DDoS Attacks - What Are They and What Impact Do They Have?

March 6, 2018

DDoS Attacks - What Are They and What Impact Do They Have?

Denial-of-Service (DOS) & Distributed Denial-of-Service (DDOS) attacks focus on attacking a network with the intention of rendering it difficult or impossible for normal use.

These attacks flood servers, systems or networks by overloading it with useless traffic. Whilst a server crash can often be solved via a reboot, flooding attacks can be more troublesome to resolve.

We will not be including links to any of the DDOS software mentioned below as we do not condone their use. 

DOS Vs DDOS

The difference between DOS & DDOS is fairly substantial. A DOS attack is when the attacker uses a single internet connection to carry out the attack. This is usually with the intent to flood a target with fake requests. The aim here is to exhaust resources at the opposite end, i.e. RAM / CPU.

DDOS attacks, however, are instigated by multiple connected devices. These are substantially harder to deflect due to the sheer number of devices involved. The computers behind a DDOS attack can be scattered around the world, making tracking the original source almost impossible.

How are these executed?

DOS attacks are, generally speaking, launched from DOS tools. many of these can be found instantly through a Google search (XOLC, HULK, R-U-Dead-Yet.) These can be easily accessed and used by virtually anyone. In some cases, DOS attacks are carried out using home-brewed scripts created independently by hackers. Although they still carry out the same/similar effect.

DDOS attacks are launched from "Botnets", a network of private computers infected with malware. These remote consoles are then directly controlled by the attacker.

Signs You are the Victim of an Attack

Depending on your level of awareness, you may not notice the initial signs of a DOS/DDOS until it's happened. Things to look out for include:

Everyone experiences bad network performance from time to time. The length of time is the important factor, If the service is slowed or down for more than a day it could indicate a DOS attack.

Why are these attacks carried out?

There can be multiple motivations behind DOS/DDOS attacks. Whilst it's possible that you could be targeted for a number of reasons, based upon your brand and industry, it is likely you can pinpoint which you are likely to experience, below are the three most known:

Extortion is a well-known motivator and has become a more prevalent method as hacker scripts and tools are evolving. Using a DOS/DDOS attack for extortion involves the attacker demanding money in exchange for halting a detrimental attack. Sites like Bit.ly, Vimeo & Meetup have received several extortion notes in the past.

Hacktivism is when an attack is carried out for a political or social purpose. The most known of recent years is the group Anonymous who were responsible for the cyber attacks on ISIS. Generally speaking, unless your website contains or is promoting material it shouldn't be, you won't be on a hacktivists radar.

Small/medium businesses are likely to experience competition fuelled attacks above the others. These attacks can have different goals. One of the main outcomes to achieve is to cause substantial disruption, so the customer diverts to a competitor (i.e. the person who ran the attack) at the same time this would also cause substantial financial damage.

Another goal could be to prevent a competitor from taking part in an important event. This can vary depending on what industry your business is in, for example, Cyber Monday. In a more radical case, the end goal could simply be to shut down the target site for weeks or even months.

The main focal point of the attacks is the costs inflicted. How much money do you lose if you're a victim? The figure for this will vary heavily on how big your business is & how heavily you rely on online sales. I.e. if you get substantial traffic regularly it will have more of an impact on you than someone who doesn't. It's been found that on average, a DDOS attack can cause a business £40,000 per hour. Reputation, however, is equally important. The overall perception of your brand is likely to plummet if you're seen as vulnerable. This can then lead to fewer sales in the future and a further loss of profits.

How can you defend against an attack?

You cannot 100% prevent an attack. You may never even experience one, but it's important to understand what precautions you can take in order to deter an attacker and/or respond to an incoming attack.

Incident Response – An incidence response is used to address and manage the subsequent damage from a breach or attack. The response is in place to minimise the damage and reduce the overall costs that come with recovery as well as other collateral damage, such as brand reputation.

Organisations should have a clear incident response plan in place that defines what an incident is & provides a clear guided process to follow when one occurs. This also includes specifying what employees, teams or individuals are responsible for managing each of these tasks.

