Most probably you have heard about DDoS attacks if you have been in the online business for a while. DDoS (Distributed Denial of Service) is not a new term. The term DDoS has been known from the early 90s and it has been used to put web services out of order by sending out loads of requests to the victim’s server.
The DDoS attack is a method in which an attacker sends traffic (in some cases, called “requests”) through compromised networks and computers to a single target, thus making the targeted system so busy that it stops responding to any other requests coming from legitimate users. These tactics are being used by attackers to target and blackmail specific sites and demand ransom.
- How DDoS Work?
- Volumetric Attacks
- Application Level Attacks
- Request Flooding Attacks
- Asymmetric Attacks
- Repeated One-Shot Attacks
- Application Exploit Attacks
- Protection against DDoS Attacks
- Switches and Routers
- Intrusion Prevention Systems (IPS)
- Scrubbing and Blackholing
- Fix Vulnerabilities in WordPress
- Block XML-RPC functionality on WordPress
- Update Your WordPress Version Regularly
- Get in Contact with Your Web Host
- Using Security Plugins
- Suggestions by Security Analyst on Quora
How Does DDoS Work?
During a DDoS attack, a target server or network receives requests from compromised systems. The requests are so frequent that the bandwidth limit of a network or resources of a server maxes out. This slows down the server response and in severe cases, it is rendered useless.
There are various types of DDoS attacks and you will need some time to understand each of them. In this blog post, I am going to briefly explain the two most common types of DDoS attacks that are Volumetric Attacks and Application Level Attacks.
In this type of attack, a target site or a network is bombarded with traffic and requests from botnets and infected zombie systems. The attack types that fall under this category are connection floods, TCP SYN floods, and ICMP/UDP floods and mainly target the third and fourth layers, namely Network Layer and Transport Layer respectively.
These types of attacks utilize infected systems to generate a high bandwidth of traffic. The systems are distributed geographically with bandwidths exceeding well over 10 TBPS and these attacks are becoming even more sophisticated.
Application Level Attacks
Application Level DDoS Attacks is also known as the Layer-7 DDoS attacks. These attacks usually target the vulnerabilities in web applications by sending traffic to particular sections of a website. This also increases the bandwidth consumption, but Application Level DDoS attacks do not usually take down a website. However, it slows them down by a great deal.
These attacks are much harder to detect as the traffic looks as if it is coming from real humans. These attacks usually utilize HTTP, DNS, and SMTP requests. Major types of Application Level DDoS attacks are:
1. Request Flooding Attacks
In this type of attack, Application Layer receives a high amount of requests on HTTP and DNS.
2. Asymmetric Attacks
In this type of attack, Application Layer receives high-workload requests that consume server resources such as RAM and CPU.
3. Repeated One-Shot Attacks
These attacks target both Application and Network layers by sending high-workload requests on applications combined with TCP sessions.
4. Application Exploit Attacks
This kind of attack target application vulnerabilities that take over or manipulate an application to cause a server or OS malfunction. Most common of them are SQL injection, cookie poisoning, and cross-site scripting
Even the Mighty Fall Prey to DDoS Attacks
With so many complexities and kinds of DDoS attacks, it has almost become impossible to completely safeguard your servers and applications.
Just this July, I read that “DDoS Attacks Could Disrupt Brexit Negotiations”. Another nature of attacks is disturbing as it shows that DDoS attacks have become a business.
Founder of Moz, Rand Fishkin had also tweeted about it to inform the community.
Bold DDoS attack on Moz this AM. Perpetrator emailed us to demand ransom in exchange for backing off. Remarkably sophisticated attack too.
— Rand Fishkin (@randfish) April 25, 2014
Protection against DDoS Attacks
There are precautionary steps and methods to lower the effects of DDoS attacks and in many cases, smaller DDoS attacks can be completely overridden.
There are methods that can be employed at the network level to detect and block illegitimate traffic. Most modern networking hardware has specialized hardware accompanied by software that can detect and filter the traffic.
Switches and Routers
These days, intelligent routers and switches are equipped with software capable of rate-limiting. Through this, the network hardware can identify bogus IPs that are sending illegitimate requests and block them from further eating away system and network resources. SYN flood attacks and attacks from “dark addresses” can be easily blocked by them.
In most cases, you do not have access to invest in the networking hardware used by your hosting provider. Your best bet is to go with a managed WordPress hosting platform that hosts at reputable data centers that are equipped with high-end networking hardware and provides an initial level of security against DDoS attacks.
