Guide

What Is a DDoS Attack and How Do You Defend Against It?

A DDoS attack tries to drown your site in fake traffic — the right protection lets the real visitors through.

Some attacks try to break into your website. A DDoS attack does something cruder but just as damaging — it simply overwhelms your site with so much traffic that it buckles, leaving real customers staring at an error page.

It sounds like something only big companies need to worry about, but small business sites get caught up in these attacks too. Here is how they work and how to defend against them.

How a DDoS attack works

DDoS stands for distributed denial of service. The attacker uses a large network of compromised computers and devices to bombard your website with requests all at once. Your server, trying to answer them all, runs out of capacity and grinds to a halt.

Because the flood comes from many sources at the same time, it is hard to simply block one offender. The genuine visitors you actually want get crowded out, and to them it looks as though your site is broken or gone.

Who gets targeted and why

Motives vary. Some attacks are extortion attempts, some are competitors playing dirty, some are revenge, and a great many are simply automated and indiscriminate, hitting whatever they can. You do not have to be famous to be a target.

Even a short outage costs you — lost sales, lost enquiries, and lost trust while customers cannot reach you. For an online shop or a booking-dependent business, every minute down during the attack is money walking away.

How to defend against it

The main defence is putting a protective layer in front of your site, typically a CDN or specialist DDoS protection service. These sit between visitors and your server, absorbing and filtering the flood so that fake traffic is dropped and real visitors pass through.

They work by recognising attack patterns and spreading traffic across a huge network far larger than any single server. Many hosts and CDNs include a level of DDoS protection as standard, so it is worth checking what yours offers. Pairing it with monitoring means you know the moment an attack begins and can respond quickly.

FAQs

Common questions.

Can a small business website really be hit by a DDoS attack?
Yes. Many attacks are automated and indiscriminate, hitting whatever they find. You do not need to be a big or high-profile target to be affected.
Does my hosting protect me from DDoS attacks?
Some hosts and CDNs include a level of DDoS protection, but the amount varies. It is worth checking what yours covers and adding dedicated protection if your site is business-critical.
How would I know if my site was being hit by a DDoS attack rather than just experiencing normal downtime?
The telltale signs are a sudden and dramatic spike in traffic from many different locations at once, combined with the site becoming unreachable despite the server appearing to be running. Our uptime monitoring flags the pattern quickly so we can take action rather than wait for visitors to report a problem.
How we can help

Turn this into action.

The services behind this guide.

Related guides

More on website care & tech.

Want a hand putting this into practice?

Book a free, no-obligation consultation with a Norwich-based specialist.

Book a free consultation
Get started

Let's put your business in a better light.

Book a free, no-pressure consultation. We'll talk through your goals and tell you honestly what we'd do — whether you work with us or not.

  1. 01
    Tell us a bitFill in the form — two minutes, tops.
  2. 02
    We'll call you backWithin one working day, no pressure.
  3. 03
    Get a clear planHonest advice and a fixed quote.

Free · No obligation · We reply within one working day

Book a free consultation