DDoS when not waiting for him

Introduction

In this article there will be no advertising of specific companies and it does not claim to be the “smartest article on DDoS”. The purpose of this article is to draw your attention to a problem that may sooner or later affect you.

We do not think until it starts

I think many webmasters and administrators of sites, like me, only know the technical aspects of the OS setting, setting up firewalls, channel width, etc. superficially. All the system settings are done by the hosting caliper, we are left with only the control panels.

If you have a website, imagine such a scenario. One fine morning you wake up, out of habit, refresh the main page of your precious site, which brings you income, but an error will appear instead of the site, or the page will load for a long time, then not load at all, then through time, etc.

Clearly - the first reaction will be a shock, will begin to appeal to the caliper. After all, the site is unavailable - so you can fly out of the search index. And since attacks usually begin on Saturday evening, then the caliper will most likely sleep peacefully and see dreams. Monday morning it turns out that you are DDoS-yat.
')

What you need to know about DDoS attacks

There are many types of DDoS attacks. For each type, you can write a separate article. But if not much to go into details, then there is something like this.

The attacker gives a signal, for example, 10k computers (bots) randomly go to different pages of your site, several times a second. If the site is not sufficiently optimized (and conceived, the way it happens), then the load on queries to the database increases, the php-code processing and the site freezes, not having time to process people's requests.

But this is only the tip of the iceberg. In case you have everything in order with optimization and the system does not get bent from hundreds of thousands of requests, then the number of these requests in megabits may exceed the physical capabilities of the channel. Let's say your website is hosted with a channel width of 100 megabits. And the volume of attacking requests is 500 megabits. The channel is clogged - the site is unavailable.

What to do???

This question will certainly arise, and most likely many times. Scatter answers by points:

1. If the attack is not very elaborate, then it can be reflected in the correct setting of the OS. Your hosting provider is doing this. By setting the correct values ​​of the firewall, you can survive such an attack.

2. If the hoster was picking at the settings of the OS "pitstsot" hours (for you they seem like an eternity) and could not do anything, then this does not always mean that it is crooked. This may mean that the server is unable to cope with so many requests. This can also be indicated by a “holey” ping to your site.

3. If everything happened exactly as indicated in paragraphs 1-2, then expensive methods of protection remain:

• Or you can close proxying, while the site remains in the old place. Only DNS changes, directing traffic to the filtering proxy server. From it already comes pure traffic to you.
• Or it will be a move to a new hosting service that provides protection against DDoS attacks.

What ***** attacks me?

• This may be the machinations of your competitors from sites of similar subjects.
• Maybe you have enemies, envious or detractors.
• It may be attacked by a company that provides services to protect against DDoS-attacks, because for some time it has not had any orders.
• It may be extortionists who will launch an attack, and in a couple of days they will knock you on ICQ with suggestions of a different nature. But this is a criminal case, so no one will ever knock.

When will it all end?

DDoS attack costs money. Strong attack - it costs a lot of money. Therefore, the attack will not last forever, but often lasts as long as you do not put a decent defense.

And protection costs money. Protection against strong attacks costs a lot of money. But most likely you have them, because Nobody will order DDoS on unpopular sites, especially expensive.

Prevention

In order to more or less adequately move a DDoS attack, you first need to:

• Optimize the site engine, adjust the cache where possible. Then you may not even notice weak attacks, and with strong attacks you will be able to focus on other points.
• If your resource begins to bring a decent income - move expensive hosting, where they know exactly what to do with DDoS-attacks. With channels of 1000 megabits. Do not save on your nerves, sooner or later they will pay attention to you.
• Be prepared for this.

Conclusion

If with this article I help at least one victim of these ghouls, then I was attacked for a reason.

I was attacked on Saturday evening. Well attacked (scored 100 megabit channel). The site was down in the morning on Tuesday. All Monday, the hosting caliper twisted the Linux settings, but nothing happened. The site was disabled because DC was shocked by the number of requests. On Tuesday morning, out of despair I bought a proxy protection for $ 100 a day until Thursday morning. On Wednesday, googled (google a lot) and moved to expensive hosting with DDoS protection. These were not the best 5 days of my life.

Perhaps I did something wrong, but I was taken by surprise. I hope you will not be caught off guard. Good luck! =)