Today we’re going to look at how to protect a website against DDOS (Distributed Denial of Service attacks), for the small business owner. Most businesses with a website will have been subject to these attacks, and you might not have even known it. It’s something that is often not thought about until it’s too late, and you’re already under attack. All websites need to be protected against this, as it’s so easy for people to access the tools needed to take down a website, if you’re not prepared.
What is a DDOS attack?
Imagine your website usually gets 1000 visits per day, and this is all handled nicely and you don’t have any downtime or speed issues. Now imagine you get 10,000 visits all at once. It’s a lot harder to handle. Your website will slow down and in some cases go completely down, where it can’t be viewed at all because the server can’t handle the amount of requests. This is usually the goal of a DDOS attack. There is multiple different ways in which the attacks can be carried out, but we don’t really need to go into that. If you follow the steps below, you will really help mitigate the effects of any incoming attacks.
Let’s learn how to prevent a DDOS attack!
1. Get a good server/hosting . This is simple. Use a hosting provider that will protect your website for you! I recommend using OVH. Get a server setup for you if you don’t have the knowledge, and have your website hosted on there. You will need to have an “isolated platform” (VPS) server setup, not just the generic hosting package. We need control of the server!
2. Setup a server side firewall. I would recommend using Ubuntu as the web server and installing and configuring APF firewall. As a small business owner, you don’t need to know how to do this. I would recommend having someone set it up for you, like we do for our clients at Pristyn Design. If you’re really interested in learning, some Google research can shed some more light. I want to keep this article fairly light reading, and actionable for business owners. It needs to be configured to block concurrent connections.
3. Setup a CDN service. I recommend having Cloudflare setup but any similar service is fine. The free package is all I run with my websites. The always online service is very useful too. If you become under attack, you can activate attack mode and it will run security checks on the IP addresses before allowing users access to your website.
After setting up your website following the steps above, most DDOS attacks will be mitigated. Of course there is huge networks that get taken down by DDOS attacks, it all just depends on the size of the network, and power of the attack. This is a good start to prevent most attacks from your generic “hacker”.
Share this Post