DDoS Protected Web Hosting: Separating Myth From Reality
Last updated on May 25, 2016
DDoS attacks are nothing new, and have been around for quite a while now. Popular websites tend to face them more often, though even the least popular ones can at times be at the receiving end of such notorious attacks.
The key part about DDoS attack is that there is nothing lost, nor anything gained. Your data remains intact, your settings remain unaffected, and no malware is installed on your website. Yet, a DDoS attack does bring down your site, and is more of an annoyance and less of a threat.
Owing to the rising incidents of DDoS attacks, many web hosts are nowadays offering “DDoS protected web hosting”. In other words, much like stable uptime, DDoS protection too is becoming a feature that web hosts are promising to their clients.
However, is DDoS protection offered by web hosts really believable? Or is it just like the “unlimited storage” marketing term, and in reality, is nothing but a gimmick that falls flat when put in practice? This article examines the case.
What Exactly is a DDoS Attack?
We know that DDoS has something to do with “denial of service”, but what kind of service are we denying and to whom? Let us first try to understand the nature of such attacks.
A DDoS attack comes up with one primary motive: to overburden your server with excess (fake) traffic, such that the server hosting your website becomes unstable, and your site goes offline. Thus, if a network router has a given limit on its port, and if the incoming traffic exceeds that particular limit, this can lead to denial of service.
Such attacks, obviously, result in your server being overwhelmed and as such, genuine visitors are unable to browse or access your website. Even more so, you cannot access the control panel either, and services such as FTP or email likewise might be unavailable too. Basically, your server is as good as offline during a DDoS attack.
On the positive side, however, a DDoS attack does not really lead to malicious hacking of your data. Your website is safe in the sense that no data is lost — your databases are not corrupted, no malware is installed, etc. Once the DDoS attack subsides, everything goes back to normal.
However, a DDoS attack can last even days if not mitigated and managed properly and as such, having your website offline or unreachable for such long durations can be disastrous for your online presence. Therefore, proper resolution and safety measures against DDoS attacks are highly required.
Protecting Against DDoS Attacks
Trying to be prepared for a DDoS attack is basically futile, because your preparations are only as good as the DDoS attack’s magnitude and volume. If the attack is of a smaller nature, it can be handled easily. Essentially, the only plausible way to face a DDoS attack is if your server has enough powers to withstand one — the network should be able to throw in more resources than the incoming DDoS attack craves for in order to ensure that the server remains online and stable.
Of course, “unlimited” network resources are not possible, and thus the best bet against DDoS attacks is to have a layer between the origin of the attack and your server. This is where CDN services can come in handy, as they offer a large distributed network that can be used to null-route DDoS attacks.
Now, you might have come across “DDoS protected web hosting” somewhere on the internet. Is that really worth it?
DDoS Protected Web Hosting: Myth or Reality?
Much like every other term in web hosting nowadays — such as unlimited hosting, managed hosting as well as optimized servers — DDoS protection too has become something that comes with various clauses and conditions.
For the most part, web hosting providers that claim to offer DDoS protection do keep their word to some extent — that is, it is not entirely a fake promise.
However, how can a provider offer advanced DDoS protection on their $5 per month plan? The answer is simple — they do not.
Put it this way: DDoS protection is as diverse as the nature of DDoS attacks, and wherever possible, budget hosting plans tend to offer basic DDoS protection. Thus, if your server faces something of the nature of SMURF attacks that operate by spoofing IP addresses, basic DDoS protection can come to the rescue as it can relay requests that are being sent to a given address.
However, for bigger attacks, a larger network will be required that can combat such attacks better, and this is where budget DDoS protection falls flat. In fact, if your website faces DDoS attacks of higher magnitude, your web host, even if it promises to offer DDoS protection, will go ahead and probably suspend your account in order to protect the other accounts on the server.
Therefore, all said and done, “DDoS protected web hosting” too is a matter of fine prints, and something that you need to learn more about before actually trusting your web host’s words for it.
Furthermore, it also boils down to just how helpful your web hosting provider is. Not everyone can afford $250 per month DDoS protection, and therefore, if you do go with a budget web host, what are your options?
Let us say, your web host does offer basic DDoS protection, but your website faces something of a complicated nature, for instance, a DDoS attack that relies on DNS amplification and is nearly impossible to neutralize in the absence of proper resources.
Even if there is not much a smaller web hosting provider can do, there are still some measures that can be of use for your website. A bad web hosting provider will either shut down your website, or take it offline totally and tell you to find a new home for your content without trying anything to help. A good web hosting provider, on the other hand, will try some steps: even if basic DDoS protection is not of much help, editing firewall rules as well as putting your website on a different IP can probably be effective to a lesser extent.
“DDoS protected web hosting” is not entirely false as a marketing buzzword, but by all means, this is not a guaranteed offering. Even if you opt for the largest enterprise-level plan, there will always be the possibility of a DDoS attack larger than your existing setup can handle. Therefore, a margin for mishaps has to be allowed for in such hosting, and when opting for such plans, you should be aware of this simple fact.
As a result, if enterprise level DDoS protection is not something your website truly needs — say, it is a hobby site that can afford to be offline for a while if the need so arises — paying extra for more advanced DDoS protected web hosting is not a wise investment.
What do you think of DDoS protection as a web hosting feature? Share your views in the comments below!
Sufyan is a contributor to a variety of websites and blogs about technology, Linux, open source, web design, content management systems and web development. Learn more about his works on sufyanism.com