DDOS and Other Web Hosting Nasties

Let’s face it. The more success your website has, the more likely it is to become a target for hackers and cyber criminals. Their motivation could vary widely from simply proving they could do it, to disabling your site and server as a protest, stealing information, identities and payment details, or turning your web host into a springboard for further attacks elsewhere. The Distributed Denial of Service (DDoS) attack is often associated with ‘hacktivist’ type activities. Hacktivists attack websites and hosted applications for political reasons. DDoS can also be a tool used by criminals demanding payment (a ransom) in order to stop the attack. However, when DDoS is perpetrated, it is often after other kinds of attacks have been tried.

How Is a DDoS Attack Set Up?

The idea behind a DDoS attack is to prevent your web site or application from responding to visitor requests. It can stop you from displaying web pages, downloading files or sending data. This may be done in at least one of two ways. The first is to generate so many calls to your site or application that they exhaust your web hosting processor or main memory. Your web server simply can’t keep up and either slows right down or crashes. This is often attempted using DDoS’s ‘little brother’, which is DoS or Denial of Service attack from just one attacking computer. With DDoS, multiple computers are involved in trying to bring your web server to its knees. The second way to block legitimate access to your server over the web is to flood out its network connection with high levels of traffic (accomplished with the use of many attacking computers and therefore a DDoS attack.)

What You Don’t Know Really Can Hurt You

A DDoS attack is obvious. You may not even be able to get to your webserver yourself. If your website is very popular, messages might start to be posted on social networks (maybe on your Facebook page!) of the type “Has anyone noticed a problem with…?’   But other attacks may be much less obvious. They include planting viruses or malware on your webserver, or exploiting vulnerabilities in your program or even standard software to siphon off confidential data. Getting malware installed on your server may be done by hacking your password, or by attaching ‘payloads’ to otherwise innocuous transmissions. Siphoning off data may be done via buried commands for which there is no defense mechanism or detection in the host software.

SQL Injection as a Hacker’s Favorite

Among the different kinds of web hosting attack, the so-called SQL injection (SQLI) has been one of the most popular so far. This kind of attack targets data-driven websites that draw their content from and store visitor details in associated hosted databases. An SQL database can be a valuable component of an online site or service because it guarantees reliable data storage and retrieval, as well as correctness of transactions such as online payment. The problem comes when the application driving the database activities does not correctly inspect user input to remove any unusual or illegitimate characters. Hackers will try to send additional input with commands appended that would normally only be used by the database administrator for example. When these commands are not filtered out, they can cause the database to react in unauthorized ways, including sending data back to the hacker that users should normally not be allowed to see.

What Can You Do to Prevent DDoS, DoS and SQLI Attacks?

Preventing attacks is a whole subject in itself. SQL Injection attacks can be prevented by correctly writing applications so that they properly examine each user request, filtering out text data where only numeric data should be allowed and so on. But what about DDoS? There’s no miracle cure for this at the moment. Good firewall policies to filter out suspect traffic can help. Having very large bandwidth network connections and multiple servers may allow you to better manage any abnormally high levels of traffic. Some network providers offer solutions to head off DDoS attacks before they even reach your server. In the first instance however, start with trusted expert advice and good planning to identify and then implement the solution that best suits your situation.