Bandwidth over-subscription – This involves leasing a significantly larger capacity of bandwidth than you actually need. This is usually the case with large businesses, so this may not always be an applicable step. Leasing a much larger capacity is usually to account for the growth of the business following a recent marketing campaign; however, this also acts as a buffer for a DDOS attack.

Whilst it's highly unlikely that increasing your width by 100-500% will stop an attack, it will provide you with extra time to react. The defence here comes from the resources available at the attacking end; if the attacker cannot muster enough traffic to overwhelm the extra capacity then a volumetric attack is ineffective.

Third Party Service – Regardless of the size of your business, if you're hit by a 200 Gbps attack directly, you will suffer the consequences. Larger businesses usually implement a BGP or DNS based redirect service in order to protect themselves in case they are victim to a sustained attack.

CDN (Content Delivery Networks) – A CDN can act as another “barrier” when dealing with an attack. A CDN delivers pages and web content to a user based on their geographic location through the use of distributed servers. Whilst this is definitely far from a solution, the attack will have to go through these servers before directly hitting yours, giving you more time to prepare/react.

There are many other protocols you can put in place to prepare for an attack. With hackers getting smarter and more ambitious by the day it's virtually impossible to know what will be the most beneficial. Maintaining a strong awareness is the easiest yet strongest method of preparation.

Anyone can be the victim of an attack. Would you be able to survive a £40k per hour attack? It's easy to prepare for an attack yet many businesses apply the “it won't happen to me” mentality and before you know it their business has collapsed. Take the time to prepare your business.

Website Security is becoming increasingly important. Ensuring your website is secure is the first step in preparing yourself for possible attacks. However, Google's upcoming update will start affecting unsecured websites. We have an article covering everything you need to know here . We offer a Cloud Flare integration service to enable website security.

As a CDN Cloud Flare also provides a base defence against the attacks listed above. Get in touch with us on 01332 477575 or email Admin@devmac.co.uk to talk about making your website secure.

10 Tips on How to Choose a Web Designer

By Andy Devereux August 14, 2024
Choosing the right web designer is a crucial decision for any business or individual looking to establish or improve their online presence. Your website is often the first point of contact for potential customers, so it needs to be well-designed, user-friendly, and aligned with your brand. With so many options available, it can be overwhelming to find the right fit. Here's a step-by-step guide to help you choose a web designer that meets your needs. 1. Define Your Goals and Needs Before you start looking for a web designer, it's essential to have a clear understanding of what you want your website to achieve. Are you looking to sell products, generate leads, showcase a portfolio, or provide information? Knowing your goals will help you communicate your needs effectively to potential designers and ensure they understand the scope of your project. 2. Set a Budget Web design costs can vary significantly depending on the complexity of the site, the designer's experience, and the level of customisation you require. Setting a budget beforehand will help you narrow down your options and prevent you from overspending. Be clear about what you can afford, but also remember that you often get what you pay for in terms of quality. 3. Look at Portfolios One of the best ways to assess a web designer's capabilities is by reviewing their portfolio. Most designers showcase their previous work on their websites, allowing you to see the range of their skills and the types of projects they've worked on. Look for diversity in design styles, creativity, and attention to detail. Pay special attention to websites they've designed for businesses similar to yours. 4. Check Client Testimonials and Reviews Client testimonials and online reviews provide valuable insights into a designer’s reliability, professionalism, and ability to deliver on promises. Look for feedback that highlights the designer’s communication skills, adherence to deadlines, and overall client satisfaction. Don’t hesitate to reach out to past clients to ask about their experiences. 5. Assess Their Technical Expertise Web design isn't just about aesthetics; it's also about functionality. A good web designer should have a solid understanding of web development, including coding languages like HTML, CSS, and JavaScript, as well as experience with content management systems (CMS) like WordPress, Silverstripe, Shopify, or any SaaS (Software as a Service) platforms.. Ask about their technical skills and ensure they’re capable of building a site that meets your technical requirements. 6. Evaluate Their Design Process A well-defined design process is a sign of a professional web designer. Ask potential designers about how they approach a project, from the initial consultation to the final launch. Understanding their process will give you insight into how they work, how they handle revisions, and how they ensure the final product aligns with your vision. 7. Consider Their Communication Skills Don't underestimate this one. Effective communication is key to a successful web design project. You want to work with someone who listens to your ideas, understands your goals, and keeps you informed throughout the process. During initial discussions, assess how well the designer communicates, how responsive they are to your inquiries, and how comfortable you feel discussing your project with them. 8. Ensure They Understand SEO A beautiful website is of little use if it doesn’t attract visitors. Search engine optimization (SEO) is crucial for driving organic traffic to your site. Make sure your web designer understands the basics of SEO, such as optimizing page load speeds, using proper header tags, and creating SEO-friendly URLs. While they may not be SEO experts, they should at least build a site that’s easy for search engines to crawl and index. 9. Ask About Ongoing Support and Maintenance Websites require ongoing maintenance to ensure they remain secure, up-to-date, and functional. Ask potential designers if they offer ongoing support and maintenance services after the site goes live. Some designers provide this as part of their package, while others may charge extra. Clarify what’s included in their services and whether they’ll be available to make updates or fix issues in the future. 10. Trust Your Instincts Finally, trust your instincts. The relationship between you and your web designer is essential for the success of the project. Choose someone who not only has the skills and experience but also someone you feel comfortable working with. If something feels off during the initial interactions, it might be a sign to look elsewhere. Conclusion Choosing the right web designer is a critical step in creating a website that represents your brand and meets your business objectives. By clearly defining your needs, setting a realistic budget, and carefully evaluating potential designers based on their portfolios, technical skills, and communication, you can find the right partner to bring your vision to life. Remember, a well-designed website is an investment in your business’s future, so take the time to choose wisely.

