Denial-of-Service Attack

Denial-of-service attack, also known as DDoS or Dos, is a real threat to any website/web app. During a DDoS, a website will receive so many requests that it can not keep up with the demand, bringing the site to its knees. As the flood of requests comes from this attack, real users would not be able to load the site as it won’t have the ability to respond. As we saw how the request flow worked in our Intro to Web Dev Part 2 post, if the server can not process your request, there is no hope for your browser to load it.

Let’s look at an analogy. Say you have a favorite coffee shop down the road. You walk there every morning to grab a nice cup, but some morning are busier than others, so some days you have to wait in line a few minutes. Generally, this does not bother you as that cup is worth the 5-minute wait, so you continue to go back every day.

One morning you get up and walk to your favorite coffee spot, but today something different is happening. There is a line out the door and around the block. You stare at this line, and everyone is demanding free coffee; meanwhile, the owner cannot keep up with all of the demand leading him/her to close up for the day. What’s going on here? You go up and ask someone on the line why are there so many people here? They reply, “We were told there would be free coffee given out today!”.

In this scenario, a malicious actor sent out a fake advertisement to thousands of people, so they all flooded the coffee shop, forcing the coffee shop to close due to being unable to meet the fake demand.

From a technical standpoint, the way a DDoS attack works is a website’s servers are flooded with fake requests, either from single or multiple points. The difference between DDoS and Dos is that: a Dos attack is from a single source, and a DDoS is from many sources. Once the website’s servers are overwhelmed, it won’t reply to real users as it would have exhausted its resources.

So how can you prevent this? You can read more about prevention methods here. One primary way is to outsource that DDoS protection to your site by leveraging a CDN, content delivery network. You would need sophisticated infrastructure to prevent such attacks, so it’s generally better to have a professional service supply you with this level of protection. Like having anti-virus for your computer, you wouldn’t usually try to delete the virus yourself but have a piece of software do it for you.