Website is down and under DDoS attack? Where to find DDoS protection?

Today we live in times when 99.9% of website uptime is becoming something rare in light of increasing number of DDoS attacks committed by the perpetrators on different purposes which in many cases imply greedy mercantile interests.

How to recognize DDoS attack?

It is very simple. The final purpose of any DDoS attack is to make a site unavailable. In other words if you or your clients cannot open a website it is most likely that your website was hit by DDoS attack. Usually in such cases when a user types an address in the address bar of the browser he/she sees a blank space instead of images and other attributes of the website design, or the browser just reports an error. There are cases when DDoS are insufficient to disable your website absolutely and hence it just slows the work of the network and servers which can be seen both to administrators and ordinary website visitors.

If your website is attacked by DDoS you should understand that your hosting services provider will unplug the server in order to avoid being overloaded. Why? In order to understand the answer to this question you need to know the nature of the DDoS. We will try to explain fundamentals of this phenomenon in a simple and comprehensible form.

What is DDoS attack?

DDoS attack is abbreviation of Distributed Denial Of Service Attack. Putting it in simple words DDoS looks this way: a victim server is sent a great deal of false queries from numerous computers across the globe. As a result the server exhausts its resources to serve these queries and becomes almost unavailable for legitimate users. To tell it even shorter the bandwidth channel gets clogged. Thus, if your server bandwidth is 1 Gbit and the volume of illicit traffic send by the cyber crooks exceeds this limit the server hosting your website will be unplugged.

But you may ask how these criminals manage to produce such a huge traffic? It is as easy as ABC. Thousands of people when surfing through the cyber space get unwittingly infected with the viruses that remain undetected by the anti-malware applications. Thus, their PCs become part of the worldwide network of infected machines, or in scientific language a botnet. Thereby, when a hacker plans a DDoS attack on your website he/she activates the whole botnet and subsequently every zombie machine, connected to the Internet, without being noticed by their owners sends traffic to the server specified by the evil-doer. This way DDoS attack is perpetrated by a complex work of thousands and even millions of machines around the world.

Adverse effects of DDoS attack

Certainly if you have a website dedicated to domestic parrots where you tell your friends about how to care about birds then you are unlikely to be under risk of DDoS attack. No one will waste its resources to direct it to your website. DDoS attack is usually arranged on purpose of commercial benefit or extortion. For instance, if your Internet store, casino, processing, billing or any other service is DDoS attacked consequently you lose your clients, your prestige and besides your relationship with the host provider worsens as well because it won’t be a pleasure to him if you are regularly hit by DDoS. In order to understand the effects of DDoS attacks just calculate your daily turnover. And then think what will happen if your website is unavailable for the whole day. Here you are with direct losses on hands.

Who orders DDoS attacks?

There are two types of DDoS orders. First one is ordered by your rivals. If you own a profitable hyip or online store the best way for your competitor to remove you from his/her way is to order DDoS on your website. In this case your clients will surely leave you for your rivals.

The second type of DDoS is perpetrated on purpose of extortion. In this case immediately after your website has been destabilized criminals send a message on your email address where they require to transfer them money in exchange of website resumption.

Of course, there are also DDoS of pure personal character. For example, your firm provided bad service to a client who decided to take revenge on you by means of DDoS attack. But such attacks are very rare and usually they do not last long.

How can you protect against DDoS attacks and what is DDoS protection?

If this question concerns you it means that your website is unavailable or it is loading very slowly. This may signal that your website was hit by DDoS attack. You need to understand a simple thing: DDoS orchestrators also incur some costs to perpetrate their scheme. And in some cases these costs may amount thousands and even tens of thousands of dollars.

Therefore you should get a good idea of the DDoS nature yourself. If within several days you haven’t received any messages from blackmailers and your website is still in downtime it is more likely you were attacked by your rivals. But how long will it take and how vulnerable is your website? It depends on DDoS costs incurred by the “client”. Costs in turn depend on a number of factors. Which? The answer to this question was formulated by the analysts of Dragonara.net, that provides DDoS protection and hosting with ddos protection services: “Costs incurred by the perpetrators in arranging DDoS attack depend on such factors as:

1. bandwidth of your website hosting;
2. availability of the proper software and hardware;
3. datacenter where your server locates;
4. level of technical training and experience of hosting company experts.”

Hence, if your website is in downtime as a result of DDoS in order to repulse it you need to consider all four aspects mentioned above. As a rule if your website is hosted by a not very expensive provider who does not offer DDoS protection you have no chances to successfully defend against the attack.

Thereby, if your website is hit by DDoS attack you would better consult experts that will approach your problem individually.

