opinion

Bits and Bytes: Slaying the DDoS Dragon

Bits and Bytes: Slaying the DDoS Dragon

If you’re tired of seeing folks get hit by DDoS attacks and then incurring costly fees from providers, fortunately, the landscape is changing; DDoS attacks are being handled differently today than they have been in the past.

For those who have been lucky enough to escape any attacks or who may have only seen the term used in an article, a DDoS is a Distributed Denial of Service attack. This means that an attacker will use thousands or even hundreds of thousands of compromised servers, personal computers or (especially recently) IoT devices like cameras and smart doorbells to send countless fake network packets to a server.

Zombie devices create incomplete network handshakes and other technical packets, which consume server resources and saturate the network. Under these circumstances, legitimate requests cannot make it across the web while being crowded out by attack traffic.

The long-term resolution for DDoS attacks is for reputable hosting companies, ISPs and other security companies to work together to identify and block the operators and perpetrators of these attacks. However, a harmonized and integrated solution across multiple providers and platforms is a long journey away. Until then, customers require an immediate response to keep their sites up and running.

One solution to a DDoS attack is to provide such enormous over-capacity that a website can absorb any attack, but this is a highly inefficient process and is part of what makes some DDoS protection services so expensive. You can imagine a DDoS as many tiny streams meeting to form tributaries and then finally a massive river of attack traffic. Trying to build a dam across a gigantic river is a giant and expensive undertaking. However, building numerous little dams across smaller streams is much easier and will just as effectively stop the entire river.

That is the concept for always-on network-level DDoS protection. Rather than trying to solve the problem with a single massive solution, this cooperative effort with other global networks effectively blocks the little streams of attacks closer to where they originate. All of this occurs without sacrificing even a single millisecond of latency under normal conditions.

To effectively solve this dilemma (without latency), it requires turning to a technology that has taken years to perfect: advanced statistical modeling and automatic management of routes and network peers. This “smart routing” is the magic that avoids trading speed for safety and protection.

While the internet is a massively interconnected series of networks (much like a big city), there are many strategies to navigate it. Think of “smart routing” like a local cab driver who knows when to avoid certain roads and what shortcuts to take instead. This system continually takes samples from all incoming and outgoing traffic and automatically optimizes the data routes across the internet.

Instead of these calculations just making data faster, it also provides a critical piece for a cutting-edge DDoS protection system. By examining historical and real-time performance data, it is easy to detect when a DDoS attack starts, the origin and the target victim.

This means that when an attack commences, the network can instantly direct just those IP addresses under attack through the edge DDoS protection stations. When there is no attack, traffic is routed over the highest speed links, skipping the DDoS protection edges and taking the best and fastest routes. Instead of building bigger highways to handle more cars, it removes the vehicles that have no purpose being on the road.

While this advanced DDoS “scrubbing” technology prevents volumetric attacks, services can complement it to scan for more intelligent threats like SQL injection, bots and scrapers. While there are companies generating millions of dollars in profits from DDoS protection, given how prevalent and damaging these attacks are, we offer it to clients as a basic free service.

Regardless, when a customer gets a server from their favorite web host (whomever that might be), we believe they should have a consistent, fantastic experience and focus on building their websites without having to worry about DDoS attacks. We also hope that doing the right thing will be contagious one day (but not like COVID). Because that’s good mojo.

Brad Mitchell is the famed founder of MojoHost, which has won numerous XBIZ Awards for Web Host of the Year and earned many loyal clients for nearly two decades. Known for his dapper style and charismatic wit, Mitchell is a regular fixture at trade shows, where he frequently shares hard-won wisdom while striking profitable deals. And because he really loves clients, he offers protection against DDoS for free as part of his service. Contact him at brad@mojohost.com to learn more.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More