What is a DDoS attack and how does it affect your website?

Home / Everything About / Everything About Websites / What is a DDoS attack and how does it affect your website?

A DDoS attack is one of the most common reasons a website goes offline without any warning. Every server has a limit on how many requests it can handle at once. A DDoS attack floods that limit by sending an enormous number of requests from thousands of different devices all at the same time, until the server runs out of capacity and real visitors cannot get through.

Unlike most other web attacks, a DDoS attack does not try to break into a website or steal anything from it. It tries to knock it over. Understanding how that works is what makes it clear why protecting against it looks very different from other security measures.

DDoS stands for Distributed Denial of Service. "Denial of Service" means the goal is to make the site unusable. "Distributed" means the attack comes from thousands of different places at once, not from a single source. That spread is what makes it hard to stop. You cannot block one IP address and end it. For the full picture of what kinds of threats websites face and why protection matters for every site, see the article on why website security is important.

How a DDoS attack works

The attacker does not send all that traffic themselves. They use a large network of devices that have been quietly taken over by harmful software — home computers, routers, cameras, and anything else connected to the internet. The device owners usually have no idea anything is happening.

The mechanics of the attack

  • The attacker instructs all of these devices to send requests to the target site at the same time
  • Because the requests come from thousands of different locations, the server sees a massive spike in what looks like real traffic
  • The server tries to handle the load and runs out of capacity before it can keep up
  • Real visitors' requests get lost in the flood and never receive a response
  • The site appears offline for the duration of the attack

What makes it hard to stop

The distributed part of a DDoS attack is what makes it different from a simple flood from one source. If one device was sending all the traffic, blocking that device would end the attack. When thousands of devices are involved, each sending a small amount of traffic individually, blocking any one of them barely makes a dent. The total volume is what causes the problem, and stopping it requires filtering at a level above the individual site.

What a DDoS attack does to a website

The site goes down

When the server is overwhelmed, it stops responding. Anyone trying to load any page gets an error message or a connection timeout. The site is not broken and nothing has been deleted. It just cannot answer requests because it is handling an impossible volume of fake ones.

For the site owner, this shows up as alerts firing across monitoring tools, customer service messages coming in, and a dashboard that is unreachable because the server is not responding to anything.

Real visitors cannot get through

The server cannot tell the difference between a real visitor and one of the attack requests. It tries to handle all of them and ends up handling none of them effectively. A person who genuinely wants to read a page, place an order, or get in touch is blocked just as completely as the flood of fake requests. The site goes dark for everyone until the attack stops or is filtered.

How long attacks last

Some attacks are over in minutes. Others run for hours, and in more serious cases they go on for days. The attacker controls when it stops. The longer it runs, the more it costs the site owner in lost traffic, missed orders, and damage to search performance caused by extended downtime.

Why websites get targeted by DDoS attacks

Targeted attacks

Some DDoS attacks are aimed at a specific site. A competitor trying to take a rival offline during a high-traffic period. Someone with a grievance against a business or public figure. A coordinated action aimed at a high-profile organization. These attacks are deliberate and chosen.

Random automated attacks

A large share of DDoS attacks have nothing to do with the specific site being hit. Automated tools test sites and attack the ones that can be overwhelmed. The site does not need to be a chosen target. It just needs to be findable and running on a server that cannot absorb the load the tool generates.

Ransom demands

In some cases, attackers contact a business before starting an attack and demand payment to hold off. If no payment comes, the attack begins. This type of attack, sometimes called a ransom DDoS, is a real threat for ecommerce businesses and online services where downtime has a clear and immediate financial cost.

How websites are protected from DDoS attacks

Traffic filtering at the network level

The most effective DDoS protection happens at the network level, before attack traffic ever reaches the individual site's server. Hosting providers and content delivery networks watch for unusual traffic patterns, identify when a site is under attack, and begin filtering the incoming flood before it takes the server down.

This works because it operates above the individual site. A server that would be overwhelmed handling all that traffic directly instead has the volume intercepted and dropped at the network level, before it arrives.

Rate limiting

Rate limiting puts a cap on how many requests a single source can send in a short window. A real visitor loading a page sends a small number of requests. An attack tool might send thousands from the same source in a second. Rate limiting identifies and slows down or blocks sources behaving in a way no real visitor ever would.

Rate limiting is not a complete defense against large distributed attacks on its own, since those spread requests across so many sources that no individual one hits the limit. But it reduces the load of larger attacks and handles smaller-scale flood attempts entirely.

Traffic distribution across servers

Content delivery networks spread site content across many servers in different locations. When an attack targets a site, the traffic is distributed across all of those servers rather than hitting one. An attack volume that would take down one server has to be large enough to overwhelm many at once to have the same effect.

A web application firewall running alongside a CDN adds another layer, filtering harmful requests before they reach the servers at all. For more on how that works, see the article on what a web application firewall is and how it protects your site.

What to do during a DDoS attack

  • Contact your hosting provider right away. They have tools at the network level that can detect and filter attack traffic far faster than anything that can be done from the site dashboard
  • Note when the attack started and what you are observing. This helps the hosting team understand what they are dealing with and where the traffic is coming from
  • Do not make major changes to the site configuration while the attack is active. Wait until things have stabilized before adjusting anything
  • Confirm that backup copies of the site are intact. A DDoS attack does not alter or delete content, but knowing the backups are safe is useful

For how to set up backups so they are ready when needed, see the article on how to back up your website. For the full guide to protecting your site across all the common types of attacks, see the article on how to protect your website from hackers.

How WEMASY handles DDoS protection

WEMASY's hosting includes DDoS protection and traffic filtering at the network level. Attacks are detected and filtered before they reach individual sites on the platform. This protection is built into every plan and requires no setup or configuration from site owners.

Sites on WEMASY do not need to purchase separate DDoS protection services. The network-level filtering handles the high-volume traffic floods that would take a site offline on unprotected hosting, and it is active by default for every site on the platform.

See what is included at the WEMASY website builder, or review plan options on the pricing page.

Frequently asked questions

What is a DDoS attack?

How is a DDoS attack different from hacking?

Can a small website be targeted by a DDoS attack?

How long does a DDoS attack last?

What should I do if my site is being hit by a DDoS attack?

Does DDoS protection come with my hosting?