Staying Ahead in the Game of Distributed Denial of Service Attacks

Steve Persch
Pantheon

Too much traffic can crash a website. I learned that hard lesson relatively early in my web development career. Web teams recoil in horror when they realize their own success has crashed their site. Remember when Coinbase spent millions of dollars on a Super Bowl commercial that successfully drove traffic to their site and app? Their infrastructure got run over.

That stampede of traffic is even more horrifying when it's part of a malicious denial of service attack. I count my lucky stars that in my previous jobs of building and running sites I never went head-to-head with a determined attacker. I would have lost. Most web teams would if they were playing the game of Distributed Denial of Service (DDoS) on their own.

These attacks are becoming more common, more sophisticated and increasingly tied to ransomware-style demands. So it's no wonder that the threat of DDoS remains one of the many things that keep IT and marketing leaders up at night.

There's no one easy fix for DDoS attacks. DDoS isn't a bug — it's more like a never-ending game. But to understand the nature of the problem, we need to start from the basics.

Opening Play: Simple Servers Serving Websites

The game can start simple enough. Web teams put websites on the internet with servers. Whether those servers are in a basement office, on some virtual machine, or part of shared hosting, they are largely good enough to send out some HTTP responses.

Now it's the hackers' turn. Even though those servers are intended to only serve HTTP responses, they are still computers on the internet. So they're vulnerable to all kinds of asymmetrical networking attacks that exhaust their resources. How about a UDP flood? Game over.

Add a Firewall

Well, the game is never over. Get a firewall. That can keep out network-level attacks and you can block specific IP addresses. You're winning the game now!

Wait a second … Do you even want to be playing this cat-and-mouse game? While you're thinking about that, the hackers move on to attacking your DNS provider.

Looking for Weak Links

As you're scouring logs and blocking IPs, you're also on the phone with your DNS provider asking what's going on over there. Maybe it's time to switch DNS providers? Ugh, that'll eat up a ton of time and effort and that yields zero positive value to your stakeholders. They're asking for actual improvements to the site that they can see, not the switching of invisible building blocks.

That tension propelled the growth of extremely large services like Cloudflare, which consolidated some of these concerns. Lots of sites moved DNS there to get their free CDN service. Cloudflare withstood low-level network attacks that could overwhelm via sheer volume even a firewalled website. Still, the internet never sleeps. Hackers don't seem to sleep much either because they are finding more ways to slide through the protections of these platforms.

The Street Finds Its Own Use For Things

Many of the technological advances in the 2010s that seemed so useful for benevolent purposes like browser automation are also really handy for generating fake traffic that seems real. The capacity to script browsers that we leverage for visual regression testing can also trick a CDN into thinking that fake traffic is real traffic. The street finds its own use for things, as the writer William Gibson once put it.

When the attack is coming in the form of a lot of web browsers making legitimate-seeming requests, the current state of the art is either an expensive WAF solution, which still requires some ongoing maintenance, or an "I'm under attack" mode. That can keep your site up by adding a CAPTCHA test. However, it isn't acceptable for most teams over the long term to leverage a CDN layer, which is supposed to make the site faster while also making the overall experience slower by forcing the real visitors to pass through some kind of virtual security line. Ugh.

The Winning Move Is Not to Play Alone

Back to the same question from earlier. Do you want to be playing this game at all?

I don't personally want to play in the game, so it's key to identify a platform solution that accelerates and eases management by taking whole classes of problems off the table. Any given web team could do the toiling work of updating PHP versions, but the modern sophistication of DDOS has evolved to require a sizable platform WebOps team that can hold the line.

Steve Persch is Director of Developer Experience at Pantheon

Related Links

Hot Topics

The Latest

Payment Outages Threaten $44.4 Billion in US Retail and Hospitality Sales Annually

Payment system failures are putting $44.4 billion in US retail and hospitality sales at risk each year, underscoring how quickly disruption can derail day-to-day trading, according to research conducted by Dynatrace ... The findings show that payment failures are no longer isolated incidents, but part of a recurring operational challenge that disrupts service, damages customer trust, and negatively impacts revenue ...

From Automation to Intelligence: How AI Will Redefine DevOps in 2026

For years, the success of DevOps has been measured by how much manual work teams can automate ... I believe that in 2026, the definition of DevOps success is going to expand significantly. The era of automation is giving way to the era of intelligent delivery, in which AI doesn't just accelerate pipelines, it understands them. With open observability connecting signals end-to-end across those tools, teams can build closed-loop systems that don't just move faster, but learn, adapt, and take action autonomously with confidence ...

