Nothing is more frustrating for ecommerce merchants than website downtime. Untold sales may be lost while customers are unable access the merchant’s website. But, occasionally it is not the fault of a hosting company, but of hackers who have perpetrated a distributed denial of service attack (DDoS).
A DDoS is an attempt by criminals to render a website inoperable. It can come in several forms, but it generally consists of a concerted effort to send massive amounts of targeted traffic to a site, flooding it with requests that consume its available bandwidth, memory and storage.
Motives for DDoS attacks may vary, but the results can be devastating. A site may be taken down completely, or partially disabled, resulting in an inability for the system to properly communicate. Attackers will typically saturate the victim’s web server with many external communication requests to the point that its functions are rendered inoperable.
Who Are the Victims?
The typical victims in DDoS attacks are high profile website servers. Recent targets include Volusion, the hosted ecommerce platform, and Twitter, the social networking service; but any Internet service can fall victim to these attacks.
Although technological advances and implementation of best practices have made it more difficult for perpetrators to take servers down, the criminals are nearly keeping pace with security experts. Hackers are becoming more creative in coming up with new and innovative methods to circumvent protective measures in place.
What Can be Done?
Scott Meade is a Denver, Colorado-based web developer and owner of Synap Software. He said, “Web app developers, and the merchants who hire them, should be aware of DDoS threats on at least two levels. They should guard against them in the design of their applications and they should be aware of vulnerabilities in the languages and frameworks they use.
“In designing your application, [developers should] consider areas where you allow large requests to be made, such as processor intensive queries or posting of large data files. Also look for bottlenecks where repeated requests could queue up and cause the application to come to a halt. For example, the Ruby on Rails Security Guide offers this tip, ‘Process media uploads asynchronously so that if a malicious user rapidly and continuously uploads very large files, it at least will not prevent other users from navigating your app.'”
Meade went on to say, “To be aware of vulnerabilities in the languages and frameworks in use, developers need to keep current on all security threats in the languages and frameworks of their choice. Keep active in your development community. Be aware of each new release and patch of your languages and frameworks, making sure to install those that address security issues.”
Prominent companies, such as Volusion and Twitter, have recently experienced DDoS attacks. By understanding what a DDoS is, merchants can better understand what it is that those companies, and others, are exposed to.