DDoS attack is a malicious action, quite common on the Internet, whose objective is to bring down a website by simulating an overload on the server, service or network.
Anyone with a website (whether on WordPress or not) knows that there are many concerns:
- create a good environment so that the user experience is memorable,
- provide relevant resources and achieve a good position in the SERPs ,
- among other points, they are part of the routine of those who administer it.
In this sense we need to know the acronym DDoS, after all, within that list of concerns are also the security and stability of the site as determining factors to achieve the expected results.
In this content we will explain what a DDoS is, the different types of attacks that your site can suffer and, also, the best ways to protect yourself.
Let’s go together to find out more about this topic!
What is DDoS?
Today, every entrepreneur knows that to have a successful business, regardless of the market niche, it is necessary to be present on the Internet, preferably with a website.
The creation of a website, in addition to showing the professionalism of a company, manages to increase the target audience, attract new potential customers, and accelerate sales, among other benefits.
However, creating web pages is not enough, it is also necessary to think about their structure, user experience, resources and also dissemination and access.
Even with all these points assigned to professionals, planned and executed, we are still at risk of a DDoS attack.
The acronym DDoS stands for Distributed Denial of Service. It is a variation of DoS (Denial of Service), being that this second acronym is a unit, while DDos refers to the coordinated nature of the attacks.
What is a DDoS attack?
The DDoS attack is a malicious action that aims to remove a website.
Normally, each user when visiting a website requests a part of the server, when the number of requests at the same time is very high, the site may experience slowness or even “hang”.
Therefore, a DDoS attack is a set of DoS attacks, that is, several computers or servers are used in a coordinated way to overload a system and deactivate it.
With this attack, the site becomes unavailable to any user, which can represent huge financial losses for companies, with a drop in sales and, also, generating dissatisfaction in your audience.
The DDoS attack has the unique and exclusive function of overloading the system and rendering it extremely slow or unavailable for access.
It does not affect the structure of a website itself, that is, it does not alter or damage existing files like other types of hacker actions do, for example when they install a virus.
How does a DDoS attack work?
For a DDoS attack to occur, the cooperation of multiple attackers is required, that is, a large number of computers or servers operating in synchronization.
Imagine a large avenue with a constant flow of vehicles in one direction, and suddenly, at an intersection, several cars enter this avenue, cutting off and interrupting traffic. This is the effect of the DDoS attack.
These attacks are carried out, most of the time, by computer hackers.
It is more common to occur on large business dates, when companies expect a natural increase in the flow of visitors and purchases .
Despite being a massive attack, a single hacker can organize it. To do that, you just need to control other computers, simulate a network, and focus on one target.
To control this computer network you must manipulate malware, which makes these computers bots. These bots are remotely controlled by the hacker, who sends coordinated instructions.
As each bot has a different IP address, the site recognizes each one as a user and the server exceeds its capacity, facing overload and beginning to fail.
What are the types of DDoS attacks?
Now that you know what DDoS is and how this attack works, we must consider that there are basically three types:
- application layer attacks;
- protocol attacks;
- volume attacks.
However, to go into the details of each type of attack, we must first understand what the network connection structure looks like.
Network connection structure
To understand how the network connection works, we will use the OSI (Open System Interconnection) model.
This model is a 7-layer division of the connection network. We can think of building a house, where each stage of its structure has a different purpose.
- Application Layer: human-machine interaction layer, where applications can access network services;
- Presentation Layer: ensures that the data is in a usable format and is where data encryption occurs;
- Session Layer: maintains connections and is responsible for controlling income and sessions;
- Transport Layer – Transmits data using transmission protocols, including TCP and UDP;
- Network Layer: decide which physical path the data will take;
- Datalink Layer: decide the data format on the network;
- Physical Layer – Transmits raw bit stream over physical medium.
Hackers can direct attacks on a specific vector or divide the target between vectors.
Application layer attacks
Attacks at the application layer are also known as attacks at layer 7. The main objective is to exhaust resources and interrupt access to the website or blog.
These attacks are aimed at the layer where web pages are generated on the server and delivered as responses to HTTP requests.
In this type of attack, it is very difficult to structure a defense due to the complexity of distinguishing the real traffic from the traffic generated by bots.
An example of such an attack is similar to pressing the F5 button (refresh the page) repeatedly.
This, on a large scale, with multiple computers requesting the update at the same time, can lead to overloads and lead to system outage.
