Learn what DDoS attacks are, different types of DDoS attacks, why they are harmful to websites, how they work, and how to avoid them.
A DDoS Attack (short for distributed denial of service attack) is a type of cyber-attack which typically targets a website or web application. During a DDoS attack, a very large amount of packets or requests are sent to the target website, in an attempt to use up all of the servers resources (memory, CPU, etc) in order to cause it to stop functioning properly, therefore making the website inaccessible to the public. Typically, an attacker sends a DDoS attack from many servers (called a Botnet) to one target, to send the most amount of data/packets or requests possible.
A layer 7 DDoS attack (distributed denial of service attack) is a type of DDoS attack that sends HTTP traffic to a website in order to consume resources and hamper a website's ability to deliver content to visitors. The Web Application Firewall (WAF) service can protect layer 7 HTTP-based resources from layer 7 DDoS and other web application attack vectors, but it can often be difficult to mitigate large attacks with server software.
A Layer 4 DDoS attack is often referred to as a SYN flood. It works at the transport protocol (TCP) layer. A TCP connection is established in what is known as a 3-way handshake. The client sends a SYN packet to the target (server), the server responds with a SYN ACK, and the client responds to that with an ACK. After the "three-way handshake" is complete, the TCP connection is considered established & complete. Attackers can send SYN Floods (layer 4 DDoS attacks) in an attempt to stop one's network from functioning properly.
As with all DDoS attacks, the goal of a layer 3 DDoS attack is to disrupt a program, service, computer, or network, or to fill up capacity so that no one else can receive service. Layer 3 DDoS attacks typically accomplish this by targeting network equipment and infrastructure, or often by using the ICMP protocol, which is used when pinging a target. If you are receiving an attack via the ICMP protocol, all you need to do is disable the ICMP protocol on your machine, and you should be fine. ICMP is hardly ever needed.
DDoS attacks are annoying, and we're guessing you're experiencing one judging by the fact that you are reading this. We're here to help you mitigate them. With each layer (7/4/3) comes a different approach in regards to mitigation.
• Layer 7
HTTP flood attacks are the most common type of Layer 7 DDoS attacks. An HTTP flood attack utilizes what appear to be legitimate HTTP GET or POST (malicious/fake) requests to attack a website. These flooding DDoS attacks often rely on a botnet, which is a cluster of computers that have been maliciously taken over through the use of malware. There are three services that we recommend you use in order to mitigate such attacks, being DDoS-Guard, BotGuard, and Cloudflare. The two most effective ones are DDoS-Guard and Cloudflare Pro, but BotGuard will certainly mitigate small to medium sized attacks. DDoS-Guard and Cloudflare are more reliable when it comes to mitigating large-scale HTTP Flood attacks because when you visit a website using DDoS-Guard or Cloudflare, your request first goes to DDoS-Guard's or Cloudflare's servers, whereas with BotGuard, you need to install the BotGuard web server module on your web server, so any malicious requests hit the actual web server first, and not a separate cloud service, slowing down your server.
• Layer 3/4
These type of attacks are often relatively easy to mitigate as long as you go with the right server provider. OVH provides over 11 terabytes per second of Layer 3/4 DDoS Mitigation. OVH is highly reliable, has a variety of locations to choose from for your server, and has a proven track record. Though we are a customer of OVH, we are also a customer of BuyVM. BuyVM provides strong DDoS protection (as does OVH) for an additional $3.00/month, with a network capacity of over 7 terabytes per second and 750 million packets per second, powered by PATH, which has easily eaten an attack greater than 500 million packets per second. These two providers are great choices, but if you're wanting something free, we recommend Cloudflare.
• Other suggestions
It is highly recommended that you have a web application firewall (WAF), standard firewall, and an intrusion prevention software on your web server. We recommend using Modsecurity, Fail2ban, UFW (which comes preinstalled in Ubuntu), and some of the providers mentioned in the Layer 7 section seen above on this page such as BotGuard, DDoS-Guard, or Cloudflare for a web application firewall. Additionally, for security, you should 1. always change your SSH port (default is 22), 2. always use SSH key authentication rather than password authentication, and 3. disable root SSH login.
Swivro truly cares about security and your online privacy, which is why we've chosen to host our website and servers in Europe. We take many precautions to ensure Swivro's security is always at it's greatest.
Below you can see some things we use to allow you to remain anonymous and secure when visiting our website, while also keeping your privacy.