The Importance of Upgrading to the Latest Version of Magento: Lessons from the Comic Sting Vulnerability

By Andy Devereux August 5, 2024
In the world of e-commerce, security is a paramount concern for both businesses and customers. With the rise of sophisticated cyber threats, ensuring that an online store is secure is not just an option; it’s a necessity. One recent example highlighting the critical need for robust security measures is the Comic Sting vulnerability in Magento, a widely-used open-source e-commerce platform. This article explores the importance of upgrading to the latest version of Magento, with a specific focus on addressing vulnerabilities like Comic Sting. Understanding the Comic Sting Vulnerability Comic Sting is a recently identified vulnerability in older versions of Magento. It allows attackers to exploit weaknesses in the system, potentially gaining unauthorized access to sensitive customer information, payment details, and even administrative control of the online store. Such a breach could result in significant financial loss, reputational damage, and legal repercussions for the affected business. The vulnerability exploits a flaw in Magento’s backend that was not adequately secured. Attackers can inject malicious code through this flaw, leading to data breaches and other security compromises. The risks associated with Comic Sting highlight the broader dangers of running outdated software, especially in environments handling sensitive data like e-commerce platforms. The Imperative to Upgrade Enhanced Security Features: Each new release of Magento comes with critical security updates that address known vulnerabilities. Upgrading to the latest version ensures that the platform is protected against the most recent threats, including those like Comic Sting. Developers continually work on identifying and patching security loopholes, making new versions significantly more secure. Improved Performance and Functionality: Besides security enhancements, newer Magento versions often include performance improvements and new features. These updates can streamline operations, enhance user experience, and provide better tools for managing the online store. A faster, more efficient website not only improves customer satisfaction but also positively impacts SEO rankings. Compliance with Industry Standards: The e-commerce landscape is governed by various regulations and standards, such as the Payment Card Industry Data Security Standard (PCI DSS). Keeping software up-to-date is crucial for compliance with these standards. Running an outdated version of Magento might not meet the necessary security requirements, potentially leading to fines and penalties. Reduced Maintenance Costs: While upgrading may involve some initial investment, it reduces the long-term costs associated with maintaining outdated software. Older versions are more prone to bugs and security vulnerabilities, requiring frequent patches and custom fixes. Up-to-date systems are more stable and easier to support, leading to lower maintenance costs. Access to Official Support: Magento, like many other platforms, typically provides support for only the latest versions of their software. Using an outdated version means missing out on official support and resources, which can be crucial when facing technical issues or security incidents. Overcoming Common Challenges in Upgrading Many businesses hesitate to upgrade their Magento installations due to concerns about compatibility with existing extensions, customisations, and themes. However, the risks of not upgrading far outweigh these challenges. It is advisable to work with experienced Magento developers or agencies who can ensure a smooth transition. Testing the new version in a staging environment before going live can also help identify and resolve potential issues. Conclusion The Comic Sting vulnerability serves as a stark reminder of the importance of keeping software up-to-date. For Magento users, upgrading to the latest version is not just about accessing new features and better performance; it’s a crucial step in safeguarding their online stores against emerging threats. By prioritizing regular updates and following best practices in security, businesses can protect themselves and their customers from the potentially devastating consequences of cyberattacks. In the ever-evolving digital landscape, staying current with technology is an ongoing responsibility. For Magento store owners, this means being proactive about upgrades and maintaining a vigilant approach to security. The investment in upgrading to the latest version is a small price to pay compared to the potential losses from a security breach.

