by Lisa
I've talked previously about some of the ways hackers hack sites and what their motivations are and I thought I'd follow up with an explainer about some of the common hacking, or attacking, terms you might have heard. They all are bad for your website, keep your web team super busy and can be very stressful to deal with! But they're actually very different in nature.
DOS
DOS stands for Denial of Service - so someone is trying to stop your website from offering it's content. In other words, bring it down. We've all seen how websites can come offline when they get too many visitors such as when you're trying to get concert tickets (I'm writing this the day before the 2021 census and I wonder how that website is going to fare tomorrow!) and so a DOS attack is when someone bombardes your site with loads and loads of fake traffic, or visitors, so that your hosting can't cope any more and your site goes down. Mission accomplished - the hacker has denied your visitors access to your service.
However, it's very easy (well, if you're technical! And depending on your hosting) to block a single source of nasty traffic now a days. So more often than not, these sorts of attacks are DDOS now a days (with an extra D)...
DDOS
A DDOS attack is the same as above, but with an extra D for Distributed. This means that the fake traffic hitting your site and trying to bring you down is coming from lots of different sources - and that can make it a lot harder to block. The fact that it's so easy to buy cloud servers from all over the world now a days and just spring up new servers in a few minutes means these are the sorts of denial of service attacks that are much more common now a days - and harder to stop. As you stop one source of traffic, another springs up.
Hackers used to use members of the public to help facilitate these sorts of attacks - getting you to download a script from a hacked website or dodgy email without you knowing so that then when prompted, your computer would start hitting the site under attack. But now, like I say, with cloud hosting so readily available, if the hacker has resource (money) they don't need the public (although the public help them stay even more anonymous).
To combat these sorts of attacks sometimes we've had to block traffic from whole countries, or even continents - but even then of course, once the hacker realises what's been blocked, they can just just spin up a server that is outside those rules.
AWS does also let you put extra limits in, so if you're subject to these sorts of attacks, speak to an AWS specialist to help you get some rules in place to limit the rate at which people can hit you.
Brute Force Attacks
Now, these might sound the most forceful, but really, if the hacker has any sense about them, they're the sort that can slip under the radar. A Brute Force Attack is when an attacker tries to guess passwords to log into your website - they'll have an automated script to try hundreds or thousands of password guesses to try and log in. It might be that they've gotten a leaked mailing list off the "black market" and so they try to log in as your users in order to look for sensitive information or credit card details. Alternatively, it might be that they're trying to log in as your admin account in order to access customer or financial data - or publish bad content or bring the site down from the inside.
The point is, they'll get further with their attempt if they're undisturbed and aren't blocked by you or the site. If they hit you too hard, with too many requests / password guesses, they'll effectively be a DOS or DDOS attack - and then your site might go down and they won't be able to keep trying to log in. Or they'll trigger some alarms or your web team will notice the site receiving a huge amount of traffic, and you'll start trying to block them and again, they'll be stopped from doing what they're trying to do. So these types of attacks work best when they're a steady trickle of attempts.
Why?
As for why people do these sorts of attacks, this goes back to my motivation post. But generally, I'd say these sorts of attacks are targetted for a reason. It could even be that someone is targetting your hosts, so it might not be personal to you, but still targetted in some way.