One of the reasons why we, at Cloudways, have partnered up with DigitalOcean, Amazon, Vultr, Google, and Kyup that their data centers are fully maintained and equipped with intelligent hardware running the latest software. With no additional cost to its clients, Cloudways provides DDoS prevention at its networking core.
Intrusion Prevention Systems (IPS)
There are systems that detect the behavior of DDoS attacks. These are offered by many security companies out there that have developed systems that detect legitimate and illegitimate traffic patterns and filter them. These systems detect pockets of data on the network and block any malicious activity.
Scrubbing and Blackholing
All the incoming traffic is passed through a “scrubbing center” before accessing a network or application. These are maintained by companies that provide DDoS mitigation services and therefore, they cost a lot. But, if you are a victim of large DDoS attacks affecting your business, then you have no choice other than to invest in DDoS mitigation service.
Cloudways provides an initial level of security to its clients. They receive fully updated servers with application and server level firewalls that help in detecting the unusual behavior of traffic and halting hacking attempts at an application level.
Fix Vulnerabilities in WordPress
I must admit that it pains me when I hear news like DDoS attackers exploit WordPress powered websites to carry out large DDoS attacks.
I know WordPress is among the best CMS solutions out there and it is backed by a huge community of developers, designers, and bloggers.
However, the problem remains that WordPress is prone to vulnerabilities and some of the exploits are very easily utilized by DDoS attackers. One reason is that WordPress holds 28 percent share of the entire web and therefore, it is an attractive target. However, a lot of the blame lies on WordPress website operators. Most users do not even know that their website is being used as a zombie to attack another website.
Securing your website against a DDoS attack is a tough job. But, they say it’s better to be safe than sorry. The best you can do to reduce the threat of DDoS attacks is by fixing vulnerabilities in your WordPress sites.
1. Block XML-RPC functionality on WordPress
This functionality is enabled by default since WordPress 3.5 and provides services like pingbacks and trackbacks among others. These can be easily exploited to send HTTP requests to a target website. If thousands of WordPress websites are compromised and they start sending requests to a target website in parallel, a large Application Layer DDoS attack can occur.
It is better to shut down the XML-RPC functionality on all of your WordPress websites, so they cannot be used to launch a DDoS attack that utilizes pingbacks and trackbacks.
Just add the following code into your .htaccess file.
# START XML RPC BLOCKING <Files xmlrpc.php> Order Deny,Allow Deny from all </Files> # FINISH XML RPC BLOCKING
Alternately, you can use a plugin like Disable XML-RPC Pingback to disable the pingback and trackback functionality and keep other functions of XML-RPC intact.
2. Update Your WordPress Version Regularly
One thing that we get by using WordPress is that it is regularly updated with better security enhancements thanks to contributors and a vibrant community.
Things to update:
- WordPress installation
- WordPress themes
- WordPress plugins
- PHP version on the server
- Apache version
- MySQL version
- OS version
- Any other script or software that you use
Apart from updating your WordPress and its related elements, Cloudways maintains all the server side updates.
3. Get in Contact with Your Web Host
You should get in touch with web hosts and discuss if the servers and network hardware are updated with the latest versions of the software. Also, you should discuss what security measures that your web hosts provide.
Cloudways provides many security features to its clients without any additional costs:
- SFTP & SSH Access
- Application Level Firewall
- Operating System Firewall
- Auto backups, Server Cloning, and Auto-Healing
- Dedicated IP on Cloud Server
- Auto updates and patches of OS and services
- Application updates and notifications
4. Using Security Plugins
Configuring a security plugin can add a layer of defense to your WordPress website. I prefer to use WordFence as they actively monitor and prevent DDoS attacks happening around the globe on WordPress websites.
Security plugins do take a chunk out of your web servers, as their scripts utilize a lot of resources to monitor various security threats that your WordPress website facing. A server maintained by Cloudways is fully capable of handling resources needed by security plugins like WordFence.
5. Suggestions by Security Analyst on Quora
Meinton Navas, an information security analyst, had this to say when asked about how to protect WordPress websites against DDoS attacks. Read his thread, “How do I protect WordPress sites from DDoS attacks?” on Quora.
Hardening our websites’ security especially those that run WordPress should be our top priority now. It will help in lessening the DDoS threat level as it decreases the number of vulnerable WordPress resources available to the attacker.
Start Growing with Cloudways Today!
We never compromise on performance, security, and support.