Whenever there is a DDoS we get a lot of questions on social media and in support tickets, so I thought I'd try to answer some of them here. We also have a blog article that you may want to read, DDoS attacks: what they are, why they happen and what we can do about them. What is the ETA for return of service? In the case of a DDoS we cannot give an estimate as to when service will be restored. Attacks come in many forms, and some of them are easier to mitigate than others. If the target site is obvious, mitigation happens pretty quickly. If the target is not obvious or the attack is general or obfuscated, it takes a bit longer to mitigate. I would rather not give estimates or guesses as to when a DDoS might be mitigated, that doesn't benefit you, so we're always going to say that we aren't sure when an attack will be mitigated. The attack today took longer than usual to mitigate. Normally we can stop them in less than half that time, sometimes sooner, again, depending on the nature of the attack. What are you going to do to prevent this in the future? DDoS cannot be prevented. If a site or IP address is publicly available, it can be attacked. We have a lot of systems in place - hardware, software and third-party DDoS mitigation services - to mitigate or aid in mitigation of different kinds of DDoS attacks. In fact you will never notice the vast majority of DDoS attacks because they are small enough (relatively speaking - none of them are actually small) to mitigate without any disruption. The very large attacks, however, can't be mitigated through the typical DDoS mitigation methods, we have to use different methods to stop those, and those are the global outages that you notice. Why does this happen so often? The short answer is, it doesn't. The last DDoS large enough to affect the entire network happened in October of last year. Almost a year ago. Individual servers are more likely to experience problems, so if your site is ever unavailable, the odds are it is not a DDoS attack affecting the entire network, but rather an isolated server issue. You might understandably say that even once a year is too often, and I wouldn't disagree with you. But that isn't the world we live in anymore. It becomes increasingly easier to launch a DDoS every day, and now we're at the point where there are extremely inexpensive DDoS services that will attack any target that you pay them to attack. (I would also just like to add here that problems happen on the Internet in general - routes go down, cables are accidentally cut, etc. - and those things can take down a connection between you and us, while not affecting people who connect on other routes. So it appears that our network is down when it is not. That's pretty common, actually, we answer tickets about that and posts on social media several times a week.) DDoS are a problem that needs to be solved on the network (Internet) level somehow, but so far there isn't a a single cut and dried solution. But at the rate the attacks are increasing in size and ease of launch, it's a problem that will have to be solved eventually, or the Internet as we know it will cease to be useful. This last one isn't exactly a question, but... I'm tired of this, I'm leaving you guys and moving my sites! DDoS are typically aimed at specific sites, not hosts. There is not a commercial host anywhere that is immune, since it's impossible to predict which sites will be targeted. If you move your site(s) you may not experience a DDoS at the new host for a year. Or you may see one the next day. But eventually it's going to happen. It happens to every host everywhere. Without exception. Which means sometimes it going to happen to us. Not every host will say that to you or admit to it, but it's the truth. We don't ever want anyone to leave DiscountASP.NET, but we're also not going to lie to you in order to try to keep you here. That's not how we do business.
