DDoS stands for “Distibuted Denial of Service”. This is a form of attack which is performed against a web-server. In a Distributed Denial of Service attack, a large number of clients send repeated requests to a server, flooding it with incoming messages until it becomes unable to answer requests from legitimate users.
Usually, DDoS attacks begin with one computer, which is known as the botmaster. That computer controls other computers, which are usually owned by normal Internet users who are blissfully unaware that their machines are infected by malware. However, not all DDoS attacks are run in this manner.
The online activist/hacking group, Anonymous, used a tool called the High Orbit Ion Canon to run co-ordinated DDoS attacks against their targets. The High Orbit Ion Cannon is a simple application. Users who wanted to take part in Anonymous DDoS attacks would simply download the tool, and configure the amount of their computing resources they were willing to devote to attacking a particular site. The average website could be taken down with just 50 people running the HOIC, and Anonymous has thousands of supporters from all over the world. The organization has managed to bring down Paypal, as well as Visa and Mastercard.
Not all DDoS attacks are malicious. You may have heard of the Digg effect (or, these days, the Reddit effect), where a site makes it to the front page of a popular social bookmarking website, and their server crashes because of the sudden influx of traffic. Essentially, the community of that social networking site is performing a DDoS attack on the website.
Server crashes happen when a site runs a popular sale. The Hoxton Hotels booking website goes down every time they offer rooms at their high-end hotel for £1 per night. The Steam Community site goes down every winter when the company runs their Holiday Season sale with games at discounts as high as 91%. Those companies want to attract attention to their products and services, and they end up becoming victims of their own success.
No website can be completely DDoS proof, but there are some precautions that you can take to make your site more robust. On most shared hosting services, it is the application layer which fails first. Using a good caching system can reduce the load that each website hit places on your server, and implementing a CDN such as Cloudflare can make your site even more resilient, because your most popular pages will be cached on multiple servers across the CDN, meaning that when users try to DDoS your site, most of them won’t even hit your own server, but rather the server of the CDN.
To protect yourself against network-layer attacks, you should configure your site to drop ICMP packets and other suspicious requests from outside your network. Adaptive packet dropping is a good way to stop your site from getting overloaded, and will offer some protection against DDoS attacks that target your site by IP address to bypass your CDN.