Posted: May 14th, 2018
Issue Description
A Denial of Service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. A DoS attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. A DoS attack may be distributed among many sources making it a Distributed Denial of Service (DDoS) attack which can be very difficult to defend against. Some of the largest private and government websites and resources on the Internet have been taken down by DDoS attacks.
The most common type of DoS attacks are perpetrated by consuming resources such as bandwidth, memory, disk space, or processor time. The methods used to achieve these effects can vary greatly.
For victims of DDoS attacks we do offer the Incapsula anti-DDoS plug-in, available for purchase through KEKhost/KEKhosting. Please send your inquiries to our sales department.
Vulnerabilities Causing DDoS Attacks
It's safe to say that most customers would not be part of a DDoS attack by choice. If your server is vulnerable to or currently part of a DDoS attack it will require action on your part to correct the issue to prevent it from happening or to stop it and prevent it from happening again.
> Reflection
There are a number of very commonly known vulnerabilities that can cause your server to be part of a DDoS attack by what's called 'reflection'. This involves sending forged requests to a very large number of computers only to have those computers reply to the forged requests. When forging the requests the target of the attack is used as the source IP address which means all the replies will go to (and flood) the target.
Some services will actually reply to requests with more data than they received which is an opportunity for the attacker to amplify the attack against their target. They will use services that not only reflect packets back to spoofed sources but services that increase the amount of data sent to the target of the attack.
> Compromised account running malicious program
In some less common cases, a compromised user account or even a compromised website can be used to run malicious programs to perform denial of service attacks. In such case our article to diagnose Outbound Hostile Traffic might help you.