What to do if your app is under a DDoS attack? Effective protection and emergency measures!

With the popularity of cell phones, mobile traffic is becoming more and more important, developers prefer to develop APP to obtain users and users, many developers APP on the shelves to be attacked, especially the type of data-sensitive APP, the frequency of attacks and powerful are so that the majority of developers are unable to cope with the APP suffered from ddos / cc attacks, a serious impact on the business operation, fatal to the developer, today CDN5 Technology Lab engineers will tell you how to solve the APP by DDOS attacks. 

What is an APP DDoS attack?

DDoS attack, namely Distributed Denial of Service attack, refers to a type of cyber attack in which an attacker uses one or more computers in different locations to simultaneously launch attacks on one or more targets, consuming the performance of the target server or network bandwidth, making the server run slowly or crash, and thus causing the server to be unable to provide services normally

Common Types of DDoS Attacks：

Traffic attack: Impacting the target system through a large number of packets (e.g. TCP, UDP), consuming a large amount of network bandwidth.
Application layer attack: Directly targeting the application layer of the website, destroying the data transmission between hosts, such as HTTP requests, which is harder to detect.
Protocol attacks: Utilizing the weaknesses of the protocol stack to cause service interruptions, such as the SYN flood of the TCP protocol, causing the target system to run out of resources.

How do hackers attack apps?

1. Traffic-based DDoS attack: These attackers use a large amount of false traffic to launch requests to the target, exhausting the server's broadband. ICMP and UDP floods and other deceptive packet attacks all belong to the category of DDoS traffic attacks.
2. Protocol or network layer DDoS attack: The protocol or network layer consumes the resources of the target app by sending a large number of forged data packets. These attacks are usually measured in PPS (packets per second) and include attacks such as Ping of Death, SYN, and Smurf DDoS.
3. Application layer DDoS attack: Server resources are overwhelmed by sending a large number of malicious code requests to the APP program. These requests seem real but are very difficult to defend against. For example, common Post and Get requests. For Windows, Apache, and OpenBSD, and even port vulnerabilities, the scale is in RPS (requests per second).
4. Botnet: The WireX botnet became one of the largest attackers of the Android system back then. This botnet was hidden in about 300 applications officially provided by the Google Play Store. When a user installs this application, WireX will add a single mobile device to a broader network. Then this network will send junk traffic to certain websites, causing these websites to crash and become unusable. Amazon, Github, PayPal, Reddit, and Twitter have all been attacked and paralyzed by the Mirai botnet. For details, see: https://blog.cloudflare.com/the-wirex-botnet/.

What should I do if my APP is attacked by DDOS?
If your APP is being attacked resulting in business interruption, the best way to access CDN5's self-developed SDK Shield, the SDK takes over all communication traffic, scheduling and encrypted transmission, and its powerful distributed protection capability can effectively intercept attackers, with non-sensitive MFA authentication, which will not cause any trouble to APP users.
The cost of SDK is relatively expensive compared to ordinary CDN, however, CDN5's SDK Shield has been extremely cost-effective compared to other manufacturers, and its advantage lies in the fact that CDN5 is the world's first security service provider to use AI intelligent scheduling, and through AI analysis and years of accumulation of big data patterns, it can quickly target protection, and it greatly saves unnecessary costs in the efficiency of the configuration and the use of resources.

How to prevent an APP from being DDoS - attacked?

1. The IP, domain name, and api used by the APP are connected to our CDN service before development. Deploying a traffic filter based on the network and application layers through CDN5 can identify and filter out malicious requests in the traffic, helping to mitigate the impact caused by DDoS attacks. Traffic filters can monitor and filter traffic according to pre-set rules, such as blocking requests from specific IP addresses or abnormal traffic.
2. Configure CDN5 Firewall and Intrusion Detection System (IDS): Reasonable setup of firewall and IDS can help you detect and block potential DDoS attacks. Firewalls can monitor and filter traffic, and IDS can detect abnormal traffic and attacks and take timely measures.
3. Configure authentication, such as biometric authentication and multi-factor authentication (MFA), to block bogus data requests. Encrypt sensitive data at rest and in transit using robust algorithms such as AES and security protocols such as HTTPS/TLS. If you are using the CDN5 sdk, these multiple configurations are in place by default and do not need to be developed and monitored.
4. Conduct regular security audits and penetration tests to identify and fix APP vulnerabilities, and follow secure coding and regularly update dependencies to mitigate risks.