Cyber attacks: preventing DDoS disruption to your website

This article was originally published on Technology.Info.
As part of our continuing strategy for growth, ITProPortal has joined forces with Technology.Info to help us bring you the very best coverage we possibly can.

According to the BBC, one of the largest ever cyber attacks took place this early this year and it cited that it was the shape of things to come. But it is not all doom and gloom, there is plenty that businesses can do to prepare for the future. Sean Power, security operations manager for DOSarrest Internet Security, sheds more light.

Start by thinking about the impact of your website being down for a day to three days and how it would affect current and prospective clients and the reputation of your brand. Google is usually the first port of call when checking out products and services, so chances are high that any disruption to your web experience won't be favourably looked upon by prospects.

Cyber criminals will often inject malware into legitimate websites with the goal of getting innocent users to click on it, which will automatically trigger a download and can lead to all sorts of problems for the user. As the website owner, you may be completely unaware, but this is something that Google is cracking down on. If a website is spotted hosting malicious links, Google can blacklist it, meaning it will not show up in searches and it will temporarily remove it from the Google index, which badly affects SEO. Browsers, such as Chrome, Firefox etc will also flag insecure or risky websites and that may scare away potential customers. It may take weeks of effort to get removed from blacklists and re-indexed.

And if this wasn't bad enough, the risk is actually two-fold. There are some would-be attackers that will threaten to hold your website to ransom. In this case, they will identify the holes in your website and blackmail you into paying them in order for them not to get your website blacklisted.

The best way to avoid getting blacklisted, or indeed blackmailed, is to have the website checked for malware and other infections. And it is also highly recommended to have your website scanned for known vulnerabilities. This will ensure that there are no "holes" that attackers can exploit to install malware or create watering holes for unsuspecting customers.

Another issue to avoid falling victim to is a DDoS attack. DDoS attacks bombard a website with so many external communication requests that it floods the system and overloads the server to such a point that it can no longer function, leaving the website paralysed and unable to transact business. Attacks of this nature are on the rise and it's fair to predict that this year will be no exception to this trend. The best start is to have a plan in place- whether it is a hardware solution that takes days to install and requires a higher up-front cost; or a provider who offers DDoS protection services that can be up and running in as little as a few hours for a monthly cost.

In addition, it's worth noting that some good DDoS protection services will offer a caching component that will allow bursts of legitimate traffic to your website without negatively impacting on the server. Because it will automatically balance the load coming in, it keeps the website available to handle large amounts of requests with no disruption to your user base. So, make sure you do your research when choosing the best option for your website.

Bear in mind that, while you can get a protection service in an emergency situation, as with so many things, the best offense is a good defence, so businesses should make sure that they have a proactive DDoS solution in place to avoid disruption to your web presence.

Top tips:

1) Run malware detection and anti-virus on your website to spot and clear any existing infections
2) Enlist the services of a vulnerability scanner to identify and fix any exploits in your website
3) Have proactive DDoS protection in place; either in the form of hardware or a managed service
4) Have load balancing in place to ensure your website can handle increases in transactions

Sean Power is security operations manager for DOSarrest Internet Security

Topics