Hi there. We ran a small gaming website for children for a year, receiving about a hundred visitors daily. It was hosted on **********.com at the cheapest rate, and we faced occasional issues with the site freezing, which were resolved by techno. However, on the same day that we paid for the second year, our site got blocked by the hoster due to an automatic response to a ddos attack. Although the site was turned back on upon our request, it was cut down within half a day due to similar attacks.

When we approached the hoster to fix the issue, they kept offering options such as leaving their service or paying monthly for a dedicated server along with third-party protection against attacks. Moreover, they held us responsible for not securing our website against ddos attacks, which is why they refused to refund us.

We have been communicating with them for a week now, but they haven't taken any meaningful actions apart from giving excuses. Our question to you is: How can we resolve this?

Hosting providers should provide protection against DDoS attacks just like they offer hosting and server rentals. The difference between a good and bad provider lies in how well this service is thought out. If a provider refuses to help and tells you to find protection elsewhere, it shows that they are willing to abandon their clients.

It is concerning that they did not warn you about potential DDoS attacks initially and are now trying to sell you something at the cost of a dedicated server. This behavior does not reflect positively on them, and it might be best to switch to a hosting company that provides a more satisfying experience.

What distinguishes a DoS attack from a DDoS attack?
In the hackers' arsenal, there is an additional type of Denial of Service (DoS) attack. The primary difference between a DoS attack and a DDoS attack is that only one device requests a website in a DoS attack, rather than a network.

What dangers does a DDoS attack present?
Cybercriminals may use DDoS attacks for various reasons:
- To halt services or disrupt online learning and exams.
- For extortion, as hackers may demand ransom in Bitcoin and threaten an extended DDoS attack without it.
- As a tactic against competitors, which is often ordered by illegal businesses or small legal businesses eager to improve their market position.
- To distract attention from other nefarious activities, such as introducing encryption viruses and/or stealing corporate information.

The goal of these actions is to make an online resource inaccessible to end-users, which presents two risks to the commercial sector: loss of revenue and reputational damage. State-owned companies may fail to fulfill their obligations, such as providing public services, if targeted by a DDoS attack.

How can you defend against DDoS attacks?
The primary method of protection is to filter traffic based on its content, IP addresses, and other criteria. Two approaches can accomplish this:
1) Install your own server and software to take full control of your infrastructure and modify everything to meet your specific requirements.
2) Purchase anti-DDoS protection from a third-party company to lower equipment maintenance costs and avoid hiring specialized security personnel. External anti-DDoS services can be enabled or disabled at any time and have become increasingly popular over the last five years. Most web hosting and internet providers or specialized organizations offer such services.

It is also essential to frequently monitor system updates and ensure that corporate websites and IT resources can handle significant traffic.

It's essential to review the terms of service and the hosting agreement you entered into with the hosting provider. This will help determine the rights and obligations of both parties in the event of a DDOS attack or service disruption. Additionally, it will shed light on any provisions related to refunds, liability, and the responsibility for securing the website against attacks.
Secondly, it's crucial to gather evidence of the downtime, communications with the hosting provider, and any other relevant dоcumentation. This will be valuable in building a case and presenting a clear picture of the impact the hosting provider's actions have had on your business.

Considering the nature of the service disruption and its impact on your business, it might be necessary to explore legal options. This could involve sending a formal legal notice to the hosting provider highlighting their breach of contract, failure to provide the agreed-upon service, and seeking a resolution to the issue.

In parallel, it's advisable to seek alternative hosting solutions to ensure the continued operation of your gaming website. Exploring the possibility of migrating to a different hosting provider that offers robust DDOS protection and reliable services may be a proactive step to mitigate future risks.

Moreover, engaging in open dialogue with the hosting provider to express the severity of the situation and the impact on your business could potentially lead to a mutually agreeable resolution. This could involve negotiating for a refund, discounted services, or a dedicated effort from the hosting provider to implement effective DDOS protection measures for your website.