TL;DR
A DDoS (Distributed Denial of Service) attack floods your server with so much traffic that legitimate users cannot access it. Attackers use botnets of compromised computers to send requests from thousands of sources. Protection involves CDNs like Cloudflare, rate limiting, and having infrastructure that can scale to absorb attacks.
The Simple Explanation
Imagine a store that can handle 100 customers. An attacker sends 10,000 people to crowd the entrance. Real customers cannot get in. That is a DDoS attack on your website. The server is so busy handling fake requests that it cannot serve real users.
Types of DDoS Attacks
- Volume-based: Flood bandwidth with massive traffic (UDP floods)
- Protocol attacks: Exploit network protocol weaknesses (SYN floods)
- Application layer: Target specific endpoints with expensive requests
Protection Strategies
1. Use a CDN/DDoS Protection Service
- Cloudflare: Free tier includes basic DDoS protection
- AWS Shield: For AWS-hosted applications
- Fastly: Enterprise-grade protection
2. Application-Level Protection
- Rate limiting on all endpoints
- CAPTCHA on forms to prevent bot abuse
- Caching to reduce server load
- Identifying and blocking suspicious patterns
3. Infrastructure
- Auto-scaling to handle traffic spikes
- Geographic distribution of servers
- Separate critical services from public-facing ones
Don't try to fight DDoS alone. Even with rate limiting, a large DDoS can overwhelm your server before your code runs. Use a service that filters traffic before it reaches you.
How do I protect my site from DDoS attacks?
Use a CDN or DDoS protection service like Cloudflare, AWS Shield, or Fastly. These services absorb attack traffic before it reaches your server. Also implement rate limiting, use caching, and have a plan to scale quickly if needed.
What is the difference between DoS and DDoS?
DoS (Denial of Service) comes from a single source. DDoS (Distributed Denial of Service) comes from many sources, often a botnet of compromised computers. DDoS is harder to stop because you cannot simply block one IP address.
Can small sites be targets of DDoS attacks?
Yes. DDoS-for-hire services are cheap, so anyone can be targeted. Small sites on shared hosting are especially vulnerable because they have limited resources. Using a CDN like Cloudflare (free tier available) provides basic DDoS protection for any site.
Check Your DDoS Protection
Scan your site for vulnerabilities and missing protections.
Start Free Scan