Tuesday, January 06, 2015

Web hosting companies can warn website owners about possible DDOS attacks, but false positives can happen

Most modern web hosts now have tools in place to detect possible distributed denial-of-service attacks (DDOS attacks)in progress against a customer’s domain.  But some hosts may be overdoing it. 
There were questions on the “Squarespace.com” host about seeing the “unusual traffic detected” message on the “Domain Tools” WHOIS entry showing the site title (here).   I’ve noticed this on a couple sites myself, but the same message does NOT appear when the site is queried on “Network Solutions” WHOIS.   It would seem that a site that normally has very low traffic might generate this warning if one user, in a short time, generates even 20-30 page requests, which could hardly cause a DOS situation or result in a bandwidth overage charge.
There are tools to block or bounce traffic from specific IP's, to interrupt a detected DDOS, or sometimes to stop invalid clicks on sponsors.  
Note that domain name hosts often, for sites with private domain name registration, produce warnings to inquirers about abuse or excessive lookups.

No comments: