What is a Denial-of-Service (DDoS) Attacks? GRIDINSOFT TEAM
DDoS is an abbreviation for “distributed denial of service”. This definition explains a lot about the essence of this situation. First, however, the reasons, as well as ways of avoidance, must be presented. So, first of all, let’s talk about how it works - it will give you the hints to protect the website from any DDoS attacks.
Distributed denial of service happens when the server receives so many requests that it cannot process them all. The server may lack RAM or CPU, but the effect will be the same - web pages will not be opened with the following error numbers:
|500||something is wrong with the server, without more precise specification;|
|502||invalid response from the server;|
|503||server is temporarily unavailable to handle a request;|
|504||time for server response is exceeded;|
|509||host receives more traffic than the site can handle;|
|520||server returns an unknown error;|
|521||original website server is not available for the intermediary server (usually Cloudflare);|
|522||connection timed out;|
|523||intermediary server (same Cloudflare) is not able to connect to your host server;|
|524||connection through the Cloudflare server is timed out.|
Overloading the server is not an easy task, especially if we are talking about the pages of large companies or online services. More than a dozen of Google services, Netflix, Amazon, Microsoft - they receive hundreds of thousands of requests per minute - and their servers keep going without any trouble. Proper setting of the response routing and renting or building more servers will make your service available for more customers, besides being more sustainable to any sort of overload.
Cybercriminals who commit DDoS attacks are not inventing a new thing. The essence of this sort of cyberattack is creating an enormous amount of requests that simply overload the server. These attacks are usually conducted with the help of botnets - groups of the computers, infected with a virus which makes them “zombie”. These machines (some of the uncovered botnets were bigger than 100k computers) are controlled from a single command center. Crooks can tell them to send requests to each site - even to google.com. Having the botnet, which is large enough, you may shut down or make it troublesome to connect even to large and well-known resources.
Sometimes, people make unintentional DDoS attacks when the crowd sends many requests to the same server. For example, you may have witnessed such a situation during the 2020 election in the USA, when folks massively opened the fec.gov site (where the official results were posted), causing certain troubles because of server overload.
Latest DDoS attacks:
- Akamai Says Powerful DDoS Attacks Are Becoming the Norm
- Hackers attack Microsoft Exchange servers on behalf of Brian Krebs
- Attackers using DCCP protocol for DDoS attacks
- DTLS can amplify DDoS by 37 times
- REvil spokesman boasts that hackers have access to ballistic missile launch systems
- Google revealed the most powerful DDoS attack in history
- Lucifer malware uses many exploits, is engaged in mining and DDoS attacks
How are websites protected from DDoS attacks?
The First DDoS attack happened during the week of 7th February 2000. This attack was committed by a 15-year-old boy, who made a series of attacks against e-commerce services, including Amazon and eBay. Since that moment, system administrators have discovered a lot of possible ways of DDoS prevention. One of the most popular and best-known ones is captcha solving. When you make many clicks, just like a computer from a botnet that attempts to overload the server with requests, a unique system asks you to solve the captcha.
Another widespread way to decrease the potential server load is to prevent any requests from the bot. Such services as Cloudflare take the request to your website first and offer the “visitor” to solve the same captcha. This method is much more effective than the previously mentioned captcha solving since bots cannot reach the endpoint of attack.
Of course, an essential element is back-end optimization. The poorly designed back-end may cause problems even when no one attacks your site. However, by optimizing the code, you will increase the upper limit of requests for the period and save a significant amount of money you would spend on server upgrades.