Cyber Month Deal - up to 36% OFF

Can DDoS attacks harm your server and how to prevent them?

Published on Aug 21, 2019 Updated on Jun 15, 2023

DDoS (distributed denial-of-service) attack is one of the most common forms of cyber-attacks these days. Their scale already exceeds one terabit per second and over 2000 of such attacks are being observed daily by Arbor Networks. So, should you care? Surely! It’s important to secure your network to stay calm and ensure uninterrupted services to your customers.

Possible Harm

DDoS attacks disturb regular tasks of a targeted computer system by flooding it with bogus traffic from numerous compromised machines. As a simple example, if your e-commerce site is under DDoS attack, your customers are withheld from placing new orders. If it’s a call center, your clients cannot make or receive calls. If it’s a booking engine, your clients are not able to make new reservations. In other terms, your service is being denied. Still, can these service disruptions make a lasting impact on your system and harm your customer base? Let’s try to answer this point by point.

  • Service disruption. First and foremost, DDoS attacks deny access to your website or services. The attacker abuses a network of infected or misconfigured machines – servers, routers or even PCs - to generate enormous amounts of bogus traffic to a single system, making it temporarily unavailable.
  • Higher costs. Most hosting and cloud providers charge their clients for additional bandwidth or computing power. When you are having a DDoS attack, your ingress traffic skyrockets and your infrastructure may start scaling out very rapidly, if auto-scaling is enabled. You might get surprised when you receive your next bill, because of the Internet traffic and computing resources expenses that have gone through the roof this month. Do not forget to check your provider's bandwidth policy to avoid such bills.
  • Data loss. Because of an overwhelmed data base and system, unsaved work might not be stored or cached. This may be a serious issue for businesses that deal with mission-critical workloads or run some online transaction processing application where data consistency is paramount.
  • Intermixed logs. Your real server logs will mix up with thousands of attack logs, so it will be hard to filter and check if everything works correctly. Alternatively, you may have set if-then rules and made your system self-reactive. In such case, intermixed logs may hurt you a lot by causing real damage to your system.
  • Distraction. DDoS can be used as a distraction technique. While you are busy filtering your traffic, small damaging attacks are executed simultaneously. Such an attack happened a few months ago with Electrum Bitcoin wallet, which said to be the safest cold wallet in the world. A huge DDoS attack from over 150 000 infected hosts has been launched onto Electrum network, disrupting all customer transactions. In parallel, a phishing attack forced a roguish message to be popped out to clients, asking them to update their software. People then mistakenly installed malicious software, which immediately pointed all their savings to the scammer’s wallet.

How to avoid DDoS?

As DDoS attacks keep growing in volume and frequency, we should prevent them from making harm to your projects. You should plan ahead to secure your network and minimize the impact of such intrusion. So how to prevent ddos attacks?

  • Choose a cloud provider that offers DDoS protection. Most hosting and cloud providers offer basic protection against most popular DDOS attacks such as UDP, NTP, SSDP, CharGen, DNS. However, this will not make you 100% bulletproof. Some providers also offer advanced security measures like DDoS scrubbing protection that gives you customized real-time protection based on machine learning algorithms. It takes time for AI model to learn and recognize malicious traffic, but after some time, this protection should filter and block up to 100% of incoming DDoS attacks.
  • Build redundant infrastructure. Spread your project across multiple data centers with a good load balancing system to distribute traffic. This works best when you choose data centers in different countries or at least use different Internet service providers.
  • Defend manually. If you can access your server when being under attack, adjust the following network configuration rules to protect your system:
    • rate limit your router to prevent your Web server from being overwhelmed;
    • add filters to tell your router to drop packets from obvious sources of attack;
    • timeout half-open connections more aggressively;
    • drop spoofed or malformed packages;
    • set lower SYN, ICMP, and UDP flood drop thresholds;
  • Keep it fresh. Always update your software to the latest version. It not only protects you from bugs and vulnerability exploits but also helps you avoid DDoS attacks. For example, some older software allows unlimited ping-backs without an option to set a limit on them.
  • Review your DNS zones. We usually forget the simple things. Make sure you have no testing domains or abandoned subdomains that run outdated software. Check whether there are any mistakenly added A records. Audit your DNS zones, CNAME and MX records to make sure everything has been set as you intended.
  • Hide your BIND version. Hackers often find their targets by running scripts that target specific versions of network software. An attacker could easily gain your DNS server version by running a simple query like this: dig @ns1.server.com -c CH -t txt version.bind You can hide your BIND version by editing /ets/named.conf file. Locate options configuration block and change version "BIND"; to a word of your choice. For example version "Unknown"; Save the file and restart BIND to apply change.
  • Disable DNS recursion. DNS cache poisoning is one of the most usual DNS attacks. This happens when a spoofing attack is initiated in the middle, giving information to a DNS server that hasn’t been authorized by DNS sources. Such vulnerability allows traffic redirection from one host to another. Still, you can easily avoid this. To disable DNS recursion, add these lines inside the options configuration block inside named.conf file:
    allow-transfer {“none”;};
    allow-recursion {“none”;};
    recursion no;
    
    Restart your BIND to apply changes.
  • Use 3rd party DDoS mitigation provider. If you get tons of attacks and cannot handle them by yourself, you should call for help DDoS protection specialists. There are several well-known providers like Cloudflare, Imperva and CloudLayar that offer basic DDoS protection packages for a low price. In case you are in a deep trouble, call their support and ask a system audit to find any additional vulnerabilities. Keep in mind, while basic packages cost near to nothing, advanced DDoS protection is not cheap.

Conclusion

Hackers are getting better each day with more and more methods available for finding vulnerable systems on the Internet. Nevertheless, there are now a lot of ways to protect your business and avoid DDoS attacks whatsoever. Do not hesitate to take preventative actions in advance and you will sleep well at night.

Cloud VPS - Cheaper Each Month

Start with $9.99 and pay $0.5 less until your price reaches $6 / month.

Share this article

Related Articles

Published on Nov 28, 2019 Updated on Aug 8, 2023

Streaming Servers: Everything You Need To Know

What are Live Streaming servers. How do they work? Why do you need a stable and fast network? We will try to cover these topics on our article.

Read More
Published on Jul 8, 2022 Updated on Oct 4, 2023

How to Install and Configure Apache Reverse Proxy Server With SSL/TLS Encryption

This step-by-step guide will explain what a reverse proxy is and show you how to install Apache reverse proxy server with SSL/TLS encryption.

Read More
Published on May 9, 2022 Updated on Nov 6, 2023

How to Install MongoDB on Ubuntu 20.04 | Step-by-Step Tutorial

Learn how to install and start using MongoDB - an open-source document-oriented NoSQL database that is popular in building fast and scalable applications

Read More
We use cookies to ensure seamless user experience for our website. Required cookies - technical, functional and analytical - are set automatically. Please accept the use of targeted cookies to ensure the best marketing experience for your user journey. You may revoke your consent at any time through our Cookie Policy.
build: 06ac5732e.831