AI First? Why CIOs Are Putting the Cart Before the Horse

The conversation around AI in the enterprise has officially shifted from "if" to "how fast." But according to the State of Network Operations 2026 report from Broadcom, most organizations are unknowingly building their AI strategies on sand. The data is clear: CIOs and network teams are putting the cart before the horse. AI cannot improve what the network cannot see, predict issues without historical context, automate processes that aren't standardized, or recommend fixes when the underlying telemetry is incomplete. If AI is the brain, then network observability is the nervous system that makes intelligent action possible ...

Mitigating Complexity for Today's Database Administrator

SolarWinds data shows that one in three DBAs are contemplating leaving their positions — a striking indicator of workforce pressure in this role. This is likely due to the technical and interpersonal frustrations plaguing today's DBAs. Hybrid IT environments provide widespread organizational benefits but also present growing complexity. Simultaneously, AI presents a paradox of benefits and pain points ...

How Enterprises Are Re-Architecting Around AI

Over the last year, we've seen enterprises stop treating AI as “special projects.” It is no longer confined to pilots or side experiments. AI is now embedded in production, shaping decisions, powering new business models, and changing how employees and customers experience work every day. So, the debate of "should we adopt AI" is settled. The real question is how quickly and how deeply it can be applied ...

MEAN TIME TO INSIGHT Podcast - Episode 20: 2026 NetOps Predictions

In MEAN TIME TO INSIGHT Episode 20, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA presents his 2026 NetOps predictions ... 

EMA at 30: The Value of Consistency

Today, technology buyers don't suffer from a lack of information but an abundance of it. They need a trusted partner to help them navigate this information environment ...

Making Sense of Logical Data Management

My latest title for O'Reilly, The Rise of Logical Data Management, was an eye-opener for me. I'd never heard of "logical data management," even though it's been around for several years, but it makes some extraordinary promises, like the ability to manage data without having to first move it into a consolidated repository, which changes everything. Now, with the demands of AI and other modern use cases, logical data management is on the rise, so it's "new" to many. Here, I'd like to introduce you to it and explain how it works ...

2026 Data Center Predictions

APMdigest's Predictions Series continues with 2026 Data Center Predictions — industry experts offer predictions on how data centers will evolve and impact business in 2026 ...

2026 DataOps Predictions - Part 2

APMdigest's Predictions Series continues with 2026 DataOps Predictions — industry experts offer predictions on how DataOps and related technologies will evolve and impact business in 2026. Part 2 covers data and data platforms ...

Staying Ahead in the Game of Distributed Denial of Service Attacks

Steve Persch
Pantheon

Too much traffic can crash a website. I learned that hard lesson relatively early in my web development career. Web teams recoil in horror when they realize their own success has crashed their site. Remember when Coinbase spent millions of dollars on a Super Bowl commercial that successfully drove traffic to their site and app? Their infrastructure got run over.

That stampede of traffic is even more horrifying when it's part of a malicious denial of service attack. I count my lucky stars that in my previous jobs of building and running sites I never went head-to-head with a determined attacker. I would have lost. Most web teams would if they were playing the game of Distributed Denial of Service (DDoS) on their own.

These attacks are becoming more common, more sophisticated and increasingly tied to ransomware-style demands. So it's no wonder that the threat of DDoS remains one of the many things that keep IT and marketing leaders up at night.

There's no one easy fix for DDoS attacks. DDoS isn't a bug — it's more like a never-ending game. But to understand the nature of the problem, we need to start from the basics.

Opening Play: Simple Servers Serving Websites

The game can start simple enough. Web teams put websites on the internet with servers. Whether those servers are in a basement office, on some virtual machine, or part of shared hosting, they are largely good enough to send out some HTTP responses.

Now it's the hackers' turn. Even though those servers are intended to only serve HTTP responses, they are still computers on the internet. So they're vulnerable to all kinds of asymmetrical networking attacks that exhaust their resources. How about a UDP flood? Game over.

Add a Firewall

Well, the game is never over. Get a firewall. That can keep out network-level attacks and you can block specific IP addresses. You're winning the game now!

Wait a second … Do you even want to be playing this cat-and-mouse game? While you're thinking about that, the hackers move on to attacking your DNS provider.

Looking for Weak Links

As you're scouring logs and blocking IPs, you're also on the phone with your DNS provider asking what's going on over there. Maybe it's time to switch DNS providers? Ugh, that'll eat up a ton of time and effort and that yields zero positive value to your stakeholders. They're asking for actual improvements to the site that they can see, not the switching of invisible building blocks.

That tension propelled the growth of extremely large services like Cloudflare, which consolidated some of these concerns. Lots of sites moved DNS there to get their free CDN service. Cloudflare withstood low-level network attacks that could overwhelm via sheer volume even a firewalled website. Still, the internet never sleeps. Hackers don't seem to sleep much either because they are finding more ways to slide through the protections of these platforms.