This attack can be done on a specific page, in which case the defense becomes easier or on random pages, without a programmed IP frequency, making defense difficult.
Protocol attacks are also called exhaustion attacks. The purpose of this attack is to consume all the available capacity of the web application servers or intermediate resources, such as firewalls.
Protocol attacks target protocol layers 3 and 4. An example of a protocol attack is SNY overload. To understand it, let’s look at an everyday example.
Imagine that you go to a restaurant and ask the waiter for a particular dish. You take your order and, as you walk into the kitchen to request the prep, another table calls you and places a new order.
This is repeated successively and you cannot deliver all the orders to be prepared.
You will not be able to deliver all the orders as you are overloaded and therefore the requests will not be answered. Despite being a very simple example, it portrays the protocol attack very well.
A large number of initial connection request SYN packets are generated. The machine responds to the connections, but waits for the final stage of negotiation (handshake) that never occurs, thus depleting resources.
Volume attacks are intended to cause congestion by consuming all the internet bandwidth available to the target.
An example that we can create to make an analogy with this type of attack is, again, with the restaurant.
Someone calls the establishment and asks for each menu item, then tells the clerk to call back and describe the entire order.
That is, a simple request will consume a large amount of data. This, in a coordinated and repeated manner, generates the aforementioned congestion and can interrupt the use of a website.
How to protect your website against DDoS attacks?
We have already seen the different types of DDoS attacks. It is normal for us to feel scared by the possible actions of hackers and their effects on the business. However, there are ways to defend ourselves.
Of course, it will depend a lot on the type of attack, but the biggest concern is defining what is the actual website traffic and what is the malicious traffic.
That is, we must worry about the visitor who is really on your website wanting to make purchases in your virtual store.
Hackers can attack during a specific date of a big business, a product launch, or any other time when a traffic spike is expected, but there is also the possibility of an organic increase in visits.
Furthermore, the traffic generated by a DDoS attack can also vary. It can be focused on a single application layer or it can be spread out, attacking multiple layers at the same time and making attack mitigation more complex.
In a multivector DDoS attack, there may be an attack at Layers 3 and 4, combined with an attack at the Application Layers. In such cases, actions to mitigate them must also be varied.
What must be done is to direct a defense action to each layer. Here are some possible actions to reduce or eliminate the effects of an attack.
Blackhole routing is a way to end virtually all DDoS attacks. In practice, it consists of creating a blackhole route and concentrating traffic on it.
If you create a blackhole route without filter criteria, you can direct all traffic to that route during the attack. However, it will direct both malicious and real traffic, being removed from the network.
So if a website is experiencing a DDoS attack, all traffic can be directed to a blackhole route as a form of defense.
Limitation of requests
Limiting the requests that a server can accept for a certain period of time is another possible action to defend ourselves in the event of a DDoS attack. However, this strategy may not be completely effective.
This limitation reduces the speed at which web scrapers steal content and serves to mitigate forced login attempts.
However, the action will not prevent the created traffic from having basic actions (which can lead to longer load times or crashes).
Web Application Firewall
WAF is a strategy that can protect your website from a DDoS attack. It is intended for layer 7, that is, if the attack is concentrated in that layer, the Firewall will be efficient.
This firewall is placed between the Internet network and the originating provider, acting as a reverse proxy.
Because it filters requests according to a series of rules used to identify DDoS tools, Layer 7 attacks can be prevented.
Anycast network broadcast
Finally, we have the broadcast of the anycast network. This approach uses an unlimited broadcast network to distribute the attack traffic across a network of distributed servers to the point where the network absorbs the traffic.
In practice, we can think of a river with a high volume of water that is divided into several channels, transforming the large volume of liquid into small portions.
Of course, this defensive action will depend on the size of the attack, the volume of total traffic, and the efficiency of the network.
Therefore, in this content we could see that any website on the Internet is subject to malicious attacks by hackers.
Unfortunately, this practice is very common, especially on special market dates, when a large volume of visitors is expected on the pages, such as Black Friday, Christmas, Mother’s Day and other occasions.
The effects can vary, from the instability in the use of the website to the total impossibility of access.
The results of this also vary, mainly due to the company’s structure to mitigate losses.
If we think of a midsize company, anxiously waiting for periods of high traffic to generate a peak in revenue, and suffers from this type of attack, this can have consequences throughout the year.
Probably you wanna read: