E-commerce is a huge, booming industry; even small businesses are starting to list their products online, either via a third party or direct from their own website. With the growth of online business also come new problems to solve. One such issue for small business is DDOS attacks.
DDOS, short for Distributed Denial of Service, is a type of attack that hackers (and even sometimes underhanded businesses) use to prevent other users from reaching a target website. It’s usually done in one of a few different ways:
- In a DDOS attack, a single computer and connection attempt to flood a server with requests; this is increasingly less common as it can be easier to track and prevent.
- In some cases, DDOS attacks use “zombie” computers infected with malware to simultaneously send millions of requests to a website, preventing access entirely; the network of zombie computers is often called a botnet.
- DDOS services, which hire their technology out to be used by less advanced customers to compromise the competition.
Whatever the source might be, DDOS attacks are bad news. There are a few ways to prevent them, but in most cases mitigating the damage when you design your website will be the strongest point to focus on.
Using a Virtual Private Network
One service that has gained increasing popularity even outside of business is the Virtual Private Network (VPN). A VPN allows you to connect to your business’ page from a remote server located away from your standard connection.
It’s a good way to throw attackers off the trail of your business because it helps add a layer of encryption and anonymity.
By keeping you or your employee’s internet activity safe from hackers, you’re able to stop an attack before it even starts. Plus, you can also access different markets for SEO purposes and avoid geographic restrictions by making full use of a VPN’s capabilities.
Business owners will benefit by making use of a personal VPN. Wireless hotspots that provide free connections are unsecured and frequently expose their users to hackers using sniffing programs to search for unprotected users. Secure Thoughts has a guide on the best VPNs for WiFi use.
Besides VPNs, there are some specific services and configurations to help keep DDOS attacks from happening. None are foolproof; each works best for a specific type of attack but can help avoid at least a few select instances.
Things to consider for your page may be:
- DDS (denial of service defence systems) based defence systems to block requests with bad intent for your page.
- Switches can filter specific types of DDOS attacks but must be configured manually for one at a time.
- Upstream filtering through services such as CloudFlare can help sort out requests during an attack while still allowing normal requests in
Naturally, if the above methods were always effective, we wouldn’t be discussing DDOS attacks at all. But they can prevent select intrusions and may help deter less motivated hackers.
Avoiding the Red Crosshair
Even if you’ve got the best security in the world, it’s never wise to get the attention of cyber-criminals.
As such, you’ll want to be sure you’re carefully interacting with “customers,” particularly if they’re posting negative reviews or spam on your site and/or social media.
Moderate bad behaviour but don’t respond to it. Be careful what comments you make regarding hackers, because pointing out that what they do is criminal, true or not, can end up making you their next victim.
It’s also another reason to remain as apolitical as possible. Hacktivism is a growing trend that frequently targets both politicians and businesses that express their dissenting opinions.
Focus on what your business does—it could save you quite a few headaches.
Mitigating the Damage
In cases where DDOS attacks can’t be prevented, your main goal should be to limit the duration and the fallout of the attack. That means having a sort of disaster plan ready to go at all times, but especially before times of major traffic such as the holidays or during a big sale.
Should your server be compromised by the attack to the point where it can’t be recovered, have backups of everything important (if not the entire website) ready to be loaded and restored.
Use of backup service is recommended, as you’ll want frequent and regular backups to avoid losing the most recent data.
Know what your servers can handle and plan for much more. If your page slows down during peak traffic of a sale, how do you think it will react to millions of requests coming from a DDOS attack?
Consider the bandwidth you pay for and don’t be afraid to plan for expansion (it could help reduce the impact of an attack as well).
You might also consider having a limited backup server that can be immediately deployed if there’s an issue with the primary.
It may even be less functional than your normal server, but so long as it keeps traffic moving while you fix the main issue, you’ll be able to continue selling the product.
When all else fails, you may be faced with a few different options:
- Contact your provider if you notice a major slowdown or loss of service
- Be ready to shut down and restart
- Consider extending your sale if applicable
Your provider has no doubt dealt with cyber-criminals before, and it may be necessary to consult with them before or during an attack to see what measures they have available to help.
Sometimes what you have in place won’t be enough.
As cliché as it might seem, turning it off and turning it back on may be a worthwhile strategy. The one consistent thing about hackers is that they tire quickly if their efforts are going to waste.
If your site is offline intentionally for a short time, they are likely to move onto other nefarious activities that hopefully don’t involve your sales site.
If you get attacked during a big sale, consider extending the sale period. Send out emails to subscribers and followers on social media to let them know you’ll honor prices even if the attack pushed you past the deadline.
One of the biggest losses an e-commerce site can experience from an attack is the loss of sales during peak times, but you’ll find customers are very forgiving if given the right kinds of motivation to come back and try again.
Bringing It Together
As you can see, there are many different things to do when the problem is DDOS.
Setting up the right security measures, avoiding stirring up trouble, and preparing to deal with worst-case scenarios can prevent or at least mitigate the damage caused by an attack.
Of course, staying current is just as valuable. New methods are being discovered all the time—some to defend against DDOS attacks and some to perpetuate them.
Knowing about new threats is an integral part of businesses both small and large.
Will you be ready? Tell us how you plan to handle a DDOS attack in the comments.