DDoS Attacks and Resolutions

As technology becomes more powerful, cheaper and efficient, malicious activities only become more likely.  In this day and age where attacks on websites are growing more common, websites need to be prepared in order to help keep attackers at bay.  There are a wide array of DDoS attacks, from flood attacks to the dreaded “Ping of Death”.   There are also many ways of mitigating these attacks, or stopping them altogether.

When facing an ongoing DDoS attack, in order to even access the server, you may need to turn off IIS/Apache for a limited time.  This way, you can continue with mitigating and preventing the ongoing attack.

You now need to identify what method is being used by the attackers.  For web servers, monitoring logs and information on who is hitting your server and website can provide the most valuable knowledge.  If you do not have access to the site logs, we recommend asking your hosting provider for a copy of your logs.  In most cases the hosting provider should have no issue producing this for you once they verify your identity.

Once the method of the attack is identified, you can work towards patching the issue and mitigating/stopping the attack.  After the danger has passed and you know your site’s security has been restored, it’s time to revisit your hosting security.  If you have remote access to the area that the website is on, here are a couple suggestions to help mitigate future attacks.

  • Harden TCP Stack: This applies to older Windows servers that have a much higher limit on the amount of TCP requests that could hit the server. By tweaking the TCP stack, you can harden it to future attacks that may hit the server making it much more difficult for the attacker to be successful. 
  • Dynamic IP Address Restrictions: Using this method, the theory is that if an IP address makes too many requests, you block requests from that IP for a temporary amount of time.  IIS has a tool specifically for this.
  • 3rd party firewalls: If you have already gone through logs and are unable to modify the current firewall on the server to help mitigate/block attacks, we recommend considering a 3rd party site firewall.  A few leaders providing this service are Sucuri, CloudFlare and SiteLock

With these protections in place, most attacks can be mitigated and even prevented altogether.  Need help implementing these protective measures on your site?  Give us a call at 888-321-8422 (toll free) or fill out our contact form and we’ll be happy to reach out to you.

Have more questions? Submit a request
Powered by Zendesk