Distributed denial of service (DOS) attack happen to all service providers on the Internet. Almost every large Internet company is a victim of DDOS attacks. This is because the attacks are relatively easy to perform and they are effective. Digital Ocean (DO) is no exception. In fact, they are more likely to be the targets of a DDOS attack than other Internet companies. There are few things you can do if your Digital Ocean services are being affected by a DDOS.
DDOS attacks happen because they work. The most common reasons for DDOS attacks is that a cyber criminal does not like the content of a website or the activity of a group. This can be anything from a 14 year old DDOSing a video game forum that upset him/her to a political group attempting to take down the website of a government they dislike.
The other common reason for DDOS attacks is for ransom. Cyber criminals ask for money from DDOS victims. Often, these cyber criminals simply threaten organizations with a DDOS. These threats are often empty, but sometimes do result in the target paying a bribe to not get DDOSed.
Digital Ocean is likely to be a target for cyber criminals for both of the above reasons. First off, Digital Ocean is a VPS host. This means many websites, applications and companies use Digital Ocean’s services. Any one of these websites or companies can be the target of a DDOS attack. All it takes is one single company to catch the eye of hackers. These hackers will then point their DDOS at the Digital Ocean server hosting their target.
DDOS ransom threats are also attractive against Digital Ocean. This is because Digital Ocean sells an Internet service to its customers. These customers expect reliable service and good uptime. As soon as Digital Ocean’s network begins to have problems, customers will start to complain and will consider moving to a different VPS provider. Hackers know that hosting services, like the ones Digital Ocean provides are especially vulnerable to disruption.
The hackers hope that it will be more cost effective for a company like Digital Ocean to pay a ransom rather than lose customers due to a DDOS.
Because of past DDOS attacks against them, Digital Ocean is now a customer of CloudFlare. CloudFlare is a company which specialized in DDOS mitigation.
What If Your Digital Ocean VPS Is Being DDOSed
If your Digital Ocean VPS is being DDOSed, it all depends on how large the attack is. If it is a fairly small attack, the fist step to take is to ensure you have a proper firewall. This will prevent attacks from consuming all of your VPS’s memory and CPU power. Any connection to your server which is not blocked by a firewall will take resources for your server to process.
You can also look to get a DDOS protection plan for your website/app/company. CloundFlare and other DDOS protection services often offer a free tier for smaller websites that do not get a lot of traffic.
If a DDOS is large enough to congest the whole Internet port that your server is connected to you are in bigger trouble. When the whole port is being congested it affects not just your VPS, but every VPS connected to that server. At this point Digital Ocean will null route your IP address. This means that your website no longer becomes available. All traffic, legitimate or not legitimate is blocked.
The blocking of DDOS traffic allows the other customers on that port to function normally.
This is why DDOS attacks are so common. They are effective. If they are large enough, there is nothing to be done but to null route the IP address that is being targeted.
Digital Ocean currently does not offer a DDOS protection plan. If you are often the target to DDOS attacks, or your Digital Ocean services are being affected by a DDOS, you may consider switching to a different VPS provider.