What is DDoS and what can I do about it?

What is Distributed Denial of Service DDoS or DoSDistributed Denial of Service (DDoS) happens when a hacker sends lots of fake traffic to your web site, or in my case a site on the same shared server that I am using. This means that the server is so busy trying to deal with the fake traffic that it can not service the real traffic.

In effect real traffic times out and the server is effectively off the air. These attacks can be very hard to stop and can go on as long as the attacker can keep it up – the most recent one I experienced lasted a week! (Thanks to pre planning and a good hosting provider my site was only off the air for a few minutes)

You can read a good technical overview at Wikipedia on Denial of Service but one of the more important things is to have some sort of plan for what to do if it happens to you.

Most of your planning will have to be carried out in advance and you need to think about how much effort you want to expend in case this ever happens to you. With the number of attacks increasing it is something you want to think about as likely rather than ‘it will never happen to me’

  1. Your first line of defence is to have a good hosting provider. I use BlueHost as my hosting provider and they have been able to keep my site up and running with only a couple of little glitches when the attack started.
  2. Apart from your website you can also loose access to other things running on the same server like your email accounts. I have a copy of email sent elsewhere so I was able to read everything even while the server was unavailable.
  3. If your site is really critical you may want to have the ability to switch to a backup server with another provider (you will need to keep this backup server up to date with your regular one so there is a bit more set-up with this option)
    • Make sure you keep a copy of your regular backups away from your server – if you need them during a DDoS it may be hard to get them if they are on the server under attack!
  4. Put monitoring in place so that you know if your site is down. There are a number of simple services available such as SiteUptime and Montastic. I use both, Montastic can be faster to respond but SiteUptime keeps statistics. They both have free and paid for services.

This may be sufficient for a small or personal site. There are many other things that can be done for larger sites depending on the amount of time you are prepared for your site to be unavailable.

In the meantime, here’s to your site being up and available all the time!

Brian
your ‘Peoples Geek’