The Street Finds Its Own Use For Things

Many of the technological advances in the 2010s that seemed so useful for benevolent purposes like browser automation are also really handy for generating fake traffic that seems real. The capacity to script browsers that we leverage for visual regression testing can also trick a CDN into thinking that fake traffic is real traffic. The street finds its own use for things, as the writer William Gibson once put it.

When the attack is coming in the form of a lot of web browsers making legitimate-seeming requests, the current state of the art is either an expensive WAF solution, which still requires some ongoing maintenance, or an "I'm under attack" mode. That can keep your site up by adding a CAPTCHA test. However, it isn't acceptable for most teams over the long term to leverage a CDN layer, which is supposed to make the site faster while also making the overall experience slower by forcing the real visitors to pass through some kind of virtual security line. Ugh.

The Winning Move Is Not to Play Alone

Back to the same question from earlier. Do you want to be playing this game at all?

I don't personally want to play in the game, so it's key to identify a platform solution that accelerates and eases management by taking whole classes of problems off the table. Any given web team could do the toiling work of updating PHP versions, but the modern sophistication of DDOS has evolved to require a sizable platform WebOps team that can hold the line.

Steve Persch is Director of Developer Experience at Pantheon

Related Links

Hot Topics

The Latest

Payment Outages Threaten $44.4 Billion in US Retail and Hospitality Sales Annually

Payment system failures are putting $44.4 billion in US retail and hospitality sales at risk each year, underscoring how quickly disruption can derail day-to-day trading, according to research conducted by Dynatrace ... The findings show that payment failures are no longer isolated incidents, but part of a recurring operational challenge that disrupts service, damages customer trust, and negatively impacts revenue ...

From Automation to Intelligence: How AI Will Redefine DevOps in 2026

For years, the success of DevOps has been measured by how much manual work teams can automate ... I believe that in 2026, the definition of DevOps success is going to expand significantly. The era of automation is giving way to the era of intelligent delivery, in which AI doesn't just accelerate pipelines, it understands them. With open observability connecting signals end-to-end across those tools, teams can build closed-loop systems that don't just move faster, but learn, adapt, and take action autonomously with confidence ...

AI First? Why CIOs Are Putting the Cart Before the Horse

The conversation around AI in the enterprise has officially shifted from "if" to "how fast." But according to the State of Network Operations 2026 report from Broadcom, most organizations are unknowingly building their AI strategies on sand. The data is clear: CIOs and network teams are putting the cart before the horse. AI cannot improve what the network cannot see, predict issues without historical context, automate processes that aren't standardized, or recommend fixes when the underlying telemetry is incomplete. If AI is the brain, then network observability is the nervous system that makes intelligent action possible ...

Mitigating Complexity for Today's Database Administrator

SolarWinds data shows that one in three DBAs are contemplating leaving their positions — a striking indicator of workforce pressure in this role. This is likely due to the technical and interpersonal frustrations plaguing today's DBAs. Hybrid IT environments provide widespread organizational benefits but also present growing complexity. Simultaneously, AI presents a paradox of benefits and pain points ...

How Enterprises Are Re-Architecting Around AI

Over the last year, we've seen enterprises stop treating AI as “special projects.” It is no longer confined to pilots or side experiments. AI is now embedded in production, shaping decisions, powering new business models, and changing how employees and customers experience work every day. So, the debate of "should we adopt AI" is settled. The real question is how quickly and how deeply it can be applied ...

MEAN TIME TO INSIGHT Podcast - Episode 20: 2026 NetOps Predictions

In MEAN TIME TO INSIGHT Episode 20, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA presents his 2026 NetOps predictions ... 

EMA at 30: The Value of Consistency

Today, technology buyers don't suffer from a lack of information but an abundance of it. They need a trusted partner to help them navigate this information environment ...

Making Sense of Logical Data Management

My latest title for O'Reilly, The Rise of Logical Data Management, was an eye-opener for me. I'd never heard of "logical data management," even though it's been around for several years, but it makes some extraordinary promises, like the ability to manage data without having to first move it into a consolidated repository, which changes everything. Now, with the demands of AI and other modern use cases, logical data management is on the rise, so it's "new" to many. Here, I'd like to introduce you to it and explain how it works ...

2026 Data Center Predictions

APMdigest's Predictions Series continues with 2026 Data Center Predictions — industry experts offer predictions on how data centers will evolve and impact business in 2026 ...

2026 DataOps Predictions - Part 2

APMdigest's Predictions Series continues with 2026 DataOps Predictions — industry experts offer predictions on how DataOps and related technologies will evolve and impact business in 2026. Part 2 covers data and data platforms ...