Why do DDoS attacks occur?

Denial of Service means that a server stops responding as a result of an overload. In many cases, such an overload happens unintentionally, but more and more often it is also the result of a very targeted attack. A special form is the so-called DDoS, which is an attack caused by many systems all accessing the server at the same time and causing an overload.

In such an attack, it is not necessarily in the attacker's interest to break into the computer. Thus, there is no research into passwords. Very often, the attack is part of a larger scenario. For example, there are cases when a DoS attack occurs, but in reality it is only intended to keep the administrators busy so that a real attack occurs elsewhere in the system. In most cases, the increased data volume is not even noticed. Another possibility is that the system's delayed responses are exploited in such a way that fake responses are sent. These attacks cause great economic damage, which is why DDoS attack protection is very important.

These attacks on a server are often targeted at so-called Black Hat SEO in order to gain a competitive advantage over the competition. In many cases, these attacks cause a lot of damage, especially if the attacked party has an online store and the server is unavailable for a longer period of time. In a DDoS attack, several thousand computers access the domain. Most of these computers are located abroad and it does not take long before the server can no longer withstand this load. The web hoster can try to block the attacking IP addresses in case of such an attack, but this usually makes little sense, because more and more computers are added and at some point the server can no longer keep up and has to capitulate in the end.

If it is only a relatively small attack, then it is possible to protect the server with a .htaccess file. This file then filters the incoming requests and denies access to the attacking computers. Another way to fend off such an attack is to connect the domain to a filter proxy. This also blocks the DDoS attack. With this countermeasure, the domain can usually be reached again within 6 hours. Further measures taken by the attackers, such as connecting additional botnets, will then have no effect.