Some organizations make more likely targets than others for coordinated, large-scale website hacks. The reality, however, is that hackers often attack and compromise websites more or less randomly. One well-known attack is Distributed Denial-of-Service (DDoS), and its smaller scale version, Denial of Services (DoS).
In the last year, targeted DDoS attacks were levied at Sony and GitHub, resulting in huge setbacks and damages.
What is DoS/DDoS?
The US Computer Emergency Readiness Team defines DoS and DDoS attacks as follows:
“In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. He or she could then force your computer to send huge amounts of data to a website or send spam to particular email addresses. The attack is “distributed” because the attacker is using multiple computers, including yours, to launch the denial-of-service attack.”
(courtesy of DigitalAttackMap.com)
These coordinated, virtual hijackings result in overwhelmed servers that cause websites to slow down or crash. DDoS attacks also divert security teams’ attention while hackers unleash even more damaging attacks, like stealing data. Think of it like a virtual Oceans 11’s heist, but not as entertaining.
How Does This Affect My Organization?
If your organization is in the middle of a donation or funding drive and an attack hits, an attack might cause your website to crash, or worse. A site crash would make it impossible for potential donors to make online donations—not to mention people would not have access to your organization’s important content.
Protecting Your WordPress Site
Previously, we discussed best practices with respect to passwords, malware, and SSL certificates. These common sense measures will reduce the likelihood of various attacks, but in the Internet era “arms race,” more defenses are recommended. The best way deal with attacks is to be proactive, which in this case means making an effort to identify and filter out potential DoS/DDoS traffic, while allowing legitimate traffic to flow through unimpeded. This requires software installation and development work.
OmniStudio would be happy to review your WordPress site and determine what steps you need to lower the risk DoS/DDoS attacks. In addition, we would check your WordPress site for feature and security updates to help prevent attacks and provide new and improved tools.
Learn more and get involved with #DDoS conversation on Twitter: