General Information About DDoS
DDoS is a distributed attack type "denial of service". In this attack, the server receives many false requests. As a result, the server is overloaded and cannot serve real users.
DDoS is carried out from various remote hosts (computers and other devices connected to the network). Users of such device are usually unaware of the fact that they are participating in an attack on another computer. Attackers infect many devices in advance with malware, turning them into a "zombie computer." Such device does not immediately attack servers. The attacker sends a command at a specific time indicating which server should be attacked.
Recently, the number of devices that have access to the Internet has increased. At the same time, there are many vulnerabilities in the protection of such devices, which is associated with their low price. These can be smart TVs, kettles, microwave ovens, children's toys and other devices.
A DDoS attack creates problems for all users of the virtual server targeted by the attackers. The Internet channel is clogged with traffic that comes from such zombie computers.
Reasons for DDoS Attacks
- Unfair competition. Competitive companies are often the customers of attacks. If an organization's site is down for just a few hours, it can lead to significant losses and loss of customers. Longer server downtime can be disastrous.
- Personal motives. They can also organize or order an attack for personal reasons. Quite often, employees take revenge on their former employers.
- Extortion. Attackers can organize an attack and then extort money from the resource owner to stop it.
- Accidental hacking. Some cybercriminals randomly attack websites. They can do this for the purpose of "training" or for fun.
Types of DDoS Attacks
- HTTP flood - http requests are sent to the domain. The requests are most often heterogeneous and create the maximum possible load on the server (php scripts, dynamic elements).
- UDP flood - UDP packets are sent to the server IP address. As a result, the server's Internet channel is clogged. With this type of attack, the maximum possible volume of incoming traffic is observed. As a result, other nodes that use the same communication channel with the attacked server may also suffer.
- TCP syn flood - the attack is directed at the server's IP address. The server receives a large number of connection requests from non-existent addresses. The queue becomes full and no connection is established from that address. Real users cannot connect because the queue is full of fake requests.
From the Hosting Side
Our company offers you 2 types of protection against DDoS attacks (L2, L3, L4):
- Standard (free) Anti-DDoS protection. Your server's IP address is added to the general protection zone. The zone is selected based on the type of each specific attack. The IP addresses of other users are also added to this zone. There is no way to fine-tune protection as it can affect other users. The standard protection efficiency is 95%.
- Extended Anti-DDoS protection.
- a separate protection zone is allocated for each client,
- it is possible to fine-tune the protection parameters (in the standard protection, in some cases parasitic traffic may pass),
- higher limit of dirty and clean traffic.
From the User Side
The HTTP flood is a L7 attack. Therefore, Anti-DDoS protection does not work in this case. To protect against HTTP flooding, we recommend using CloudFlare. In addition, the technical support service will help you with setting up this service.
In order to increase resistance to DDoS attacks, we strongly recommend:
- Always use CloudFlare.
- Do not disclose the real IP address of your site.
- Respond to potential threats in a timely manner. If you start to receive messages about the unavailability of the site, you need to start taking action as early as possible.
- After the attack, analyze the logs and eliminate vulnerabilities.
- Use the latest versions and latest software updates for your resources.
If you still have questions, please create a ticket to technical support.