Accept

We use cookies in order to save your preferences so we can provide a feature-rich, personalized website experience. We also use functionality from third-party vendors who may add additional cookies of their own (e.g. Analytics, Maps, Chat, etc). Read more about cookies in our Privacy Policy and Terms of Service. If you do not accept our use of Cookies, please do not use the website.

What Is a DDOS Attack and How Do We Respond

<  Blog Home
October 15 2018
October 15 2018
By

The internet is a lot like the wildwest—it operates on trust with very little oversight and no policing, everyone has to look out for themselves. Which makes it very easy for bad actors to anonymously disrupt a website if they want to. One of the most common and difficult types of attacks to respond to is a DDOS (Distributed Denial of Service). This type of attack isn't necessarily a security vulnerability, but it does cause a "Denial of Service" when so much traffic comes to your web server that it is not able to serve real visitors. And the attack is "Distributed" because the traffic looks like it is coming from random legitimate visitors (IP address spoofing). This type of attack can come from a bored teenager or a sophisticated criminal network that has a "botnet" (thousands of hacked computers that are harnessed to carry out the attack at a greater volume).

Prevention Options

Preventing sophisticated DDOS attacks is impossible. Because the internet is based on trust, there is no way to determine which traffic is legitimate and which is fake. There are only a few options, and none of them are great.

Block Traffic

You can easily block all traffic that fits a certain pattern that looks suspicious, but in the process you will also probably block some legitimate traffic. For example, many DDOS attacks pretend to be search engine bots (from Google, Bing, and every other service out there). So if you block these IP addresses or bot names, you are actually blocking Google's search indexing too.

Increase Server Power

Depending on the resources of the attacker, you can increase your server capacity so that it can handle the extra traffic and still serve real visitors. The hope here is that your attacker will exhaust their resources before you exhaust yours. Huge companies like Google are less vulnerable to small recreational attackers, but even their services get overwhelmed sometimes. So if an attacker has the resources, they can even take down the biggest targets.

Finding the Balance

Our strategy is to try to find a balance. We want to make sure our servers can handle spikes in traffic, but at some point it becomes necessary to also block suspsicious traffic. Unfortunately, that sometimes means temporarily blocking legitimate traffic including search engine bots. But we'd rather the majority of visitors are able to access your site (even if search engines can't refresh their index), versus no one having access because the server is overwhelmed by the DDOS attack.

We monitor these attacks and have to continually manually modify our response. Often times though, the attackers will keep sending small pings to our server, and as soon as they detect we've removed our ban on their bots, they immediately start attacking again. So it's ultimately a waiting game, we have to wait until they move on to another target.

We wish there was a better way to respond, but unfortunately there is not. We can work to keep the server up and ensure that the servers remain secure. But if someone wants to randomly attack your site or the server your site is running on, there is only so much that the internet protocols allow us to do.

Tags : ddos, server, bots,


Archives

December 11, 2018

Attention: End of Service for Old Bounce Server

Attention: End of Service for Old Bounce Server
Chadwick Meyer
If you haven't updated your domain DNS settings in the last year, to match the information in your control panel, you MUST to take action before January 15, 2019 or else your website will stop ...
June 07, 2018

San Francisco MLS Feed Is Now Available for All Member Agents

San Francisco MLS Feed Is Now Available for All Member Agents
Chadwick Meyer
We have great news for all our Realtor Clients in San Francisco and the Bay Area. Due to historic MLS rules, only brokers were allowed receive the live MLS feed for San Francisco property data. But ...
May 11, 2018

Compliance Changes for the new European General Data Protection Regulation (GDPR)

Compliance Changes for the new European General Data Protection Regulation (GDPR)
Chadwick Meyer
You may notice that a new Cookie Consent notice appears at the top of your site today. This is a new requirement for compliance with GDPR, and we've added it to try to help your site be compliant....
May 07, 2018

Support Improvements

Support Improvements
Chadwick Meyer
We are very pleased to share news about the growth of Gutensite.   More Agents - Some of you who have recently called into our Website Support line may have noticed a new voice on the other ...
April , 2018

Free SSL for All Sites Will Improve Security, Trust, SEO Ranking, and Speed

Free SSL for All Sites Will Improve Security, Trust, SEO Ranking, and Speed
Chadwick Meyer
We are extremely excited to be nearing the end of a major Gutensite platform rebuild which will offer a completely new design, workflow and modern framework. This ambitious work on the 2.0 platform ...

2018 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2017 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2016 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2015 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2014 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2013 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2012 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2011 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2010 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2009 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2008 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec