“I think someone is trying to put me out of business.”
I recently received this message from a small business owner providing a cloud service. During their peak hours, someone was launching a DDoS attack against their servers, bringing their service to a halt.
With the business’s customers experiencing service interruptions, they were thinking about going elsewhere.
Thankfully, one free tool is all it took to stop things.
But first: DDoS Attacks
Put simply, DDoS attacks are when an attacker uses a special program or botnet (a network of remote-controlled computers) to overload a web server with spam traffic. All web servers have limited bandwidth, DDoS attacks aim to use up all of that bandwidth to make the site or service inaccessible to legitimate users.
Unlike ransomware attacks, DDoS attacks aren’t always financially motivated. They could come from a business rival hoping to put you out of business, or they could be attacks of revenge performed by hacktivists, disgruntled former employees, or even angry customers with a grudge.
Plus, DDoS attacks are cheap and easy to set up, even for inexperienced bad guys. There are simple programs out there that allow individuals to attempt attacks themselves.
DDoS Protection Tools
Thankfully, there are many tools out there that provide DDoS protection, some even do it for free.
Cloudflare is perhaps the largest and most well-known provider of DDoS Protection. It works by blocking spammy traffic, keeping it from ever reaching a website’s servers.
Every once in a while when browsing the Internet, you may run across a “Cloudflare is checking your browser message.” This indicates the site you’re accessing is running Cloudflare and that the tool is working to confirm that you are legitimate traffic.
Other DDoS protection services include Imperva, Akamai, Fastly, and F5. AWS offers Shield as a native (but extra cost) DDoS protection tool for servers hosted on its infrastructure.
Lastly, many web hosting providers offer some sort of built-in DDoS protection, especially if you are on a high-tier plan. It doesn’t hurt to make sure it’s turned on!
Conclusion
Small business owners with small websites or services are likely particularly vulnerable to DDoS attacks. Small websites on small, cheap hosting platforms aren’t likely to be running DDoS protection by default. And their small bandwidth allowances will likely be easy for attackers to overcome.
All businesses should be running DDoS Protection! Even if your website is only for marketing and doesn’t host a business-critical application, users are really unlikely to buy from a website that is unreachable.
I had the small business owner who contacted me install Cloudflare free. While Cloudflare free is lacking some business-friendly features and won’t protect from large-scale attacks, its protection was enough for the small application.
After installing Cloudflare free, the attacks were stopped and the small business owner’s service was able to run uninterrupted!
Want to get great cybersecurity content delivered to your inbox? Click here to sign up for our monthly newsletter, Tales from the Click.
If you are pursuing a SOC 2 audit in the near future and evaluating tools, you would like our whitepaper that compares SOC 2 compliance software vendors.