DDoS attacks. We’ve all heard about them, right? Whether you’ve speed-read headlines about the massive DDoS attacks Sony faced in 2014, perhaps you’ve been playing on an online game server to only have it suddenly wiped offline or maybe even your own project has been the target of a DDoS attack. Whichever context you’re familiar with DDoS attacks in, everyone in the vast land-of-internet has at least heard of DDoS attacks, even if only in the abstract.
What exactly is a DDoS attack though? A “DDoS attack” is an abbreviation for a distributed denial of service attack. This would be a network of conspiring (often compromised) machines targeting one host network in an effort to render the server host/application unreachable. Looking to do some online gaming with friends? Network unreachable? This could be an indication of an ongoing DDoS attack targeting the game server host. It may be a while before you can get back in game and get back to headshotting the zombies.
With the frequency of DDoS attacks on the rise while the world is on lockdown and the expected continued increase going into 2021, DDoS protection is more important than ever for anyone running any sort of online service. The vast majority of hosting providers claim to have powerful DDoS protection backing up their servers - but unfortunately not all DDoS protection is made equal. DDoS protection is not simply an “I have it or I don’t have it” situation. There is varying levels of DDoS protection one can have for their online service. How technically advanced is the DDoS protection? How many packets per second can it handle? How much raw throughput can it cope with? Is it able to mitigate sophisticated attacks that target vulnerabilities at the application layer? These are all questions you need to ask yourself, your hosting provider or your server administrator before being satisfied that with the illusion of “I have DDoS Protection, I’m good.”.
I have tried all sorts of Anti DDoS technologies from all sorts of hosting providers. Some have worked better than others but unfortunately mitigating the majority of a DDoS attack can be just as bad as not mitigating it at all. It can be equally as disruptive and harmful. For many years I was perfectly happy with my DDoS protected VPS, until one day I wasn’t. Unfortunately someone figured out a way to get around my VPS host’s DDoS protection and boom, my server is abruptly rendered useless. I tried begging, I tried pleading, I tried shouting. My VPS host was unable (or perhaps unwilling?) to do anything about the DDoS attacks against my VPS.
I began searching online for an alternative hosting provider whose DDoS protection had great reviews. I came across a hosting provider who had a pretty positive reputation for being able to mitigate just about any strength of attack - I rolled the dice and picked myself up a heavy-duty dedicated server. She’s a beast of a machine and is very well capable of running all of my applications and online services without taking a sledgehammer to my wallet. I digress however, in terms of DDoS protection, the server was great. I was able to go another 6 months without being effected by a DDoS attack… until one day I was.
The attack I received wasn’t necessarily large, but my God was it complex. My hosting provider was stumped by the attack and had no idea how to handle it. Bare in mind this particular provider is world renowned for their ability to block pretty much any DDoS attack. They’ve always been good to me and here was no exception, they were honest and made it clear that despite their best efforts, they did not know how to handle the attack. That is when they opened my eyes to something I had never considered, something I didn’t even know was possible…. remote DDoS protection. DDoS protection, provided remotely. When they first suggested this my response to them was: “Remote DDoS protection?”. That’s when they filled me in on the concept and even provided me with a recommendation.
Remote DDoS protection is a method of mitigating DDoS attacks that target your server by routing all traffic directed at your machine through another network, which has the capability of detecting and filtering out any malicious packets so that only valid traffic reaches your server. Pretty cool, right? A remote anti-DDoS service, who would of thought it? I was impressed by the idea, but was yet to be convinced. What makes the company providing the remote DDoS protection capable of blocking the DDoS attack any better than you can, I asked. Their response didn’t fill me with confidence, they told me that they can’t guarantee the remote protection provider will be able to remotely block the attacks but it’s worth asking them. I didn’t have much of a choice, so ask them I did. I reached out to Evolution Host to ask them about their
remote DDoS protection service, I told them about my situation and was even able to send them over a packet capture my hosting provider had forwarded onto me. This was when I was finally able to see a light at the end of the tunnel.
After I’d exchanged a few E-mails with Evo, I was put in touch with their head of networking (a very nice man named Paul) and he was able to analyze the packet capture that my hosting provider had sent me. Right off the bat he knew everything about the attack and how to go about blocking it. These are just words though, right? So I was keen to actually get on with testing it out. Within a few hours I had been setup with a remote DDoS protected IP address and shown how to block all traffic coming to my server that didn’t originate from my remote protected IP address. I updated all my DNS records and waited patiently for the attacks to arrive. I was carefully optimistic while also being a nervous wreck. What if it doesn’t work? There’s nothing else I can do. I’ll need to close up shop. But what if it does work? I’ll never need to worry about a DDoS attack again. These thoughts bounced around my mind for hours while I not-so-patiently awaited the first attack.
An E-mail arrived in my inbox: “DDoS attack detected” - my heart sank. This is it, everything is offline, surely, right? To my amazement…. everything was perfectly fine. I could reach my server, others could connect to my server, no lag, no random timeouts…. everything was working as normal. I couldn’t believe it, I had drawn the conclusion that I was doomed to suffer from this DDoS attack for all eternity. The remote DDoS protection worked, it actually worked!
I reached out to my hosting provider as well as Evolution Host to ask them what could they see on their end. Was it the same attack I had been targeted with before? Did it have any negative impact that I somehow missed or hadn’t thought off? I was informed it was the exact same attack method and that the DDoS attacker had become relentless trying to take my server offline. He was trying every attack method he had at his disposal to no success. Finally, I had won. The dark side of the force had finally been defeated (sorry, Star Wars geek).
I’m happy to say that this was over a year ago, I am still attacked regularly, but this time the only way I am aware of it, is the attack notification I receive to my inbox.
I hope my story brought a smile to your face and gave you some solace in the the fact you’re not alone and you’re not destined to suffer these attacks forever. There are options out there. Remote DDoS protection was right for me, there will be something that is right for you.
Thank you for taking the time to listen to me tell the tale of my experience with DDoS attacks and remember to never worry, everything is temporary.