As more and more of our daily routines revolve around accessing websites, the reliance on those websites to be up and running all the time is becoming ever more crucial. Sadly, this dependence is now being taken advantage of by criminals, and one particularly nasty threat is the Denial of Service (DoS) attack.
Recently, one of our clients sustained such an attack. Not only did it cause disruption for them, but also caused us quite a few headaches as we had to do our best to get their site back up and running as quick as possible, along with dealing with the other disruption it caused. Having learnt from that experience, we felt it necessary to provide a deeper insight into this unwanted menace and answer a few questions.
1. So, what is a Denial of Service attack?
In it's simplest form, a denial of service attack on a website essentially floods that website with unwanted or useless data. This amount of data is increased until eventually, depending upon the specification of the hosting hardware, it stops functioning because it cannot handle that amount of data at one time.
2. Will it just be my website affected?
It depends on what the web server being attacked is used for. If your website is the only website on the server, then yes, it will be the only website affected. However, it is more likely that your web server is also hosting numerous other websites (and possibly managing other services such as email) which will all be disrupted.
3. Can't the web hosting provider stop this?
The hosting provider is likely to have systems in place to detect when a DoS in happening. In most cases, the DoS will be attacking a single IP address, so they will immediately block all traffic by disabling it. The usual protocol to follow would be to keep it disabled for a few hours, then enable it again and monitor to see if the attack has subsided. If not, it will be immediately disabled again.
4. Why has my site been targeted?
Firstly, it has to be noted that most DoS attacks have a purpose. For someone to carry out a DoS attack, it is more than likely costing them money, so essentially they are being paid by someone to cause specific harm to your business. Typical reasons maybe that you have advertised a big promotion or sale on a specific date, or alternatively you may be exhibiting at the biggest event of the year...all reasons why a competitor may be motivated to bring down your website.
5. I've received a ransom email...what do I do?
A typical practice when your site has been targeted is to receive a ransom email similar to the one below:
General rule of thumb here...DON'T PAY IT. If you are being subjected to a DoS attack, don't be tempted to pay these. Firstly, it is unlikely that the attack will stop, and secondly if you pay, expect to receive another ransom note asking for more money.
However, if you do ever recieve an email similar to the example above, don't ignore it. Pass it on to your web developer or hosting company as soon as possible. It may just give enough time to prepare a response.
And the solution to prevent this is...
Unfortunately, DoS attacks are a sign of the times. They are not going to go away. There are methods of protecting your website, but of course these can be costly (At least around £120 per month). Ultimately, you just have to weigh up the value of the protection, and how much you could possibly lose if your website was unavailable for 24 to 48 hours. As they say, prevention is better than the cure.