Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Users Search
Help Dashboard Sign In Sign Up
Q&A Meta
Q&A
Posts Tags Edits
Ask Question

Welcome to the Power Users community on Codidact!

Power Users is a Q&A site for questions about the usage of computer software and hardware. We are still a small site and would like to grow, so please consider joining our community. We are looking forward to your questions and answers; they are the building blocks of a repository of knowledge we are building together.

Post History

77%
+5 −0
Q&A What actions should be performed to restore a website after a DDoS attack?

A typical DDoS (Distributed Denial of Service; which is a subtype of the broader class of Denial of Service attacks) will simply flood a host, or its network connection, with data. It's not uncommo...

posted 3y ago by Canina‭  ·  edited 3y ago by Canina‭

Answer
#2: Post edited by user avatar Canina‭ · 2021-05-21T06:41:03Z (almost 3 years ago)
  • A typical DDoS (Distributed Denial of Service; which is a subtype of a Denial of Service attack) will simply flood a host, or its Internet connection, with data. It's not uncommon for the data to be completely meaningless, and for it to never even reach web server software; the aim is normally to prevent others from reaching the system, not to cause further damage. It's not at all uncommon for the data to be transported using UDP instead of TCP; as UDP doesn't have TCP's three-way handshake, spoofing the source of significant amounts of UDP traffic is easier.
  • It's a brute force approach: if the attacker can generate more traffic than the attacked host can soak, the attack is successful.
  • As such, as long as the attack is *only* a DDoS attack, once the overload situation is resolved (by whichever means), **there *would typically* be no remaining issues** that didn't exist before the attack began. If the server has crashed due to traffic overload it would need to be rebooted, but that's really about it, and nothing you as the customer of a shared web hosting package would need to concern yourself with.
  • There's a small possibility that the attack actually uses legitimate HTTP requests, in which case the web server logs will likely be oversized and could benefit from being purged. But any competent web host should be rotating logs on a recurring basis anyway for a variety of reasons, and again, it's unlikely that this is something that you as a customer will be able to control or do. You certainly shouldn't *need* to concern yourself with it.
  • There absolutely are classes of attacks that cause lasting damage and necessitate different types of repair activities, everything from restoring from backup to a complete rebuild on an updated or patched platform; but a DDoS would not typically be one of them.
  • A typical DDoS (Distributed Denial of Service; which is a subtype of the broader class of Denial of Service attacks) will simply flood a host, or its network connection, with data. It's not uncommon for the data to be completely meaningless, and for it to never even reach web server software if indeed the host; the aim is normally to prevent others from reaching the system, not to cause further damage. It's not at all uncommon for the data to be transported using UDP instead of TCP; for one thing, as UDP doesn't have TCP's three-way handshake, spoofing the source of significant amounts of UDP traffic is easier.
  • It's a brute force approach: if the attacker can generate (possibly through the use of traffic amplification attacks) more traffic than the attacked host can soak, the attack is successful.
  • As such, as long as the attack is *only* a DDoS attack, once the overload situation is resolved (by whichever means), **there *would typically* be no remaining issues** that didn't exist before the attack began. If the server has crashed due to traffic overload it would need to be rebooted, but that's really about it, and nothing you as the customer of a shared web hosting package would need to concern yourself with.
  • There's a small possibility that the attack actually uses legitimate HTTP requests, in which case the web server logs will likely be oversized and could benefit from being purged. But any competent web host should be rotating logs on a recurring basis anyway for a variety of reasons, and again, it's unlikely that this is something that you as a customer will be able to control or do. You certainly shouldn't *need* to concern yourself with it.
  • There absolutely are classes of attacks that cause lasting damage and necessitate different types of repair activities, everything from restoring from backup to a complete rebuild on an updated or patched platform; but a DDoS would not typically be one of them.
#1: Initial revision by user avatar Canina‭ · 2021-05-21T06:21:10Z (almost 3 years ago) 
A typical DDoS (Distributed Denial of Service; which is a subtype of a Denial of Service attack) will simply flood a host, or its Internet connection, with data. It's not uncommon for the data to be completely meaningless, and for it to never even reach web server software; the aim is normally to prevent others from reaching the system, not to cause further damage. It's not at all uncommon for the data to be transported using UDP instead of TCP; as UDP doesn't have TCP's three-way handshake, spoofing the source of significant amounts of UDP traffic is easier.

It's a brute force approach: if the attacker can generate more traffic than the attacked host can soak, the attack is successful.

As such, as long as the attack is *only* a DDoS attack, once the overload situation is resolved (by whichever means), **there *would typically* be no remaining issues** that didn't exist before the attack began. If the server has crashed due to traffic overload it would need to be rebooted, but that's really about it, and nothing you as the customer of a shared web hosting package would need to concern yourself with.

There's a small possibility that the attack actually uses legitimate HTTP requests, in which case the web server logs will likely be oversized and could benefit from being purged. But any competent web host should be rotating logs on a recurring basis anyway for a variety of reasons, and again, it's unlikely that this is something that you as a customer will be able to control or do. You certainly shouldn't *need* to concern yourself with it.

There absolutely are classes of attacks that cause lasting damage and necessitate different types of repair activities, everything from restoring from backup to a complete rebuild on an updated or patched platform; but a DDoS would not typically be one of them.