A DDoS attack can take a website offline in minutes — not by hacking it, but by overwhelming it with traffic until legitimate visitors can’t get through. These attacks have grown cheaper and more common, targeting businesses of every size. The good news is that with the right hosting features and protections, most DDoS attacks can be absorbed or filtered before they cause damage. This guide explains what a DDoS attack is and how to defend against one.
What Is a DDoS Attack?
DDoS stands for Distributed Denial of Service. An attacker uses a network of compromised computers and devices — a botnet — to flood your server with a massive volume of requests all at once. The server, busy trying to answer the flood, runs out of resources and can no longer serve real visitors. “Distributed” means the traffic comes from thousands of sources, which makes it hard to simply block one address.
The Main Types of DDoS Attack
| Type | How it works | Example |
|---|---|---|
| Volumetric | Saturates bandwidth with sheer traffic volume | UDP / DNS amplification floods |
| Protocol | Exhausts server/firewall connection resources | SYN flood |
| Application-layer | Mimics real users to overwhelm the app | HTTP flood on a login or search page |
Application-layer (“Layer 7”) attacks are the trickiest because the traffic looks like genuine visitors — blocking it without hurting real users takes intelligent filtering.
Warning Signs of an Attack
- A sudden, unexplained flood of traffic — often from unusual regions.
- Your site slows to a crawl or becomes completely unreachable.
- Server CPU, memory, or bandwidth spikes with no marketing reason.
- A wave of requests all hitting the same URL or endpoint.
How to Protect Your Website
Effective DDoS defense is layered — no single control stops everything:
- Use a CDN / edge network — services like Cloudflare absorb and filter massive volumetric attacks at the edge, far from your server.
- Enable a Web Application Firewall (WAF) — filters malicious Layer 7 traffic while letting real users through.
- Rate limiting — caps how many requests a single source can make in a time window.
- Choose hosting with built-in DDoS mitigation — many providers filter attack traffic at the network level automatically.
- Keep resources headroom — scalable hosting can absorb smaller spikes without falling over.
What to Do During an Attack
- Contact your host immediately — they can often apply network-level filtering fast.
- Enable “under attack” mode if you use Cloudflare or a similar service.
- Identify the pattern — a target URL or source range you can block.
- Don’t panic-reboot repeatedly — work with your provider on mitigation.
Conclusion
A DDoS attack floods your site with junk traffic to knock it offline — but it doesn’t have to succeed. Layer your defenses: put a CDN and WAF in front of your site, use rate limiting, and choose hosting with built-in DDoS mitigation. With those protections in place, most attacks are filtered out before your visitors ever notice.