Choosing a Website Host: Key Factors to Consider

By Andy Devereux July 22, 2024
Selecting a website host is a crucial decision for anyone looking to establish an online presence, whether for a personal blog, an e-commerce store, or a business website. The hosting service you choose can significantly impact your site's performance, security, and reliability. Here are the key factors to consider when choosing a website host. 1. Type of Hosting There are several types of hosting services, each catering to different needs: Shared Hosting: This is the most economical option, where multiple websites share a single server's resources. It's ideal for small websites or blogs with low traffic. VPS Hosting: Virtual Private Server (VPS) hosting offers more resources and better performance by partitioning a single server into multiple virtual servers. It’s suitable for medium-sized websites. Dedicated Hosting: With dedicated hosting, you have an entire server to yourself, providing maximum performance and security. This is best for large websites with high traffic. Cloud Hosting: This hosting uses a network of servers to ensure high availability and scalability. It’s great for websites that experience fluctuating traffic. Managed Hosting: This service includes technical management of your server, which is ideal for those who lack the technical expertise to manage their servers. 2. Reliability and Uptime Uptime refers to the amount of time your website is operational and accessible to users. Look for a host that guarantees at least 99.9% uptime. Reviews and uptime monitoring tools can help verify these claims. A reliable host ensures your website is available whenever users try to access it. 3. Performance and Speed Website loading speed is critical for user experience and SEO. Consider hosts that offer SSD storage, high-speed data transfer, and content delivery networks (CDNs) to ensure fast load times. Performance can also be influenced by the server location; choose a host with data centers close to your target audience. 4. Security Features Security should be a top priority. Look for hosts that offer robust security features, such as SSL certificates, DDoS protection, malware scanning, and automated backups. Regular updates and security patches are also essential to protect your website from vulnerabilities. 5. Scalability As your website grows, your hosting needs may change. Choose a host that offers scalable solutions, allowing you to upgrade your plan seamlessly as your traffic and resource requirements increase. 6. Customer Support Good customer support is invaluable, especially if you encounter technical issues. Opt for hosts that provide 24/7 support through various channels, such as live chat, phone, and email. Check reviews for responsiveness and effectiveness of their support team. 7. Pricing and Value for Money While cost shouldn't be the sole deciding factor, it’s important to find a hosting plan that offers good value for money. Compare what’s included in the price, such as storage, bandwidth, and additional features. Be wary of hidden fees and understand the renewal rates, as they can sometimes be significantly higher than the initial offer. 8. Control Panel and Ease of Use A user-friendly control panel, like cPanel or Plesk, makes managing your website easier, especially for beginners. It should provide intuitive tools for managing files, emails, databases, and other aspects of your hosting environment. 9. Reputation and Reviews Research the host’s reputation by reading reviews from current and past customers. Independent review sites and forums can provide insights into the reliability, performance, and customer service of various hosting providers. 10. Additional Features Consider any additional features that may be important to you, such as one-click installations for CMS platforms (like WordPress), email hosting, domain registration, and e-commerce capabilities.  Conclusion Choosing the right website host requires careful consideration of various factors. By evaluating your specific needs and comparing different hosting providers based on the criteria outlined above, you can make an informed decision that will provide a solid foundation for your website’s success. Remember, the right host not only ensures a smooth and secure operation of your website but also enhances the overall user experience, contributing to the growth and reputation of your online presence.

