A Distributed Denial of Service (DDoS) attack is one of the best ways to take down a site fast. For a site owner, it’s devastating. For the attack, it can be a ‘cheap’ computational way to cause chaos to an unsuspecting site. We’d bet that you don’t want to be the malicious user in this case, so we’re going to teach you how to stop a DDoS attack.
For this post, we’ll first look at what a DDoS attack is, 💣 talk about why it happens, and discuss some home truths about how to protect your site. From there, we’ll look at how to stop a DDoS attack over a few different steps.
What a DDoS attack is
The driveway to your house is (under typical circumstances) clear for you to take the car in and out as you wish. This is akin to a typical server shuttling data around. However, imagine that your street outside is blocked with traffic, only this time, someone has sent the cars specifically to block you in. This is the equivalent of a DDoS attack. In computing terms, it’s a way to tie up all the server resources for a site through making constant data requests.
When it comes to your traveling, well, you’re not able to. In essence, you can’t operate, much like a site can’t operate until the request ends. However, with a DDoS attack, this process could have no potential end.
In a technical sense, a DDoS attack utilizes lots of remote computers – potentially hundreds – to conduct an attack. These won’t have any relation to the primary lead computer, other than that they will all have malware that helps the attacker control them. These ‘bots’ form a ‘botnet’ that carries out the attack en masse.
You’ll find lots of different types of DDoS attacks that target various elements of the network. Most of the time, the attack will find a vulnerability in the network, transport, or application layers of the network. When it comes to how to stop a DDoS attack, you’ll want to know what these are.
The different types of DDoS attacks
In a general sense, a DDoS attack is similar regardless of what part of the network is targeted. However, in practice, there are subtle differences you’ll want to at least know about:
- Volumetric attacks. As the name suggests, this is where request volume is central to the attack. For instance, a Domain Name System (DNS) amplification attack spoofs a target’s Internet Protocol (IP) address and makes DNS name lookup requests to publicly accessible DNS servers; in return, the DNS servers send back DNS record responses to the original target. As such, it will overwhelm the resources and bring the site (or sites) down.
- Protocol layer attacks. This is a typical way to conduct a DDoS attack, because it’s cheap and allows bad actors to take advantage of less secure transfer protocols (like those that don’t even require server connections). For example, since User Datagram Protocol (UDP) doesn’t require permission from a server to communicate, all the attacker has to do is flood the server with spoofed UDP packets. The server reflects error UDP packets back (usually to an unreachable destination) tying up significant resources.
- Application layer attacks. These attacks use HTTP requests to bring a site down in different ways. ‘Flood’ attacks carry out a process similar to a constant browser refresh for your site, but on a gigantic scale. They can be expensive for a server to process (on a technical level) and can also often look like legitimate traffic.
Even so, it’s hard to understand why someone would go to the efforts to perform a DDoS attack. Next, we’ll look at 🔎 why these attacks happen.
Why a DDoS attack happens
To understand some of the reasoning behind why people carry out DDoS attacks, it’s important to view it from the viewpoint of ‘disruption.’ Even so, you can drill down the reasons even further than that:
- Competition. 🎰 There’s a Computer Weekly article that notes 40 percent of businesses think rivals conduct DDoS attack on their sites [1]. Because an attack is cost-effective and goal-oriented, it’s good, old-fashioned sabotage but for the internet age.
- Politics and activism. 📢 If you can take down a high-profile site and promote it as your own work, it could get your message across. This can happen for all manners of personal and political reasons. It could be that your ethics don’t align with a particular company. In contrast, you might see warring governments conduct some ‘DDoS tennis’ as is the case with Russia and the Ukraine.
- Entertainment. 👨🎤 Some people might watch the big game, others could binge-watch their favorite TV series. Others might have so much boredom that they hack a bunch of servers and conduct a DDoS attack on your site. Sometimes, there’s no rhyme or reason behind an attack.
Regardless of the reason behind an attack, it can cause havoc to your site. Because of this, you’ll want to learn how to spot an issue before you learn how to stop a DDoS attack.
How to spot a DDoS attack
A simple way to spot an attack on your site is to side-eye anything out of the ordinary. However, this might not help too much, depending on what you see. Instead, we have a quick list of specifics for you. While you read through, understand that your site’s analytics will be valuable here, as the data will help you understand what the signs mean:
- If you see a lot of traffic incoming, check whether it all has similar fingerprints. For example, it could all come from the same IP address range, physical location, referral website, and more.
- If this traffic doesn’t align with what you would typically expect on your site, this is another red flag. You might see spikes of regular activity, for example, or site hits at hours you don’t often see.
- Look out for other errors, such as 404 issues, and what other pages the traffic looks to hit. If there is a large frequency, it’s likely time to implement your disaster recovery plan.
Once you have a ‘confirmed case,’ it’s time to get to work. Next, we’ll look at how to stop a DDoS attack in a few different ways.
