What Is a DDoS Attack and How Do You Defend Against It?
A DDoS attack tries to drown your site in fake traffic — the right protection lets the real visitors through.
Some attacks try to break into your website. A DDoS attack does something cruder but just as damaging — it simply overwhelms your site with so much traffic that it buckles, leaving real customers staring at an error page.
It sounds like something only big companies need to worry about, but small business sites get caught up in these attacks too. Here is how they work and how to defend against them.
How a DDoS attack works
DDoS stands for distributed denial of service. The attacker uses a large network of compromised computers and devices to bombard your website with requests all at once. Your server, trying to answer them all, runs out of capacity and grinds to a halt.
Because the flood comes from many sources at the same time, it is hard to simply block one offender. The genuine visitors you actually want get crowded out, and to them it looks as though your site is broken or gone.
Who gets targeted and why
Motives vary. Some attacks are extortion attempts, some are competitors playing dirty, some are revenge, and a great many are simply automated and indiscriminate, hitting whatever they can. You do not have to be famous to be a target.
Even a short outage costs you — lost sales, lost enquiries, and lost trust while customers cannot reach you. For an online shop or a booking-dependent business, every minute down during the attack is money walking away.
How to defend against it
The main defence is putting a protective layer in front of your site, typically a CDN or specialist DDoS protection service. These sit between visitors and your server, absorbing and filtering the flood so that fake traffic is dropped and real visitors pass through.
They work by recognising attack patterns and spreading traffic across a huge network far larger than any single server. Many hosts and CDNs include a level of DDoS protection as standard, so it is worth checking what yours offers. Pairing it with monitoring means you know the moment an attack begins and can respond quickly.
Common questions.
Can a small business website really be hit by a DDoS attack?
Does my hosting protect me from DDoS attacks?
How would I know if my site was being hit by a DDoS attack rather than just experiencing normal downtime?
Turn this into action.
The services behind this guide.
More on website care & tech.
Want a hand putting this into practice?
Book a free, no-obligation consultation with a Norwich-based specialist.
Let's put your business in a better light.
Book a free, no-pressure consultation. We'll talk through your goals and tell you honestly what we'd do — whether you work with us or not.