Don't panic, it's DDOS!

What is DDOS and how to deal with it

Posted by CyberWiseSpace on August 09, 2021

Cyber security attacks are happening daily. The attacks are targeting different services and devices over the internet. But what are the cyber security attacks?
It can be in wide different shapes. The attack can try to inject some malicious code into your website to hijack your usual user session or brute force your login page until they manage to login to your service.
Your servers and services are constantly scanned and analyzed by rouge botnet to find any vulnerable door.Even if you are securely closed all open doors and you are verifying every single activity on your service, you can still got hit by attacker.
They can act as legit user and visit your website or your service but with millions of attempts every second. In this case your services are overwhelmed to response to attacker request than serving your usual customer, and your service becomes unavailable! That is simple definition of Deny of Service or, in short, for DOS attack.
DDOS is one of the most powerful attacks against any service since it is not originating from a single point. So, you cannot block single IP to stop it.
However, there are some solutions to reduce the risk of being unavailable or compromised.

1. Monitor your service and servers!

Monitoring is a key point to detect and identify before cyber attacks happen. If you can detect the attack before it damages to your business flow, you can implement security mechanism earlier. However, you need to remember that the monitoring system should not be in same system as your actual service is, because in case of incident you lose your usability of monitoring system!

2. Do not rely on a single server or service!

Many businesses are running on single website or server and if you are target by DDOS attack, you do not have second option. Try to replicate your service on other hosting service, so in case of your server is hitting you can safely redirect clients to backup site. If you have server setup, make sure you are duplicating every of your servers (Edge or gateways servers, applications servers, and databases servers).

3. Do not forget Two Factor Authentication (2FA)

Many recent DDOS attacks are brute forcing list of leaked username/ password combo on your login page to get access to your system. Make sure you set up 2FA for every login. This can be done by email, SMS, or verification application (like Google auth).

4. Setup Captcha for public forms

You might have public forms in your website (such as Contact Us form). Attackers can spam your services by constantly filling junk information there. Captcha is simple countermeasure against such attacks. The captcha is also useful for login pages.

5. Limit your access to your target markets

If you do not serve any geographical market (e.g., If you are servicing only to European and US markets there is no need someone from East Asia access your service). Therefore, you can reject every request out of your target market. However, this option is vary based on business model but if you are under DDOS you can implement it as emergency option.

6. Control your bandwidth

If you cannot block anyone from your IP list, you need to set up bandwidth control. It means you limit rate of requests from each IP. However, you need to do some math before it, to calculate average requests and delay any requests above the average. Unfortunately, the attackers become smarter and smarter these days and try to adopt they attack rates based on your limit. So, you need constantly monitor.

7. Contact the ISP or service provider

If you do not have control on any of your service, you need to contact your ISP or service provider immediately. They have proper countermeasure against DDOS attack.

All in all, DDOS is taking one of the biggest portion of cyber attacks and you cannot escape from it. The moment you are facing it, Do not panic and think of any suitable options you have to stop it.