Monday afternoon a strange thing happened: a lot of the Internet went dark. Websites were down, people couldn’t log into their email, and small e-stores were unable to do business.
Then came the word from Twitter: GoDaddy, one of the biggest web hosting companies in the world, had been hacked.
GoDaddy eventually brought the affected websites back online late that evening, and it now looks like the hack story was a false alarm: instead, the outage was caused by a technical glitch. The news stories out there have largely focused on the juicy ideas about Anonymous threats and GoDaddy’s corporate culture, with throw-away references to “DDoS” and “IP failure” without much explanation.
We believe in simplifying technology, so today we’re going to break down how a site can go down, and what your business can do about it.
Let’s think about a road trip: you want to get from your home to Grandma’s. You already know her address, so you plug it into your GPS to get directions. A GPS works by determining exact latitude/longitude coordinates via the Global Navigation Satellite System (GNSS) network. It takes that address you plugged in from Grandma, translates it into a numerical equation the satellites can read, then sends you back instructions based on that formula.
You do something very similar when you visit a website. Whatever web-enabled device you navigate cyberspace with has an IP address, as do the sites you might visit. When you type a domain address in the browser like grandma.com, your computer (with its IP address) requests permission to visit the IP address that domain is attached to.
Many people initially thought the GoDaddy outage was caused by a “DDoS,” or “denial of service” attack. These attacks aren’t new (here’s a CNET story from 2000 about how Yahoo was brought down), and the method hasn’t changed much.
Back to our trip to Grandma’s. She gave you her address because she loves the odd visit from her favorite grandchild. But she probably wouldn’t like thousands of strangers showing up for a block party at her place Woodstock-style. Even worse, what if all those strangers pulled a prank where they knocked on the door and fled. Eventually Granny would just give up answering the door: even if you managed to push through the crowd, she wouldn’t let you in.
Likewise, a DDoS attack happens when millions of IPs ping a site every second and the domain can’t keep up with demand. For all intents and purposes, it simply shuts down. More often than not these attacks employ botnets to get so many IPs pointed toward a site (Granny is now under attack from a zombie army). Groups have used DDoS to attack governments and businesses they don’t like, and one such group member claimed to be doing the same thing Monday.
Monday’s snafu cost lots of small businesses real money, and we’re sure your business doesn’t want to turn the cold shoulder to potential customers with a down site.
The best way of countering a DDoS attack is to find a way to separate the good traffic from the bad. Back to Grandma, imagine if she had a way to only let her beloved grandchild knock on her door instead of all those zombies. That technology might not exist yet, but we use professional DNS (Domain Name Server) and VPN (Virtual Private Network) tools to accomplish the same thing virtually. At Cii we partner with leading companies like Dyn and VMware to protect participating clients.
Even though Monday’s glitch turned out to not be a full-scale attack, it’s still an example of what could happen. We encourage you to look into what options are available and take steps to make sure your website stays open for business.