10 Ways To Keep Your Website Secure: Best Practices and Essential Tips

By Andy Devereux July 19, 2024
In today's digital age, having a secure website is paramount. With the increasing sophistication of cyber-attacks, website security is not just a technical issue but a critical business concern. A breach can lead to severe consequences, including loss of sensitive data, damaged reputation, and financial losses. To safeguard your website, it's essential to implement robust security measures. Here’s a comprehensive guide on how to keep your website secure. 1. Keep Your Software Up to Date One of the simplest yet most crucial steps in website security is ensuring that all software is up to date. This includes the content management system (CMS), plugins, themes, and server software. Developers regularly release updates to patch security vulnerabilities. Ignoring these updates can leave your site exposed to attacks. 2. Use Strong Passwords and Two-Factor Authentication Weak passwords are an easy target for hackers. Ensure that all passwords are strong, unique, and regularly updated. Implementing two-factor authentication (2FA) adds an extra layer of security by requiring a second form of verification, making it significantly harder for unauthorized users to gain access. 3. Secure Your Website with HTTPS HTTPS (HyperText Transfer Protocol Secure) encrypts the data transferred between the user’s browser and your website. This encryption helps protect sensitive information such as login credentials and credit card details. Obtain an SSL certificate and ensure your website is accessible via HTTPS to build trust with your users and improve your search engine ranking. 4. Regularly Back Up Your Data Regular backups are essential in the event of a security breach or data loss. Ensure that backups are stored in a secure location and that they include all critical data. Automated backup solutions can help maintain regularity without manual intervention. Test your backups periodically to ensure they can be restored successfully. 5. Implement Web Application Firewalls (WAF) A Web Application Firewall (WAF) helps filter and monitor HTTP traffic between a web application and the Internet. It protects against various types of attacks, including SQL injection, cross-site scripting (XSS), and more. By blocking malicious traffic, a WAF serves as a critical defense layer for your website. 6. Limit User Access and Permissions Not all users need full access to your website. Implement the principle of least privilege, where users are given the minimum level of access necessary to perform their tasks. Regularly review user permissions and remove access for individuals who no longer need it. 7. Protect Against SQL Injection SQL injection attacks are a common method hackers use to gain unauthorized access to your database. To protect against SQL injection, use prepared statements and parameterized queries. This approach ensures that SQL code is separated from data inputs, preventing attackers from injecting malicious SQL code. 8. Monitor and Audit Your Website Continuous monitoring and regular security audits are essential to identify and address vulnerabilities promptly. Use security tools to scan your website for potential threats and review security logs regularly. Keeping an eye on your website’s activity can help you detect and respond to suspicious behavior quickly. 9. Educate Your Team Security is a collective responsibility. Educate your team about the latest security threats and best practices. Regular training sessions can help ensure that everyone understands their role in maintaining website security.  10. Use Security Plugins For websites built on popular CMS platforms like WordPress, there are numerous security plugins available. These plugins can provide various security features such as malware scanning, brute force protection, and more. Choose reputable plugins with good reviews and regular updates. Conclusion Website security is an ongoing process that requires vigilance and proactive measures. By implementing these best practices, you can significantly reduce the risk of cyber-attacks and ensure that your website remains a safe and secure environment for your users. Remember, the cost of a security breach far outweighs the investment in preventive measures. Stay informed, stay updated, and prioritize security to protect your digital presence.
Web designer

Do You Need a Web Designer or a Web Developer?

