If you've been following the news lately, you may have heard about a spate of DDoS attacks hitting websites around the world. But just because you've heard about them doesn't mean you're immune - in fact, your website may be especially vulnerable to these attacks if you're using Wordpress. Don't let yourself be fooled by fake DDoS attacks; learn how to protect your site today.
What is a DDoS Attack?
Denial of service attacks are designed to overload websites and cause them downtime. This can be done by sending requests from multiple machines all at once, which would then overload the servers processing power or bandwidth capabilities that hoster has available for you as well other users on shared hosting environments if their account was also grabbed in this attack mode too then it could potentially impact every single one!
How to Protect Against a DDoS Attack?
The first step in protecting against a DDoS attack is to ensure you are using a reputable hosting company that puts security first. Follow these 4 initial steps to make sure your best protected:
How Does Ampersand Studio Protect it's Hosting Clients?
Talking of reputable hosting companies, this seems a good place to talk about what we do to protect our customers sites and our servers.
- All our servers include monitoring, a firewall and an exploit scanner. This helps us to detect possible attacks taking place, quickly block suspicious actions and review activity logs to ensure permanent blocks are in place.
- Our shared hosting environment uses segmented resources, per site, so if one site is affected it's isolated to avoid the server becoming overwhelmed for other users.
- We offer private hosting options to allow customers to configure servers entirely for their needs and resources.
How Can You Fake a DDoS Attack?
So far I've talked about what a DDoS attack is and how to protect against it but this article is about faking a DDoS attack so how does that work?
Logic would suggest that a fake DDoS is actually no problem as it implies there isn't a large amount of traffic hitting a website, and that's true, but this fake exploitation, reported here by Digital Trends - https://www.digitaltrends.com/computing/hackers-are-using-fake-wordpress-ddos-pages-to-launch-malware/ - is actually using the pretence that a DDoS attack has been thwarted to get you to 'protect' against future attacks. In reality you end up downloading Malware, opening your private security to compromise.
In step 3 of the protection advice above I mentioned using Cloudflare for your DNS. They offer a global network that keeps your website stable, secure and online, detecting DDoS attacks and protecting your site if they believe such an attack is taking place.
If an attack is suspected, one of the methods they use, is to display a protection page, similar to the one below.
Now imagine that protection page appears but it's a fake, would you know? Would you trust it? The answers are probably no and yes and it's this belief that the hackers are tapping into.
How Does it Work?
This is where your website security comes into play. If you have a weak Wordpress website that a hacker can use to upload malicious code they simply inject the code and then force the fake protection page to appear for users.
Once that page has loaded it will ask users to click a link to confirm the protection, at which point it starts to download malware to your computer. Still believing that you are safe and this is all normal, running one of the malware applications can open your passwords and secure data to the hackers, compromising your data and security.
Conclusion
So, what can you do to protect yourself from a DDoS attack? Here are some steps to take:
First, make sure your website is secure. Use strong passwords and update them regularly. Install firewalls, malware protection and make sure you install a security plugin.
Second, consider a Wordpress maintenance support to take the worry out of your hands. We offer this service on a monthly basis.
Third, be aware of the signs that an attack may be happening. If you see a sudden spike in traffic or strange activity on your website, it could be a sign of trouble.
Finally, if you think your site has been attacked, don’t try to fix it yourself. Contact your web host or security provider immediately for help.
Are you confident that your website is safe from DDoS attacks? If not, contact us today to arrange an audit. We can help identify any vulnerabilities and recommend solutions to keep your site protected against these dangerous cyber threats.