DDoS Attack
SecurityDDoS Attack is a distributed denial-of-service attempt to overwhelm a server, network, or application with traffic from many sources, making a website slow or unreachable. It typically uses botnets or amplified requests to exhaust bandwidth, CPU, memory, or connection limits. In hosting, DDoS attacks can disrupt availability, trigger rate limits, and affect neighboring sites on shared infrastructure.
How It Works
A DDoS attack floods a target with more requests or packets than it can handle. Because the traffic comes from many distributed devices (often compromised computers, routers, or IoT devices), blocking a single IP address does not stop the attack. The goal is to consume a limiting resource such as network bandwidth, concurrent connections, CPU time, memory, or application worker threads until legitimate visitors cannot be served.
Attacks are commonly grouped into volumetric floods (saturating the network link), protocol attacks (exhausting stateful network devices or connection tables), and application-layer attacks (targeting HTTP endpoints that are expensive to generate). Some campaigns use reflection and amplification, where small spoofed requests to third-party services generate much larger responses directed at the victim. Mitigation typically relies on traffic filtering, rate limiting, challenge mechanisms, and upstream scrubbing that absorbs or blocks malicious traffic before it reaches the origin server.
Why It Matters for Web Hosting
DDoS resilience affects uptime, performance, and the real capacity you get from a hosting plan. When comparing providers, look for included DDoS protection, network-level filtering, WAF options, rate-limiting controls, and whether mitigation happens at the edge or only on the server. Also consider how the host handles noisy-neighbor impact on shared platforms, what traffic thresholds trigger null routing, and what visibility you get through logs and alerts during an incident.
Common Use Cases
- Extortion or coercion by threatening downtime unless demands are met
- Disrupting competitors or high-visibility events (product launches, ticket sales, live streams)
- Smokescreen attacks that distract defenders while other intrusions are attempted
- Targeting APIs or login pages with application-layer floods to exhaust app workers or database connections
- Testing a target defenses and incident response before a larger campaign
DDoS Attack vs DoS Attack
A DoS attack generally originates from a single source or a small number of sources, making it easier to block with simple IP filtering or firewall rules. A DDoS attack is distributed across many devices and networks, so it is harder to attribute and mitigate at the server alone. In hosting terms, DoS may be handled with local rate limits, while DDoS often requires upstream filtering, edge scrubbing, and capacity beyond the origin server link.