Distributed Denial of Service (DDoS) attacks are one of the most common and disruptive cyber threats facing websites today. These attacks can bring down even well-resourced websites by overwhelming them with massive volumes of traffic from multiple sources. For Tanzanian businesses relying on their online presence, understanding DDoS attacks and implementing preventive measures is essential. This guide covers the fundamentals of DDoS attacks, their types, warning signs, and practical steps you can take to protect your SakuraHost-hosted website.
What Is a DDoS Attack?
A DDoS attack occurs when an attacker uses a network of compromised devices (called a botnet) to flood a target server or website with an overwhelming amount of traffic or requests. Unlike a simple DoS (Denial of Service) attack from a single source, DDoS attacks come from hundreds or thousands of different IP addresses simultaneously, making them extremely difficult to block using traditional methods.
The goal is straightforward: consume all available server resources — bandwidth, CPU, memory, or connection capacity — so that legitimate visitors cannot access the website.
Types of DDoS Attacks
| Attack Type | Layer | Method | Example |
|---|---|---|---|
| Volumetric | Network (L3/L4) | Floods bandwidth with massive traffic | UDP flood, ICMP flood, DNS amplification |
| Protocol | Transport (L3/L4) | Exploits protocol weaknesses | SYN flood, Ping of Death, Smurf attack |
| Application | Application (L7) | Targets specific web application features | HTTP flood, Slowloris, POST flood |
Volumetric Attacks
These are the most common type, aiming to saturate the target's internet bandwidth. Amplification attacks are particularly dangerous — the attacker sends small requests to third-party servers (like open DNS resolvers) with a spoofed source IP matching the victim's server, causing the responses (which are much larger) to flood the target.
Protocol Attacks
These exploit weaknesses in network protocols. A SYN flood, for example, sends a barrage of TCP SYN requests without completing the handshake, consuming server connection table resources until no new legitimate connections can be accepted.
Application Layer Attacks
These are the most sophisticated, targeting specific website features like login pages, search functions, or API endpoints with seemingly legitimate requests. They are harder to detect because each individual request looks normal — it is only the volume that makes them an attack.
Warning Signs of a DDoS Attack
- Website becomes extremely slow or completely unresponsive
- Server CPU and memory usage spike to 100% without explanation
- Unusual traffic patterns — massive spikes from geographic regions you do not normally serve
- Specific pages or endpoints become unreachable while others work
- Dramatically increased error rates (503 Service Unavailable)
- Hosting account bandwidth usage surges unexpectedly
Prevention Strategies
1. Use Cloudflare or Similar CDN/DDoS Protection
A Content Delivery Network (CDN) with built-in DDoS protection is the most effective frontline defence. Cloudflare offers a free tier that provides substantial DDoS mitigation by absorbing and filtering malicious traffic before it reaches your SakuraHost server.
2. Configure ModSecurity (WAF)
SakuraHost servers include ModSecurity, a Web Application Firewall that can detect and block many application-layer attacks. Through cPanel, you can enable and configure ModSecurity rules that filter malicious HTTP requests before they reach your application. See the OWASP Foundation for recommended ModSecurity rulesets.
3. Rate Limiting with .htaccess
You can implement basic rate limiting using .htaccess to slow down or block rapid repeated requests from single IP addresses:
4. Harden Your WordPress or CMS
Application-layer DDoS attacks often target resource-intensive CMS endpoints. For WordPress:
- Disable XML-RPC if you do not use it (a common DDoS vector): add
add_filter('xmlrpc_enabled', '__return_false');to your theme's functions.php - Protect
wp-login.phpwith additional authentication or CAPTCHA - Limit login attempts using a security plugin
- Disable the REST API for unauthenticated users if not needed
5. Implement Connection Limits
Contact SakuraHost Support to discuss server-level connection limits and firewall rules. We can implement iptables rules and connection tracking to limit the number of concurrent connections from a single IP address, which significantly reduces the effectiveness of many DDoS attack vectors.
Post-Attack Recovery
- Review Logs: Examine your access logs (in cPanel > Raw Access Logs or Metrics > Visitors) to identify attack patterns and source IPs.
- Block Identified IPs: Add confirmed attacker IPs to your .htaccess deny list or cPanel IP Blocker.
- Check for Compromise: DDoS attacks are sometimes used as cover for more targeted intrusion attempts. Scan your files for malware and review your account for unauthorized changes.
- Implement Long-Term Protection: Use the attack as motivation to deploy Cloudflare or another DDoS protection service if you have not already.
- Monitor: Set up uptime monitoring to detect future attacks quickly.
Recommended Resources
- OWASP - DDoS Protection Guidelines
- Google Security Blog
- Mozilla Observatory for security scanning