Is there a way to determine the perpetrator and motive behind a DDOS attack on domains, considering that we are not a registered organization and have low website traffic? Our domains are currently being subjected to a significant attack, leaving us curious about the reasoning behind it.
Some of our domains are being targeted while others remain unaffected. IP modification does not seem to be a solution since the attacker seems to be driven by domain names rather than host IPs.
How did you come to the conclusion that there was an attack? I find that hosting providers often use such claims to explain issues that are a result of overselling and upselling services. It's a common occurrence where they often blame non-existent attacks on overloaded webservers.
It's disheartening when a website crashes after just 100 visits. Once, I had a hosting provider who considered even the slightest site traffic as a DDoS attack, which was simply ridiculous and misleading to clients. Even if they claim that there were millions of requests, it's hard to place complete trust in these figures.
It's essential to have reliable hosting providers who can guarantee the stability of the website without resorting to false information about attacks. It's always wise to do careful research before selecting a hosting provider to ensure they can cater to your needs without causing further complications.
What motivates people to organize DDoS attacks? While the purpose is to harm websites, the reason behind it varies from attacker to attacker. It could be as simple as a desire to eliminate competition or as complex as expressing political or social ideas through hаcktivism. One of the most common reasons for DDoS attacks are:
Unfair competition
For example, if two online stores sell similar products, an attack on the website of one of the stores can lead to increased sales for the other. While the affected store tries to solve its website problems, the competitor's sales skyrocket. Small and medium-sized businesses are particularly vulnerable to such attacks if they don't take adequate measures to counter DDoS attacks. In such cases, companies may lose their customers, profits, and reputation in just a few hours.
hаcktivism
This type of cyberattack is committed to either draw public attention to a cause or to protest against a particular issue. Using DDoS attacks, hаcktivist groups can disrupt government or corporate sites to emphasize their message. They usually remain anonymous while their actions are attributed to a collective group. During the Hong Kong protests in 2019, Telegram, a messaging app used by the protesters, was targeted with a powerful DDoS attack. This type of cyberattack represents a new and equally threatening form of protest.
Extortion
Some cyberattacks are initiated to demand ransom money. Attackers may contact website owners and threaten to conduct prolonged DDoS attacks unless they receive a specific amount of money. These attackers usually operate anonymously and may demand payment through cryptocurrency.
The reasons behind DDoS attacks are not always clear, and their consequences can be devastating. Effective cybersecurity measures and awareness of potential risks can help individuals and organizations protect themselves from such attacks.
Determining the perpetrator and their motive behind a DDOS attack is tricky, but not entirely impossible, though it's gonna take some detective work, and a bit of luck, to uncover any solid leads.
Since you're not a registered organization and have low traffic, this could be an attack of opportunity—maybe someone stumbled upon your domain or there's some grudge involved, however unlikely it might seem. Sometimes, attackers target small websites simply because they can, using it as practice or testing their latest botnet. On the other hand, if you've got content or a domain name that's somehow rubbing someone the wrong way, they might've decided to target you specifically.
Now, since your attacker seems to be going after domain names rather than IP addresses, it indicates they're specifically targeting your domains—possibly because of something they associate with those names. Changing IPs might not help much since they're following the domain resolution to find the IP. That means they're probably watching your DNS entries closely. You can try using a service like Cloudflare, which provides DDOS protection and can help mask your true IP address behind their network.
One thing to consider is analyzing the traffic to see where it's coming from—though, be warned, most of the time DDOS traffic is spoofed, so you're not going to get much useful information from the IPs themselves. However, if you see a pattern in the traffic (like certain regions or specific times), that might give you a hint.
As for motive, sometimes it's as simple as someone seeing you as an easy target. Hackers could be hired by a competitor, or you might've become a target of a random internet troll. It's hard to say without more context. Unfortunately, unless the attacker slips up or brags somewhere online, finding out why they're targeting you might remain a mystery.
In any case, your best move right now is defensive. Get some solid DDOS protection in place—Cloudflare is a good start. You can also rate-limit your server, block offending IP ranges, and if you have the resources, try to monitor for suspicious activity in real-time. If this attack is persistent, and you've got a bit of budget, reaching out to a professional incident response team could help you get to the bottom of it.
If nothing else, this experience can be a lesson in the importance of robust security practices, even for smaller sites. You never know who might decide to take a shot at you, but being prepared can make all the difference.