Quite a large number of websites have endured Distributed Denial of Service (DDoS) attacks over the years. Usually these types of attacks cause massive numbers of computers to send data to a server which overwhelms its ability to facilitate legitimate users from accessing their site.
DDoS attacks were prolific in 2015, but are predicted to slam even more businesses in 2016, so you best be prepared if you’re running a business online this year. What’s one of the newest methods that criminals use to launch these nefarious attacks? Smartphones!
Recently, over 650,000 smartphones in China were compromised to launch one of these attacks. This particular attack peaked at over 275 thousand HTTP requests/second. Billions of hits reached their targeted website.
DDoS attacks have literally crushed a large number of websites belonging to the largest corporations and governments, but as efforts to diminish their damage have evolved, so has their methods.
ProlimeHost uses CloudFlare to supercharge our website and protect us from DDoS attacks
The experts at CloudFlare are very adept at dealing with DDoS attacks, from Level7 botnet floods to DNS reflection, but attacks from so many smartphones add another dimension to the landscape. CloudFlare suspects an advertising network to be at the source of this attack’s distribution, whereby smartphones were served ads that contained malicious JavaScript.
While not all of that traffic originated from smartphones, an amazing eighty percent did, nearly all of them Chinese in origin. Their logs revealed that many Chinese common browsers were used in the attack, including F1Browser, QQBrowser, MataSr and UCBrower.
DDoS attacks have become much more diversified
It’s thought that this particular attack began with someone opening an app on a smartphone that was then served an iframe with an ad, which was then forwarded to an attack page containing malicious JavaScript. That then launched a flood of XMLHttpRequest hits outbound to its target.
Once websites were able to load content asynchronously from JavaScript rather than from following links or loading more pages, Web 2.0 blossomed, but it also brought with it some unwanted perils. To wit, just over one year ago, jQuery.com’s website was compromised. That particular site hosts an extremely popular JavaScript library that could have been easily altered and replaced with malicious code.
DDoS attacks can approach greater than 400Gbps.
Just last year, a DDoS attack using NTP reflection approached just that scope. The only limit to the total damage that can be caused is directly related to the number of vulnerable servers. Over time, as servers are patched to address this vulnerability, new ways and methods are engineered to hijack servers allowing criminals to maliciously attack websites.
Would adding an SSL certificate help?
When a site is secured with an SSL certificate, the HTTP portion of its URL is replaced with HTTPS. For sites that contain this designation, all of the communications that transit between that server and a web browser is encrypted and authenticated which prevents middle man modification. This essentially stops WiFi providers and ISPs from injecting advertisements and cookies, but it also makes your site immune to JavaScript DDoS.
Brought to you by ProlimeHost
We’ve been in the web hosting industry for ten years, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in dedicated servers, with data centers in Los Angeles, Phoenix, Denver and Singapore. The E3 1275 v5 processor is now available at great pricing, giving you the ability to add up to 64GB of DDR4 ECC RAM. Call 1-877-477-9454 or contact us. We’re here to help.
ProlimeHost specializes in dedicated servers, with data centers in Los Angeles, Utah and Denver. Call +1 877 477 9454 or email us at Sales@ProlimeHost.com. We’re here to help.
- Do Hosting Providers Protect Your Business from DDoS Attacks - October 17, 2024
- How to Compete in the Hosting Industry - October 16, 2024
- Disaster Recovery – Must Know Information - October 15, 2024
