Once you have a website for your business, one of your worst nightmares becomes the fear that your website is down.
Today’s post is a quick snapshot of one the nasties that could potentially bring your site down – and a couple of recommendations to mitigate and prevent the impact.
So, lets talk about a Distributed Denial of Service (or DDOS)
What is a Distributed Denial of Service attack (DDOS) ?
In plain english , it’s when attackers send so much traffic, from multiple locations (distributed) to your website, that your server cannot cope with the requests, and eventually it shuts down. While this is happening, your site may slow down dramatically, making it very difficult for genuine clients and prospects to view and interact with your website.
Why do they do it ?
Most DDOS attacks are aimed at government or large companies – from “hacktivists” or people trying to make a political point.
If you are attacked by a DDOS , its likely to be because your IP address is in the same range as a target of interest – because once launched, the attacks are generally automated by malware and bots.
What can you do about it ?
Overall – there’s not much you can do to stop attacks from hitting you – but you can put measures in place to cope with an attack.
Here are my top two tips to mitigate and prepare for an attack.
- Take a Multi layer approach to security mitigation
- Server level – explicitly ask your hosting company to confirm what measures they take to mitigate
- Website Framework ( eg WordPress or Joomla ) – you may want to add a security plugin
- Make sure your server host or web developer updates all security patches as soon as they are available
- If you do this yourself – then set an appointment weekly to check and run all patches
- Use a Content Delivery Network (CDN) – a service such as Cloudfront , or Cloudflare, which caches your website at global endpoints, and mitigates the impact of an attack. You can also implement geographic rules that prevent traffic from countries that don’t fall in your service area.