Recover from having your website from being attacked or defaced.
- Identify a DDOS attack
- Know if your website is down or defaced for another reason
- Deal with a DDOS attack
- Deal with website defacement
Brenda publishes a story about corruption on her organisation's website. Hours later, the website is down and she worries it is being attacked to silence her.
Before she can be sure the site is under attack, Brenda needs to rule out other possible causes for the down website. If it is being attacked, she needs to know how to fix it.
A threat faced by many independent journalists, news sites and bloggers is being silenced because their website is down or defaced.
In many cases, this maybe an innocent and frustrating problem. But on occasion, it may be due to a distributed ‘denial of service’ (DDOS) attack or a website takeover.
A DDOS attack is when an attacker uses thousands of machines and possibly automated tools to repeatedly and rapidly view a webpage in order to crowd out normal readers.
DDOS attacks repeatedly view a webpage to overload the server
To start, it is important to know that there are many reasons why your website can be down. Most often this is due to programming errors or technical problems at the company that hosts the site.
Sometimes, other things like legal challenges can cause a host to turn a site off as well. Before you conclude you are the victim of a DDOS attack, make sure to root out potential problems by speaking with someone in charge of your website.
If you don't have someone in charge of your website, read the lesson on other reasons your site may be down.
Fixing your website yourself can be difficult
Contact a trusted person who can help with your website (your webmaster, the people who helped you set up your site, your internal staff if you have them and the company that hosts your site).
Ask your webmaster to change the ‘Time to Live’ or TTL to 1 hour. This can help you redirect your site much faster once it comes under attack (the default is 72 hours, or three days).
If you are trying to do this yourself: This setting will often be found in ‘advanced’ properties for your domain, sometimes part of the SRV or Service records. Refer to the guide put together by Gandi or work with the company you bought your domain from (like EasyDNS, Network Solutions, GoDaddy).
Have your webmaster move your site to a DDoS mitigation service. Examples:
- [Google’s Project Shield]
- [CloudFlare’s Project Galileo]
If you are doing this yourself refer to the guide Electronic Frontier Foundation has put together
As soon as you have regained control, review your needs and decide between a secure hosting provider or simply continuing with your DDoS mitigation service
DDoS mitigation services protect your website from being overloaded
Verify that this is a malicious takeover of your website. An unfortunate but legal practice is to buy recently expired domain names to ‘take over’ the traffic they had for advertising purposes.
To prevent this, it is very important to keep payments for your domain name in order.
If your website has been defaced, first regain control of your website login account and reset its password, see the Account Hijacking lesson for help.
Make a backup of the defaced site that can later be used for investigation of the defacement.
Temporarily turn off your website – use a simple landing page or ‘parked’ page.
Determine how your site was hacked. Your hosting provider may be able to help.
Common problems are older parts of your site with custom scripts/tools running on them, out of date content management systems, and custom programming with security flaws.
Restore your original from backups. If neither you, nor your hosting company have backups, you may have to re-build your website from scratch!
Also note that if your only backups are at your hosting provider, an attacker may be able to delete those when they take control of your site!
Move to a DDoS Mitigation service or secure hosting provider. Deflect.ca can support you in protecting your site from online attacks. CloudFlare can also block many common attacks.
Secure hosting providers such as VirtualRoad/Qurium go to great lengths to detect and prevent such attacks.
Restore your original website
What is gitbook used for?
Is it quiz?
- Digital Defenders Partnership: Digital First Aid Kit
- Jon Camfield: My Website is Down
- Access Now: Defending users at risk from DDoS attacks: An evolving challenge