One of the major security threats an Internet-connected server might encounter is a DDoS attack. It is a violent, often faceless, intrusion on a server that can leave all of its websites paralyzed.
DoS stands for denial of service, and a DoS attack is one in which the attacker typically exploits a protocol, application, or other means of entry to bombard the server with requests. Eventually, the server cannot handle it anymore, and it either crashes or simply becomes unreachable to anyone else except the attacker. The actual methods for denial of service vary, but the end goal of preventing user access is always the same.
A DDoS attack is a distributed denial of service attack that involves a concerted effort of multiple machines carrying out the DoS. In other words, if the method of denying service is to flood a server with more HTTP requests than it can handle, multiple computers in multiple locations will carry out the attack. This makes it more difficult for a server to stop the attack simply by blocking access from one source.
Although there may be instances where DDoS attacks are planned and purposefully executed by all parties involved, the more likely scenario involves some form of intrusion mechanism that takes control of several machines and uses them as unwilling virtual weapons. The owners of the attacking machines or agents typically do not know that their systems have been compromised and may never know that they were part of a DDoS attack.
It is not always possible to completely prevent a DDoS attack because of the large scale of some attacks and the number of attacking computers involved. As a result, many high-profile websites from large corporations have been brought to their knees. System administrators can, however, be prepared and have a mitigation plan to lessen the effect of an attack..
Why would people do this? Because their parents don’t love them, that’s why. In all seriousness, websites get attacked for numbers of reasons, but most of the time it’s because the owner of the website made someone really upset, it usually happens on high risk websites such as adult, gambling, etc….. Which is why we’re very strict on what type of content we allow on our servers!
So how do we fix it? Well, it depends… If the person getting attacked is on a VPS or dedicated IP, we can simply block that IP with our providers and than everyone is back up. However that’s usually not the case, it’s usually someone on a shared IP which 300+ other websites. In those situations, we have a few options but it usually involves downtime for multiple people that share that IP address. Sometimes it can affect our entire network if it’s big enough when all servers are down, however that’s usually not the case. The solution to fixing a DDOS attack is usually wait it out. We can sometimes filter out the attack but the majority of time, we have to wait until they stop.
Once a customer gets attacked, we no longer host them… We blacklist them from hosting with us in the future because it doesn’t really hurt them by getting attacked, but it hurts us (the web provider) the most. We lose customers due to the downtime caused by the DDOS attack but more importantly, it can cost us a lot of money. We pay our providers based on how many “balls” go through that slide every month, it’s not the typical DSL/Cable connection where we pay $49/month and can use it as much as we want, we pay for usage…. Therefore when thousands of balls continue to go down the slide (even if they aren’t successful) we have to pay for it.
We hope this helps you better understand DDOS attacks, what they are and why they are bad for both you and us.
