{"id":50470,"date":"2025-09-26T14:51:35","date_gmt":"2025-09-26T11:51:35","guid":{"rendered":"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/"},"modified":"2025-09-26T14:51:35","modified_gmt":"2025-09-26T11:51:35","slug":"what-is-ddos-and-how-it-works-in-website-security","status":"publish","type":"post","link":"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/","title":{"rendered":"What Is Ddos and How It Works in Website Security"},"content":{"rendered":"<p><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#What_is_ddos_and_why_it_matters_for_website_security\" >What is ddos and why it matters for website security<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#How_attackers_organize_and_launch_DDoS_attacks\" >How attackers organize and launch DDoS attacks<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#Common_types_of_DDoS_attacks\" >Common types of DDoS attacks<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#Why_different_attack_types_matter\" >Why different attack types matter<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#Signs_your_website_may_be_under_a_DDoS_attack\" >Signs your website may be under a DDoS attack<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#Practical_mitigation_strategies\" >Practical mitigation strategies<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#Key_technical_defenses\" >Key technical defenses<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#Organizational_and_procedural_steps\" >Organizational and procedural steps<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#Detection_and_monitoring_tools\" >Detection and monitoring tools<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#After_an_attack_recovery_and_lessons_learned\" >After an attack: recovery and lessons learned<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#Costs_and_trade-offs\" >Costs and trade-offs<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#Summary\" >Summary<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#FAQs\" >FAQs<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#How_is_DDoS_different_from_a_regular_hack\" >How is DDoS different from a regular hack?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#Can_a_small_business_protect_itself_from_DDoS_without_a_big_budget\" >Can a small business protect itself from DDoS without a big budget?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#How_can_I_tell_if_traffic_spikes_are_legitimate_or_a_DDoS\" >How can I tell if traffic spikes are legitimate or a DDoS?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#What_should_I_do_immediately_if_my_site_is_under_attack\" >What should I do immediately if my site is under attack?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/infinitydomainhosting.com\/kb\/what-is-ddos-and-how-it-works-in-website-security\/#Is_it_legal_to_launch_a_DDoS_attack\" >Is it legal to launch a DDoS attack?<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"What_is_ddos_and_why_it_matters_for_website_security\"><\/span>What is <a href=\"https:\/\/support.hostinger.com\/en\/articles\/5634639-what-is-a-ddos-attack-and-how-to-prevent-it\" target=\"_blank\" rel=\"noopener\">ddos<\/a> and why it matters for <a href=\"https:\/\/www.hostinger.com\/website-builder\" target=\"_blank\" rel=\"noopener\">website<\/a> security<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\n<a href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-2fa-step-by-step\/\">A<\/a> DDoS, or Distributed Denial of Service, is an attack that overloads a website, server, or online service so legitimate users cannot access it. Unlike a single-source DoS where one machine targets a service, a DDoS comes from many compromised devices coordinated to act at once. For website owners this is a practical risk: <a href=\"https:\/\/hostadvice.com\/blog\/server\/what-is-downtime\/\" target=\"_blank\" rel=\"noopener\">downtime<\/a> can cost revenue, damage reputation, and expose operational weaknesses that attackers can exploit later. Understanding how DDoS works is the first step toward protecting infrastructure and planning a fast, effective response.\n<\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_attackers_organize_and_launch_DDoS_attacks\"><\/span>How attackers organize and launch DDoS attacks<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>\nMost DDoS attacks begin with the attacker building or renting control over many devices , commonly called a botnet. These might be home routers, insecure IoT gadgets, or hijacked servers. The attacker sends <a href=\"https:\/\/www.hostinger.com\/tutorials\/linux-commands\" target=\"_blank\" rel=\"noopener\">commands<\/a> to the botnet to generate traffic that overwhelms a target. That traffic can be simple packets aimed at saturating the network link, or it can be carefully crafted requests designed to exhaust application resources like CPU, memory, or available connections. Attackers often test and tune their attacks to bypass basic protections before launching a larger campaign.\n<\/p>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Common_types_of_DDoS_attacks\"><\/span>Common types of DDoS attacks<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\nDDoS attacks vary by the layer of the network stack they target and the resources they attempt to exhaust. Knowing the differences helps you choose defenses that match the threat.\n<\/p>\n<p><\/p>\n<ul><\/p>\n<li><strong>Volumetric attacks:<\/strong> These flood the target with huge amounts of data to saturate <a href=\"https:\/\/infinitydomainhosting.com\/kb\/the-importance-of-bandwidth-in-web-hosting-understanding-its-impact-on-website-performance\/\">bandwidth<\/a>. Amplification attacks (e.g., <a href=\"https:\/\/infinitydomainhosting.com\/index.php?rp=\/knowledgebase\/128\/How-to-manage-your-DNS-settings-for-your-domain.html\">DNS<\/a>, NTP) use small forged requests that produce large responses sent to the victim, multiplying the attack traffic.<\/li>\n<p><\/p>\n<li><strong>Protocol attacks:<\/strong> These exploit weaknesses in network protocols or stateful resources. Examples include SYN floods that overwhelm connection queues and fragmented packet attacks that force heavy processing on routers or firewalls.<\/li>\n<p><\/p>\n<li><strong>Application-layer attacks:<\/strong> These look like legitimate requests but are designed to be expensive for the server to process, such as repeated complex HTTP requests, slow-read (Slowloris) connections, or excessive login attempts that trigger heavy database operations.<\/li>\n<p>\n<\/ul>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Why_different_attack_types_matter\"><\/span>Why different attack types matter<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>\nA volumetric flood can be mitigated by absorbing and filtering traffic upstream, while an application-layer attack often requires smarter, content-aware defenses like a web application firewall or rate limiting. Protocol attacks can sometimes be handled by tuning the server\u2019s <a href=\"https:\/\/www.hostinger.com\/tutorials\/tcp-protocol\" target=\"_blank\" rel=\"noopener\">tcp<\/a>\/IP stack or enabling SYN cookies, but sustained, large-scale attacks typically need external scrubbing or traffic diversion to specialized infrastructure.\n<\/p>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Signs_your_website_may_be_under_a_DDoS_attack\"><\/span>Signs your website may be under a DDoS attack<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\nDetecting an attack early reduces downtime and damage. Common indicators include sudden, large spikes in traffic from unusual geographic regions; a disproportionate number of requests of a single type (for example, GET or POST); repeated connection attempts that never complete; an increase in failed requests or 5xx server errors; degraded user experience like slow page loads; and saturation of CPU, RAM, or bandwidth resources. Monitoring tools and analytics often show the pattern before users report outages, so setting up alerts for abnormal traffic behavior is critical.\n<\/p>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Practical_mitigation_strategies\"><\/span>Practical mitigation strategies<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\nNo single defense eliminates DDoS risk, so the best approach combines multiple layers. Start by hardening your infrastructure and limiting exposure: disable unnecessary services, close unused ports, and keep software patched. Use cloud-based services where possible because many providers include basic DDoS protection and can absorb spikes that on-premise links cannot.\n<\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Key_technical_defenses\"><\/span>Key technical defenses<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<ul><\/p>\n<li><a href=\"https:\/\/infinitydomainhosting.com\/kb\/setting-up-a-content-delivery-network-cdn-for-website-performance-optimization\/\">content delivery network<\/a> (<a href=\"https:\/\/infinitydomainhosting.com\/kb\/setting-up-a-content-delivery-network-cdn-for-website-performance-optimization\/\">CDN<\/a>): A <a href=\"https:\/\/www.hostinger.com\/tutorials\/what-is-cdn\" target=\"_blank\" rel=\"noopener\">cdn<\/a> caches content and distributes traffic across many nodes, reducing load on origin servers and absorbing volumetric traffic.<\/li>\n<p><\/p>\n<li>Web Application Firewall (WAF): A WAF inspects HTTP(s) traffic for malicious patterns and can block or throttle suspicious requests at the application layer.<\/li>\n<p><\/p>\n<li>Rate limiting and connection controls: Limit requests per IP, throttle aggressive clients, and set connection timeouts to prevent resource exhaustion.<\/li>\n<p><\/p>\n<li>Anycast and load balancing: Anycast routes traffic to the nearest node in a distributed network, spreading the attack and preventing a single point of failure; load balancers distribute requests across healthy servers.<\/li>\n<p><\/p>\n<li>Upstream filtering and scrubbing centers: ISPs and DDoS mitigation services can redirect traffic into cleaning centers that filter malicious packets before forwarding legitimate traffic.<\/li>\n<p><\/p>\n<li>Server and network tuning: Implement SYN cookies, increase backlog limits where safe, and tune TCP\/IP parameters to handle transient spikes while other defenses engage.<\/li>\n<p>\n<\/ul>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Organizational_and_procedural_steps\"><\/span>Organizational and procedural steps<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>\nCreate an incident response plan that outlines roles, communication channels, and escalation steps. Maintain a list of contacts at your <a href=\"https:\/\/hostadvice.com\/\" target=\"_blank\" rel=\"noopener\">hosting<\/a> provider, CDN, and ISP so you can engage them quickly. Keep backups and disaster recovery procedures current so you can restore services or divert traffic if needed. Regularly run tabletop exercises to ensure your team can detect, analyze, and respond to attacks under pressure.\n<\/p>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Detection_and_monitoring_tools\"><\/span>Detection and monitoring tools<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\nEffective DDoS defense relies on timely, accurate detection. Use network flow analytics (NetFlow\/sFlow), server logs, and application performance monitoring to spot anomalies. Automated systems that combine behavior baselines with threshold alerts can help you distinguish legitimate traffic surges (like marketing-driven spikes) from malicious activity. Many <a href=\"https:\/\/www.a2hosting.com\/wordpress-hosting\/managed\/\" target=\"_blank\" rel=\"noopener\">managed<\/a> security providers offer real-time dashboards and mitigation-as-a-service that switch on protections automatically when an attack is identified.\n<\/p>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"After_an_attack_recovery_and_lessons_learned\"><\/span>After an attack: recovery and lessons learned<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\nOnce traffic returns to normal, collect logs and metrics from your servers, firewalls, and upstream providers to analyze the attack\u2019s vectors and scale. Determine whether any security gaps were exploited and update firewall rules, WAF policies, and rate limits accordingly. Consider investing in more resilient architecture or contractual DDoS protection if the attack exposed capacity limits you cannot easily fix. Legal reporting may be appropriate for severe incidents, and sharing anonymized indicators with security communities can help others defend against similar attacks.\n<\/p>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Costs_and_trade-offs\"><\/span>Costs and trade-offs<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\nMitigating DDoS can be expensive: paid mitigation services, increased bandwidth, and more complex architectures all carry ongoing costs. However, for many organizations the cost of prolonged downtime outweighs mitigation expenses. Choose defenses based on the value of the service you protect and the likely threat level. Smaller sites might start with CDN and basic WAF protection, while high-value targets should consider <a href=\"https:\/\/www.a2hosting.com\/dedicated-server-hosting\/\" target=\"_blank\" rel=\"noopener\">dedicated<\/a> scrubbing services and contractual SLAs with providers.\n<\/p>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\nA DDoS attack disrupts service by flooding or exhausting resources using many distributed sources. Attacks target different layers , from raw bandwidth to application logic , so layered defenses are essential. Use a combination of CDNs, WAFs, rate limiting, upstream filtering, and good operational practices to detect, absorb, and respond to incidents. Planning, monitoring, and rapid coordination with providers dramatically reduce downtime and long-term impact.\n<\/p>\n<p><!--KB_CAT_BLOCK--><\/p>\n<figure class=\"kb-cat-placeholder\" style=\"margin:1.75rem 0;display:block;\">\n<div class=\"kb-cat-wrap\" style=\"position:relative; overflow:hidden; border-radius:12px; box-shadow:0 10px 36px rgba(0,0,0,0.14);\"><img src=\"https:\/\/infinitydomainhosting.com\/kb\/assets\/img\/cat-default.webp\" alt=\"What Is Ddos and How It Works in Website Security\" loading=\"lazy\" decoding=\"async\" style=\"max-width:100%;height:auto;display:block;border-radius:12px;box-shadow:0 8px 28px rgba(0,0,0,0.12);\" \/><\/p>\n<div class=\"kb-cat-gradient\" style=\"position:absolute; inset:0; background:linear-gradient(180deg, rgba(9,23,60,0.66) 0%, rgba(11,30,70,0.45) 40%, rgba(11,30,70,0.15) 100%);\"><\/div>\n<div class=\"kb-cat-textbox\" style=\"position:absolute; inset:auto 5% 7% 5%; color:#fff; text-align:center; display:flex; flex-direction:column; gap:.4rem; align-items:center; justify-content:flex-end;\">\n<div class=\"kb-cat-title\" style=\"font-weight:800; font-size:clamp(20px,3.6vw,34px); line-height:1.2; letter-spacing:.2px; text-shadow:0 1px 2px rgba(0,0,0,.35);\">What Is Ddos and How It Works in Website Security<\/div>\n<div class=\"kb-cat-meta\" style=\"opacity:1; font-weight:600; font-size:clamp(13px,2.6vw,16px); line-height:1.45; text-shadow:0 1px 2px rgba(0,0,0,.28);\">What is ddos and why it matters for website security A DDoS, or Distributed Denial of Service, is an attack that overloads a website, server, or online service so legitimate\u2026<\/div>\n<div class=\"kb-cat-desc\" style=\"opacity:1; font-weight:500; font-size:clamp(12px,2.4vw,15px); line-height:1.5; max-width:900px; text-wrap:balance; text-shadow:0 1px 2px rgba(0,0,0,.25);\">Computer Security<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"FAQs\"><\/span>FAQs<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_is_DDoS_different_from_a_regular_hack\"><\/span>How is DDoS different from a regular hack?