, as well as combined (hardware/software) traffic verification mechanisms.