By Andy Devereux July 18, 2024
Learn the key differences between web designers and web developers to determine which professional you need for your website project. This guide helps you decide based on your focus on aesthetics, functionality, or both.

The Benefits of Having a Business in Derby

By Andy Devereux July 12, 2024
We started our business in 2006 from a Director's house between Derby and Burton on Trent in the East Midlands. A few years later, we expanded and moved to an office in Derby city centre. In 2019 we relocated to Pride Park, Derby's main business park. Whilst our team spend much of their time working from home, and in fact, post-covid some of our people live in different parts of the UK, we maintain our office in Derby and are proud to be a Derby business servicing customers in the city and across the country. Derby is nestled in the East Midlands of England where it offers a vibrant and strategic location for businesses of all sizes. With its rich industrial heritage, modern infrastructure, and a supportive business environment, Derby presents numerous advantages for entrepreneurs and established enterprises alike. Here are some key benefits of why we set up a business in Derby, and if you are thinking of relocating, maybe you should too. 1. Strategic Location and Connectivity Derby’s central location makes it an ideal hub for businesses looking to reach markets across the UK and beyond. The city is well-connected by road, rail, and air: Road: Situated near the M1 motorway, Derby provides easy access to major cities such as London, Birmingham, and Manchester. Rail: Derby is a major railway centre with direct links to London St Pancras in under 90 minutes, as well as connections to key cities like Nottingham, Leicester, and Sheffield. Air: East Midlands Airport, located just 20 minutes away, offers both domestic and international flights, facilitating global business connections. 2. Thriving Industrial and Business Sectors Derby is renowned for its strong industrial base, particularly in advanced manufacturing, aerospace, and rail industries. The city is home to global giants like Rolls-Royce, Bombardier, and Toyota: Aerospace: Rolls-Royce’s aerospace division is a major employer and a driver of innovation in the city. Rail: Bombardier’s UK headquarters and primary production facility are located in Derby, making it a key player in the rail industry. Automotive: Toyota Manufacturing UK has its car production plant nearby in Burnaston, reinforcing Derby’s automotive sector. 3. Skilled Workforce and Education Derby boasts a highly skilled workforce, thanks to its strong educational institutions and training programs: University of Derby: The university offers a range of business, engineering, and technology courses, producing graduates who are ready to meet the needs of local industries. Apprenticeship Programs: Numerous apprenticeship schemes, often in partnership with leading companies, help develop specialized skills tailored to industry requirements. 4. Supportive Business Environment Derby offers a supportive environment for businesses through various initiatives and organizations: Marketing Derby: This public-private partnership promotes Derby as a business destination and offers support to investors. D2N2 Local Enterprise Partnership: The partnership works to drive economic growth and create jobs in the Derbyshire and Nottinghamshire area. Business Parks and Incubators: There are several business parks and incubators, such as the Derby Business Park and Connect Derby, providing flexible office spaces and support services. 5. Quality of Life Beyond business, Derby offers a high quality of life for residents and employees: Cost of Living: Compared to larger UK cities, Derby has a more affordable cost of living, including housing and amenities. Cultural and Recreational Activities: The city boasts a rich cultural scene with museums, theatres, and sports facilities. The nearby Peak District National Park provides opportunities for outdoor activities and relaxation. 6. Innovation and Research Derby is at the forefront of innovation, driven by collaboration between industry and academia: Derby Innovation Centre: A hub for start-ups and innovators, offering resources and networking opportunities. Collaborative Projects: Partnerships between the University of Derby and local industries foster research and development, particularly in engineering and technology. Conclusion Derby’s strategic location, thriving industrial sectors, skilled workforce, and supportive business environment make it an attractive destination for businesses. Coupled with a high quality of life and a focus on innovation, Derby offers a compelling proposition for entrepreneurs and established enterprises looking to grow and succeed in the UK market. Whether you're a start-up or a multinational corporation, Derby provides the resources and opportunities to thrive. 
More Posts