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>\nA DDoS doesn\u2019t usually steal data or break into systems; its primary goal is to deny service by overwhelming resources. A hack typically targets confidentiality or integrity, while a DDoS targets availability.\n<\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Can_a_small_business_protect_itself_from_DDoS_without_a_big_budget\"><\/span>Can a small business protect itself from DDoS without a big budget?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>\nYes. Basic protection like using a CDN, enabling provider-supplied DDoS protection, implementing rate limits, and keeping software updated can mitigate many common attacks. For higher-risk services, consider affordable managed services that scale protection as needed.\n<\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_can_I_tell_if_traffic_spikes_are_legitimate_or_a_DDoS\"><\/span>How can I tell if traffic spikes are legitimate or a DDoS?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>\nLook for patterns: genuine traffic usually comes from expected regions, has consistent behavior across pages, and aligns with marketing events or time zones. DDoS traffic often shows repetitive request types, odd geographic distribution, or very high volumes from many IPs. Behavioral baselines and anomaly alerts help differentiate the two.\n<\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"What_should_I_do_immediately_if_my_site_is_under_attack\"><\/span>What should I do immediately if my site is under attack?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>\nActivate your incident response plan, contact your <a href=\"https:\/\/hostadvice.com\/\" target=\"_blank\" rel=\"noopener\">hosting<\/a> provider or CDN, enable any emergency DDoS mitigation features, and implement temporary rate limits or geo-blocking if appropriate. Preserve logs for post-incident analysis and keep stakeholders informed.\n<\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Is_it_legal_to_launch_a_DDoS_attack\"><\/span>Is it legal to launch a DDoS attack?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>\nNo. Launching a DDoS attack is illegal in most jurisdictions and can lead to criminal charges, civil liability, and significant penalties for the attacker. If you believe you are the target of an attack, report <a href=\"https:\/\/support.hostinger.com\/en\/articles\/1863967-how-to-point-a-domain-to-hostinger\" target=\"_blank\" rel=\"noopener\">it to<\/a> your provider and law enforcement as appropriate.\n<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is ddos and why it matters for website security A DDoS, or Distributed Denial of Service, is an attack that overloads&hellip;<\/p>\n","protected":false},"author":1,"featured_media":50471,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[8,86,4593,9,1,4594,87,3,5,10,11,88,2],"tags":[11030,11031,10512,11025,11027,11028,11026,11032,7789,11029,10447,10661,581,11024],"class_list":["post-50470","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-website-security","category-computer-security","category-databases","category-domains","category-general","category-networking","category-online-marketing","category-php-scripts","category-seo","category-servers","category-support","category-web-hosting","category-wordpress","tag-botnets","tag-cyber-attacks","tag-cybersecurity","tag-ddos","tag-ddos-attack","tag-ddos-mitigation","tag-distributed-denial-of-service","tag-incident-response","tag-network-security","tag-traffic-filtering","tag-web-security","tag-website-protection","tag-website-security","tag-what-is-ddos-and-how-it-works-in-website-security"],"_links":{"self":[{"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/posts\/50470","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/comments?post=50470"}],"version-history":[{"count":1,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/posts\/50470\/revisions"}],"predecessor-version":[{"id":50472,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/posts\/50470\/revisions\/50472"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/media\/50471"}],"wp:attachment":[{"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/media?parent=50470"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/categories?post=50470"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/tags?post=50470"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}