For many website owners, attracting more traffic to their website is a top priority. Who doesn’t want to increase their customers or the number of people reading their content? There’s no such thing as too much traffic, after all. Except that isn’t entirely true. Especially when it’s the wrong kind of traffic.
That’s why today we’re going to talk about one of the leading ways traffic can go wrong: DDoS attacks. We’ll be covering what they are, why they’re bad, and how to protect your site from them.
DDoS — What it is and how it works
DDoS is short for distributed denial of service. These kinds of attacks target websites and online services, overloading their servers with fake traffic so that they are rendered inoperable and unavailable to anybody who actually wants to use them.
There are numerous ways a DDoS attack can unfold. For the sake of brevity and simplicity, we’ll just be focusing on one way it can happen (which just so happens to be the most common form of DDoS attack): botnets.
A botnet is a distributed network of remotely-controlled, hacked computers that work together to flood a web service or website with more data requests than it can handle. The computers that make up a botnet are hacked via malware or an existing vulnerability. The hackers install Command and Control, or C2, software on the computers, which allows them to launch a coordinated attack that can bring down a website or service.
The consequences of DDoS attacks
DDoS attacks might not sound like such a big deal at first. What’s a little bit of downtime? But downtime can have disastrous consequences for online businesses whose bottom line hinges on being always available. Whether you run an e-commerce store or online service that people depend on, if your site isn’t accessible, it will likely result in angry users, the loss of customers, and a hit to your finances.
Furthermore, DDoS attacks can often be more wide-ranging than you might expect. In 2016, Dyn, a DNS provider, found itself the target of a series of DDoS attacks. The result was far-reaching, with scores of major platforms — including Airbnb, Reddit, PayPal, and Netflix — experiencing lengthy downtime, disrupting service for a multitude of users in the US and Europe.
More recently, Amazon Web Services announced that in February 2020, it mitigated the largest DDoS attack ever with a volume of 2.3 Tbps (TeraBytes Per Second). To put it in perspective, Amazon says that the attack was 44% larger than anything it had experienced before, with the service spending three days in elevated threat status. AWS experiences little downtime thanks to its DDoS protection service, AWS Shield.
How to protect yourself from a DDoS attack
For website owners, implementing a website application firewall (WAF) is a good start. A WAF serves as a shield between your site and incoming traffic, preventing common security threats, including DDoS attacks. There are numerous free and paid WAF services available online, including WordPress plugins.
A solution for avoiding downtime in the event of a DDoS attack is using a content delivery network or CDN. A CDN is a group of servers distributed worldwide that work in tandem to speed up Internet content delivery. When you use a CDN, your website content is stored on these servers in addition to your primary server. This improves website speeds for anyone accessing your site, particularly in places geographically far-flung from where your main server lives. In the event of a DDoS attack, your website shouldn’t experience any downtime, as your website content is already backed up and cached elsewhere.
For general Internet users who don’t want their devices to become part of a botnet inadvertently, make sure you have a good antivirus and security software installed across your digital devices. Not just on your laptop and PC, but Internet of Things (IoT) devices too, such as webcams, security cameras, home routers, and even baby monitors. These devices tend to fall by the wayside since people don’t automatically think of them as computers. However, they have been the focus of multiple high-scale botnet attacks, such as the Dyn attack mentioned earlier.
DDoS attacks are an unfortunate reality of life online, and it seems likely they’ll grow in sophistication as time goes on. However, following basic practices for website security should go a long way. Installing security applications, such as a WAF and anti-malware software, on your website server and digital devices, should make for a robust preventative measure, while a CDN may help if your website ever becomes a target.