How much time do you really need to connect DDoS protection?

A distributed denial-of-service attack (DDoS attack) is an attempt to overwhelm a website or online service with traffic from multiple sources in order to make it unavailable for users. Online retailers are completely dependent on the Internet which makes them especially vulnerable to cyberattacks. Even short periods of downtime can be devastating for online stores. Hackers can do a lot of damage to a website: sales and profit lost, increased chargeback costs, ransom payments etc. Fortunately, business owners can protect their websites from hacking and the catastrophic consequences of a DDoS attack. Most website owners try to resolve a DDoS attack without external help, and, where that does not work, seek a protection services provider to connect a professional DDoS protection solution. However, some business owners manage to stop a DDoS attack. Why do some companies need help and others not? How long does it really take to connect DDoS protection?

Scenario 1: a website owner connects a professional protection solution

Let’s imagine that there is an online store selling clothes. One day its owner notices that at first his site starts working slowly and then shows an error (502 bad gateway, 503 service temporarily unavailable). What actions are normally taken in such situations?

1. At first the client does not understand why the site shows an error. It takes about two hours to discover the cause of the problem

2. Then he realizes that a DDoS attack is happening and tries to figure out how to stop it on his own. It usually takes two or three more hours.

3. When the owner of the internet-store understands that he can not handle the problem himself due to lack of capacity and also because he is not ready for such a situation in general, he starts looking for a protection services provider. He tries to obtain a DDoS protection solution and suddenly it turns out that he needs to update the DNS and it will take more time (it can be minutes, but also it can be hours).

As a result, the consequences of one-day downtime can be loss of: revenue, new opportunities, clients and reputation. 

Despite the apparent simplicity of DDoS protection it will take several hours or a whole day to implement a professional website protection solution. That is why it is important to have DDoS protection before problems happen. 

Scenario 2: what a website owner can do on their own 

If the website owner has enough resources, capacity and knowledge, they can try to stop an attack on their own. Let’s consider the basic counter measures if an attack happens.

There are different types of DDoS attacks but in general, there are two main ones: at the packet level and at the application level.

Key recommendations if you observe an attack at a packet level (L3-L4)

  • Examine the attack power – can you possibly mitigate it without external help?
  • Capture the attacking traffic and check what protocols are used for the attack (using Wireshark, tcpdump or similar tool). Try to find out if it is possible to block these protocols on higher-level equipment or with the help of your Internet Service Provider (ISP)
  • If not, you have to analyze traffic (use built-in statistics tools in Wireshark) and find out if it is possible to block certain protocols/signatures or IP addresses from which the attack is carried out. It is worth remembering that a significant number of attacks at the packet level are carried out from arbitrary (generated) IP addresses
  • Protect the server with firewall as much as possible closing all unused ports and limiting the number of requests from one IP address
  • If an attack is carried out via TCP protocol, use TCP SYNPROXY, built into the Linux kernel, with the help of iptables

Recommendations to mitigate an attack at the application level – HTTP (L7)

You need to use all the above recommendations to mitigate an attack at a packet level plus some more advice:

  • Check the optimality of settings of web-server (nginx or Apache)
  • Analyze the requests you were attacked with – you can use web server logs. If attacks come from a limited number of IP addresses or have similar signatures, that differ from legitimate traffic, they can be blocked manually via the web server configuration
  • Use fail2ban or manually automate the ban of addresses that violate “the rules”
  • Use the “testcookie” module for nginx for an easy check of browsers for cookie support and HTTP redirect

There are different countermeasures against DDoS attacks. You can try to mitigate an attack yourself but it is important to remember that your resources (servers or Internet bandwidth) are limited. If the attacker’s resources exceed yours, you won’t be able to stop the attack yourself. You need to ask your ISP if they can stop a DDoS attack or urgently look for a company that specializes in this.

In conclusion

You can mitigate an attack on your own given that your infrastructure is ready for that and you have the necessary capacity to do it on your own. If the capacity of the attacker exceeds yours, your efforts will likely fail.

You can ask your ISP to mitigate the attack but this method does not guarantee solving the problem either. Not all ISPs have necessary resources and knowledge as DDoS protection may not be their specialization.

It is better to contact a specialized DDoS protection services provider in advance and set up professional protection before attacks happen.


Bekki Barnes

With 5 years’ experience in marketing, Bekki has knowledge in both B2B and B2C marketing. Bekki has worked with a wide range of brands, including local and national organisations.

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...