Thus, if you no longer want to see your website in downtime you just need to consult any website that offers DDoS protection. When you connect an expert you should detail the nature of your problem and elaborate on DDoS incident. For instance, a leading company in the market of DDoS protection Dragonara.net can offer you free guidance on how to protect your website against DDoS. Then you will be offered one of available protection tools. As a rule, after a user addresses the company a website resumes within several hours even if the attack continues. Hence, if your website is attacked you shouldn’t tarry. DDoS attacks may last more than a year and even two years especially when costs on DDoS are less than costs on competition with you. In this case you should act and protect your website with urgency otherwise your costs will undermine your company and your reputation.

How expensive is DDoS protection?

The answer depends on a number of factors. But in general and on the whole the cost of DDoS protection may start at $200 and reach tens of thousands of dollars. But this should not discourage you as long as websites that pay such huge amounts earn hundreds of thousands of dollars monthly.

Certainly, putting it in scientific terms DDoS attacks, their organization and protection is a very sophisticated industry which requires special skills and knowledge. However, in may cases DDoS attacks hit those website owners who have rather scarce idea of the problem nature and sometimes they underestimate it. That is why when there is a slightest suspicion about DDoS attack users should immediately seek DDoS protection. On the other hand, those people who have been conducting their business on the Internet know that it is unwise to wait until you are attacked. It is urgent to establish DDoS protection on a website at the beginning and mark this fact with the special sign on the home page. This way your clients will be immediately advised of the fat that they use the service that will be always 99.9% uptime and available and hence it fears no DDoS attacks.

For the note:

Types of DDoS, which can be 

- TCP SYN Flood
- TCP SYN-ACK Reflection Flood (DRDoS)
- TCP ACK Flood
- UDP Flood Attack (Trinoo) 
- HTTP Flood Attack
- ICMP Echo Request Flood
- UDP Flood Attack
- Tribe Flood Network and Tribe Flood Network 2000

The reasons that give the attackers opportunity and freedom to spoil web resources are as follows:

1) Vulnerable softwares/Applications running on a machine or network

2) Open network setup

3) Network/ machine setup without taking security into account

4) No monitoring or DataAnalysis are being conducted

5) No regular Audit / Software upgrades being conducted

One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

A DoS attack can be perpetrated in a number of ways. The five basic types of attack are:

• Consumption of computational resources, such as bandwidth, disk space, or processor time
• Disruption of configuration information, such as routing information.
• Disruption of state information, such as unsolicited resetting of TCP sessions.
• Disruption of physical network components.
• Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

A DoS attack may include execution of malware intended to:

• Max out the processor's usage, preventing any work from occurring.
• Trigger errors in the microcode of the machine.
• Trigger errors in the sequencing of instructions, so as to force the computer into an unstable state or lock-up.
• Exploit errors in the operating system, causing resource starvation and/or thrashing, i.e. to use up all available facilities so no real work can be accomplished.
• Crash the operating system itself.

Denial-of-service attacks are considered as violations of the Internet proper use policy adopted by the Internet Advertising Bureau, and also violate the acceptable use policies of virtually all Internet Service Providers. They also commonly constitute violations of the laws of individual nations.

Available tools

In protecting their websites against DDoS attack users are rendering to the following methods, some of which, it should be noted, are inefficient and even adverse in a certain way.

• Black-holing or sinkholing. This strategy is not very effective. Using this method you block all traffic and make it pass to a black hole where it will be discarded. Hence, it means that along with the illicit traffic you kill the legitimate one and make your website be offline. Similarly, packet-filtering and rate-limiting measures simply shut everything down, denying access to legitimate users.

• Some people giver their preference to routers and firewalls. Routers are configured to prevent simple ping attacks via filtering nonessential protocols and can also stop invalid IP addresses. On the other hand routers are not sufficient to defend against more sophisticated spoofed attack and application-level attacks using valid IP addresses. Firewalls can shut down a specific flow associated with an attack, but like routers, they can't perform antispoofing.

• Other wide-spread method is using intrusion-detection systems. With IDS user’s systems are capable to detect some abnormal processes and can recognize when valid protocols are being used as an attack vehicle. These systems may also be used in combination with firewalls to automatically block traffic. A negative effect is that they need manual configuring by security experts. Besides, they often generate false positives.

• An important aspect in fighting DDoS attacks is proper configuration of your server applications. In this case an administrator makes a detailed definition of actions that should be performed by an application in order to respond to requests from clients. In combination with a DDoS mitigation appliance, optimized servers stand a chance of continued operations through a DDoS attack, as advised by experts.

• DDoS mitigation appliances. Today there is a choice of such systems. Some companies make devices dedicated to sanitizing traffic or build DDoS mitigation functionality into devices used primarily for other functions such as load balancing or firewalling. None of such structures can be treated as panacea. Their work may result in that they will prevent legitimate traffic in some cases and allow illicit one.

• One more approach used to address DDoS problem is buying excess bandwidth or redundant network devices. The advantage of such method is that using an outsourced service provider you can purchase services on demand, such as burstable circuits that give you more bandwidth when you need it, rather than making an expensive capital investment in redundant network interfaces and devices.