What is a distributed denial of service (DDoS) & How to prevent it?
There are two types of denial of service events. You have your denial of service(DoS) event and then your distributed denial of service event(DDoS). The difference between these two is how many connections are utilized during the attack. A DoS will use a single connection to hit a website, an example being “Slow Loris”. DDoS utilizes multiple connections to hit a website, usually in the form of botnets. Technically, many of these attacks are similar and can be seen using more than one form of malicious traffic.
How does a DDoS attack work?
These attacks are carried out by compromised machines. Once compromised, this device will be referred to as a bot or a zombie. Groups of these machines are called botnets. The botnets are comprised of hundreds of internet-able devices. These devices have malware that allow them to be remotely controlled by an individual.
An active botnet can be used to direct attacks by sending remote instructions to the each compromised machine.
When your server gets targeted, each compromised machine sends a form of malicious traffic towards your network address. This could end up overwhelming your server or network which results in denying normal traffic, i.e denial of service.
The unfortunate downside to this is because each compromised device is a real legitimate device, it’s hard to differentiate the attacking traffic from normal traffic.
Am I protected from DDoS attacks?
If you’ve received an email from KnownHost regarding a DDoS event, do not worry!
As such, should you experience a DDoS against a service with us, our automatic filtering will kick in and mitigate the attack allowing your server to continue to operate as it was intended. We simply send these notifications to inform you of the event and the actions that have been taken.
Unfortunately, we do not filter Layer 7 traffic. If you want Layer 7 traffic protection, check out our Website Application Firewall article.
What do I do if I receive a DDoS attack?
If you’re experiencing a situation where you feel that you’ve become victim of a DDoS attack, very few actions can be taken during the attack. Please open a Support Ticket for assistance.
How do I protect myself?
If you’re using a KnownHost service, we provide majority of the protection for you with the exception of Layer 7 as previously outlined earlier in this article.
To take extra steps to protect yourself, you can use services such as Imunify360 or a proxy service such as CloudFlare that sits infront of your website to filter traffic prior to reaching your server.
Services such as CloudFlare acts as a middle-man to determine whether or not your “visit” should be served the content.