What is DDoS Attack?

DDoS attacks have been around for decades. This is just a basic flood attack that overwhelms a system or service with traffic with the ultimate goal to put the website or web property offline.

That was during its early days. It was a basic attack against availability. It existed in its simplest form, which became easy to prevent and eliminate. But as technology evolves, so is the capability of malicious hackers. Today, DDoS attacks are capable of sending 100Gbps of traffic to your server, website or web application. And worse than that, it’s not just plain traffic. That traffic may even be infected with worm, malware or any other malicious data. Today, DDoS attack is not a simple flooding attack. It can bring the greatest disaster in your online business: hardware destruction.

DDoS and DoS – Their Difference

A denial of service (DoS) attack uses a single machine, single IP and single internet connection in an attempt to make a network resource unavailable to its users. An example of this scenario is the temporary interruption or suspension of the services from a host connected to the internet.

Distributed denial of service (DDoS) attacks on the other hand is using multiple machines, IPs and internet connections to target a specific service, website or server. Typical number of machines used in a DDoS ranges from a few hundred to thousands.

DDoS and Their Targets

Most of the time, DDoS attacks targets high profile websites like banking sites, payment gateways, e-commerce websites, gaming servers and others. Sometimes, the intention of DDoS is to gain advantage in commercial competition, revenge, blackmailing, and activism or just for fun.

Because of a number of tools available today, all websites are subject to DDoS. In addition to that, you can even buy a DDoS service online! Many servers coming with free DDoS protection.

DDoS Symptoms

So, how do you know when you are under DDoS attack? The US-CERT (United States Computer Emergency Readiness Team) gave some symptoms of DoS attacks. They are:

  • Slow network performance
  • A particular website is down
  • All websites inaccessible
  • Stellar increase on the number of spam emails received
  • Wireless or wired connection became disconnected
  • Long term inability to access a certain website or service

Attack Types

  • ICMP Flooding – known as the smurf attack, this kind of attack takes advantages of misconfigured network devices that will allow packets to be sent to all computers in a particular network.
  • SYN Flood – this takes advantages of sending a flood of TCP/SYN using a forged sender address.
  • Teardrop Attack – it uses a flood of invalid packets to the target machine, often with overlapping payloads. On earlier Windows versions, it can crash the OS completely, though modern Windows machines have fixed this bug.
  • P2P attacks – also known as peer-to-peer attacks, this uses an exploit from the bugs in peer-to-peer servers in order to initiate DDoS attacks. In this method of attack, the attacker doesn’t use botnets, but acts as a puppet master instead using a large number of clients using P2P hubs to connect to their victims instead of their P2P network.
  • Phlashing – also known as a permanent denial-of-service attack incurs hardware level damage that renders a server completely useless by flashing a corrupted firmware, hereby bricking it.

Tips for Maintaining Online Security

 

Online security is one of the most important thing that you need to learn today because almost every day, we are using the internet to communicate, buy things, get information, read news and weather forecast and play games. Because of the lack of knowledge about maintaining a good online security, many have fallen into the deep dark abyss of malicious online hackers and impersonators. These malicious cyber criminals are often targeting people who have less knowledge about online security and those who are not trying to improve or maintain their online security. So if you are here in order to improve or maintain your online security, then you’ve landed on the right place. Let me teach you some of the tips to maintain online security in order to prevent your financial and personal information from being stolen or taken over.

Social Engineering

If you always though that hacking is mostly done by using some form of complicated computer technology or software, then you are wrong, because the art of hacking is only 25% tools and software and 75% mastering of psychology and words. That’s what social engineering is.

Social engineering is the black magic of persuading or influencing individuals, and it’s the hacker’s best weapon of destruction. Generally, hackers can control us because of a refined comprehension of human qualities, for example, trust, ignorance, greed, the need to be liked, the yearning to help and plain old artlessness. Not even the most refined software can help to shield us from ourselves.

In order to protect ourselves from these type of hackers, we must educate ourselves about the way hackers do this particular method. There is a great article here that describes social engineering in-depth: http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-i-hacker-tactics

Creating Serious Password

Do not ever attempt to create a lame password, such as those containing your name, birthday, address or other personally identifiable information. Make sure that you create a password as random as possible. Create a mix of letters, number and symbols, both upper and lowercase but make sure that you can remember it. But if that’s your problem, there are apps or software that can help you store your password for later use or for archival purposes.

Split Emails

You’re probably using one email address to connect or manage your Facebook, Twitter, forums, newsgroups and shopping accounts. It’s always a good idea to use a separate or use multiple emails for different accounts. This is a great step to recover a certain lost or hacked account by sending access or confirmation to a secondary email, which most services have.

Be Wary of Social Networks

Never trust a stranger online, especially on social networks. Websites like Facebook, Twitter and Tumblr are pooled with social engineers.

Avoiding Click Fraud

If you are new in the world of pay per click business, then you might still be a bit confused about the meaning of click fraud. Often seen in the pay-per-click advertising world, click fraud is a tricky method that is costing organizations and business visionaries thousands. Most of the time, click fraud includes noxious, massive clicking of your PPC commercial by a rival with the expectation that you’ll lose your mind when you see your out of this world advertising bill and quit running PPC advertisements. When you can no more stand to run advertisement, the “vanishing” of your advertisements from Google or Yahoo! means more clicks and more sales for the perpetrator’s campaign.

Sadly, eliminating it is almost impossible but you can always create ways to minimize it. Let’s see some of the effective methods to minimize click fraud.

Monitor the IP Addresses

When you take a glance at the IP addresses that are clicking on your pay per click advertisements, they should be different from each other. It’s a genuinely evident idea, your advertisement appears for unique clients every time, so there should never have a duplicate IP address clicking at the same time and if there are, you are a victim of fraudulent clicks which implies you’ll need to make action to prevent any further damage. In the event that you happen to check the IP addresses and you discover duplicates, try pausing your account until you can figure out your next move. By doing it, you will avoid wasting your PPC budget for nonsense clicks. Therefore, it’s always a great idea to monitor and take a look at your PPC campaign information to make sure that click fraud is minimized.

Targeting Specific Location or Niche

If you’re just promoting a niche based product or if you are just trying to promote your business product or service to a particular area, it is a good idea to make sure that you are just targeting the right place and the right niche at the right time. With this, you can lessen any potential risks of being targeting by click fraud attackers and in addition to that, you can generate better leads and sales while spending lesser amount of budget.

Monitor Competitors

Monitor who is competing with your keywords in search engines because those competitors can be a culprit of click fraud against you. There are different companies out there that offers click reports to help you track fraud. One of them is ClickForensics that offers free tracking reports that will detail the number of clicks on your ads that came from competitors and other common sources of fraud. There are even other companies that offer a free trial.