How to stop a DDoS attack (5 ways)
You can’t ever stop a DDoS attack, but you can mitigate the impact and increase the time you have to defend your site. DDoS attacks are complicated by nature, but the good news is that you don’t need complicated technical knowledge to protect your site and server. Here’s a quick list of steps we’ll cover:
- Install a Web Application Firewall (WAF)
- Register for a DDoS protection service
- A Content Delivery Network (CDN) can also be a vital way to mitigate a DDoS attack
- See what tools your site’s host has to help have your back
- For on-site user interaction, consider CAPTCHAs
One of the biggest areas to focus on is your server strength. The first few approaches will help you lock it up.
1. Implement a server-side WAF
If you only choose to protect one area of your site’s infrastructure, choose your server. The greater level of protection here means fewer malicious actors can get to your site’s files. One of the best ways to filter out good traffic and turn the bad away is with a web application firewall.
Enterprise servers will often use a hardware WAF – more of which later – but these can be expensive, and you will likely not have physical access to your primary server, anyway. Instead, you can look to employ a software cloud-based WAF. This won’t be all you need, but it can be a front-line weapon in learning how to stop a DDoS attack.
However, it’s important to look into whether the WAF either operates at the server or application level. For instance, Wordfence offers a fine server-side WAF, but only for the application level. This means it’s protecting your site, but still could let bad actors onto the server.
There are companies that can provide a WAF that protects at a server level, though. For example, Cloudflare provides this service, and this is the one we’d recommend given the quality of the company and its other products.
You’ll also want to look into some of these other services – namely dedicated DDoS protection.
2. Sign up for a dedicated DDoS protection service
It’s good to know that you don’t necessarily need to know how to stop a DDoS attack. Some companies know how to do this, and can have your back for a regular fee. Cloudflare excels here again with a dedicated DDoS protection service that’s three tools in one. However, you can also find solutions such as AWS Shield that work at a cloud level.
Using the experts in this way solves two problems. First, they can react to a DDoS attack before it happens, which has a better chance of mitigation. After all, if an attack is already happening, it’s too late. Second, the company can also tell when an attack will happen better than you can. They’ll have historical data and better analytics, as you’d expect from a dedicated service.
What’s more, a company such as Cloudflare can utilize its cloud network to help you even further. Let’s look at this next.
3. Use a CDN
One of the reasons a DDoS attack works is because the bad actor’s network has more power and bandwidth at its disposal compared to a single computer. As such, might matters, which means if you increase the number of computers that server your site, you can circumnavigate downtime.
This is where a CDN can save your bacon. In practice, it doesn’t matter which solution you choose – they’ll all operate in the same way. This is where your site has hosting on various servers around the world. From there, the network will serve your site from a location near to the user.
When it comes to a DDoS attack, this approach can work because you essentially run hundreds of different servers. If one goes down, the rest remain up. A CDNs purpose isn’t solely to stop DDoS attacks, but it performs well as a supplementary solution.
4. Check that your host can protect your site at the server level
Speaking of server strategies, you should definitely check out what your host does to help protect its swathes of sites from DDoS attacks and other security concerns. It’s easy to imagine this is something you’d pay through the nose for, but in reality, all hosts have to worry about protecting servers:
- For cheap shared hosting providers such as Bluehost, they will have more sites per server to protect. This means they may even need better security than some other types of hosts.
- Managed hosting often prides itself on server performance. As such, the host will want to keep uptime high.
You might find the steps a hosting provider takes to stop DDoS attacks on its website, specifically its server architecture or security pages.
However, you can also ask the question through the support channels. You’ll often find that the host will use hardware WAFs, cloud hosting provisions, default CDNs, and much more. Something to ask for is what the policy is for adding malicious IPs to a blocklist. It’s one thing to do this at the WordPress level, but it should also be possible at a server level, too.
Once you ask the right and relevant questions, you’ll soon find out if its DDoS protection is worth investing in.
5. Make sure you use CAPTCHAs for all user logins
There are a few elements you can add to your site to help stop security issues such as a DDoS attack. One of the best ways to protect certain ‘endpoints’ is with a CAPTCHA.
While they can hinder the User Experience (UX,) especially in older versions, a CAPTCHA can help protect the resource-hungry pages on your site from exploitation. This means even if a DDoS attack happens, your whole site will be less likely to crash thanks to fewer resources being in play. As such, it will take a greater effort to overload your site.
There are lots of CAPTCHA solutions on the market, and our sister site Themeisle rounds up a few of the best. While a CAPTCHA might not be the primary way for how to stop a DDoS attack, good implementation can help protect some of your critical pages from harm.
Conclusion on how to stop a DDoS attack 🏁
Uptime is important to a lot of aspects of your site. We could talk about many facets here, but in general, you want your site to remain live as much as possible. This means you’re always open for business, and can maximize the revenue, leads, conversions, and more. However, a DDoS attack’s whole design is to induce downtime for your site.
This post looks at how to stop a DDoS attack. While your host has a huge part to play, you can play your part too. If you use a server-level WAF, a quality CDN, and look to protect on-site forms using CAPTCHAs, this is a great start. You might even choose to employ a dedicated DDoS protection service – a company such as Cloudflare offers all three, but there are plenty of others available.
Do you have any questions about how to stop a DDoS attack? Ask away in the comments section below!
…
Don’t forget to join our crash course on speeding up your WordPress site. Learn more below: