Denial of service

What is a Denial of Service attack?

A Denial of Service attack is a type of attack that sends its victim data that it cannot handle, preventing it from responding to legitimate requests. In turn, this effectively denies service to legitimate users – hence the name. DoS attacks come from one source of attack. DDoS attacks, on the other hand, come from multiple sources. Hence, why the name, Distributed Denial of Service.

DoS attacks can be targeted towards single machines/servers or entire networks. The end result is the same.

How do Denial of Service attacks work?

DoS attacks can be carried out in one of two ways. One method using flooding – a type of attack in which the machine or network is sent more information than it can possibly handle. This type of attack is also known as volumetric. The other method involves sending a specific type of information that makes the machine or network crash, typically exploiting a system vulnerability. This type of attack is also known as an Application Layer attack or Protocol attack – depending on what the attack aims to exploit.

Types of flooding attacks

DoS attacks have evolved over the years, adapting to changes in technology, to exploit new vulnerabilities while retiring those methods that are no longer effective.

HTTP flooding

In an HTTP flood, an attacker sends multiple HTTP requests to the webserver, effectively crippling it. HTTP floods are usually carried out via a DDoS attack with multiple computers who are often unsuspecting participants taking part in the attack. This type of attack is one of the most common types of DoS attacks today.

ICMP flooding

In an ICMP flood, also known as a smurf attack, the attacker takes advantage of a bad configuration to take down network devices. Most devices available today do not have this vulnerability and as such is not something that you’ll see very often, if at all.SYN flooding

In an SYN flood, the attacker starts a connection but does finalize it, leaving the server waiting for a response. With enough half-opened connections waiting for a response, the server can quickly run out of resources, leaving it unable to respond to legitimate requests.

Slow loris attack

If anyone ever claims IT people have no sense of humor, this disproves it. The aim of this type of DoS attack is to bore a server to death by sending the least amount of data possible as slowly as possible without the server dropping the connection. Open enough slow loris connections and the server will quickly run out of connections to serve legitimate users.

Why are Denial of Service attacks dangerous?

Denial of Service attacks are on the increase, with close to 3 million attacks reported in the first quarter of 2021 alone. Compounding matters, is the fact that DoS and DDoS attacks are becoming more sophisticated.

We see this in how attacks evolved from a simple ICMP flood to the Slow Loris attack – which uses connection threads to effectively take a server offline.

How to protect your WordPress website from Denial of Service attacks

If you’re hosting your WordPress website with a hosting provider, you’re more than likely protected against different types of attacks. While this does not make you immune to such attacks, it does lower the risk significantly.

Big companies such as Google and Amazon, governments, and entire countries have all been victims of DoS attacks.

As a WordPress website administrator or owner, one of the best tools at your disposal is to use a CDN – a distributed caching service that allows you to service users faster while offering a degree of protection from DoS attacks.

A good WordPress Web Application Firewall can also protect you from DoS attacks. Since the firewalls sits in front of your website, it can scan incoming traffic before it even reaches WordPress, with built-in algorithms able to distinguish between legitimate and DoS/DDoS traffic and shutting the latter down.

Stay in the loop

Subscribe to the Melapress newsletter and receive curated WordPress management and security tips and content.

Newsletter icon

It’s free and you can unsubscribe whenever you want. Check our blog for a taste.

Envelope icon

 Boost your sites’ security and management! Download our free eBook on WordPress oversight.

Uploading WP 2FA as a zip file in WordPress
WP 2FA in the WordPress plugin repository
Close

Installing WP 2FA Free

Congratulations on taking the first step towards enhancing your WordPress site's security with WP 2FA Free! You're now on your way to protecting your valuable data and ensuring peace of mind. No coding or technical knowledge is required.

 

Below are two ways to install WP 2FA on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for WP 2FA.

Download the WP 2FA plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading CAPTCHA 4WP as a zip file in WordPress
CAPTCHA 4WP in the WordPress plugin repository
Close

Installing CAPTCHA 4WP Free

Well done you. You're one step closer to safeguarding your WordPress website from spam and automated attacks with CAPTCHA 4WP. You'll be able to effortlessly integrate CAPTCHA into your forms and enjoy a website with enhanced security.

 

Below are two ways to install CAPTCHA 4WP on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for CAPTCHA 4WP.

Download the CAPTCHA 4WP plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP Activity Log as a zip file in WordPress
WP Activity Log in the WordPress plugin repository
Close

Installing WP Activity Log Free on your website

You deserve a pat on the back for choosing to record user actions and changes on your website. That is the first step towards better user accountability, easier troubleshooting of website security, and many other benefits of issues.

 

Below are the two ways to install WP Activity Log on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for WP Activity Log.

Download the WP Activity Log plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading Melapress Login Security as a zip file in WordPress
Melapress Login Security in the WordPress plugin repository
Close

Installing Melapress Login Security Free

Congratulations on taking control of your WordPress website's security by implementing robust login and password policies with Melapress Login Security. You can change your login page URL, limit failed login attempts, and reset passwords.

 

Below are two ways to install Melapress Login Security on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for Melapress Login Security.

Download the Melapress Login Security plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2