Skip to main content

Staying Ahead in the Game of Distributed Denial of Service Attacks

Steve Persch
Pantheon

Too much traffic can crash a website. I learned that hard lesson relatively early in my web development career. Web teams recoil in horror when they realize their own success has crashed their site. Remember when Coinbase spent millions of dollars on a Super Bowl commercial that successfully drove traffic to their site and app? Their infrastructure got run over.

That stampede of traffic is even more horrifying when it's part of a malicious denial of service attack. I count my lucky stars that in my previous jobs of building and running sites I never went head-to-head with a determined attacker. I would have lost. Most web teams would if they were playing the game of Distributed Denial of Service (DDoS) on their own.

These attacks are becoming more common, more sophisticated and increasingly tied to ransomware-style demands. So it's no wonder that the threat of DDoS remains one of the many things that keep IT and marketing leaders up at night.

There's no one easy fix for DDoS attacks. DDoS isn't a bug — it's more like a never-ending game. But to understand the nature of the problem, we need to start from the basics.

Opening Play: Simple Servers Serving Websites

The game can start simple enough. Web teams put websites on the internet with servers. Whether those servers are in a basement office, on some virtual machine, or part of shared hosting, they are largely good enough to send out some HTTP responses.

Now it's the hackers' turn. Even though those servers are intended to only serve HTTP responses, they are still computers on the internet. So they're vulnerable to all kinds of asymmetrical networking attacks that exhaust their resources. How about a UDP flood? Game over.

Add a Firewall

Well, the game is never over. Get a firewall. That can keep out network-level attacks and you can block specific IP addresses. You're winning the game now!

Wait a second … Do you even want to be playing this cat-and-mouse game? While you're thinking about that, the hackers move on to attacking your DNS provider.

Looking for Weak Links

As you're scouring logs and blocking IPs, you're also on the phone with your DNS provider asking what's going on over there. Maybe it's time to switch DNS providers? Ugh, that'll eat up a ton of time and effort and that yields zero positive value to your stakeholders. They're asking for actual improvements to the site that they can see, not the switching of invisible building blocks.

That tension propelled the growth of extremely large services like Cloudflare, which consolidated some of these concerns. Lots of sites moved DNS there to get their free CDN service. Cloudflare withstood low-level network attacks that could overwhelm via sheer volume even a firewalled website. Still, the internet never sleeps. Hackers don't seem to sleep much either because they are finding more ways to slide through the protections of these platforms.

The Street Finds Its Own Use For Things

Many of the technological advances in the 2010s that seemed so useful for benevolent purposes like browser automation are also really handy for generating fake traffic that seems real. The capacity to script browsers that we leverage for visual regression testing can also trick a CDN into thinking that fake traffic is real traffic. The street finds its own use for things, as the writer William Gibson once put it.

When the attack is coming in the form of a lot of web browsers making legitimate-seeming requests, the current state of the art is either an expensive WAF solution, which still requires some ongoing maintenance, or an "I'm under attack" mode. That can keep your site up by adding a CAPTCHA test. However, it isn't acceptable for most teams over the long term to leverage a CDN layer, which is supposed to make the site faster while also making the overall experience slower by forcing the real visitors to pass through some kind of virtual security line. Ugh.

The Winning Move Is Not to Play Alone

Back to the same question from earlier. Do you want to be playing this game at all?

I don't personally want to play in the game, so it's key to identify a platform solution that accelerates and eases management by taking whole classes of problems off the table. Any given web team could do the toiling work of updating PHP versions, but the modern sophistication of DDOS has evolved to require a sizable platform WebOps team that can hold the line.

Steve Persch is Director of Developer Experience at Pantheon

The Latest

Businesses that face downtime or outages risk financial and reputational damage, as well as reducing partner, shareholder, and customer trust. One of the major challenges that enterprises face is implementing a robust business continuity plan. What's the solution? The answer may lie in disaster recovery tactics such as truly immutable storage and regular disaster recovery testing ...

IT spending is expected to jump nearly 10% in 2025, and organizations are now facing pressure to manage costs without slowing down critical functions like observability. To meet the challenge, leaders are turning to smarter, more cost effective business strategies. Enter stage right: OpenTelemetry, the missing piece of the puzzle that is no longer just an option but rather a strategic advantage ...

Amidst the threat of cyberhacks and data breaches, companies install several security measures to keep their business safely afloat. These measures aim to protect businesses, employees, and crucial data. Yet, employees perceive them as burdensome. Frustrated with complex logins, slow access, and constant security checks, workers decide to completely bypass all security set-ups ...

Image
Cloudbrink's Personal SASE services provide last-mile acceleration and reduction in latency

In MEAN TIME TO INSIGHT Episode 13, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses hybrid multi-cloud networking strategy ... 

In high-traffic environments, the sheer volume and unpredictable nature of network incidents can quickly overwhelm even the most skilled teams, hindering their ability to react swiftly and effectively, potentially impacting service availability and overall business performance. This is where closed-loop remediation comes into the picture: an IT management concept designed to address the escalating complexity of modern networks ...

In 2025, enterprise workflows are undergoing a seismic shift. Propelled by breakthroughs in generative AI (GenAI), large language models (LLMs), and natural language processing (NLP), a new paradigm is emerging — agentic AI. This technology is not just automating tasks; it's reimagining how organizations make decisions, engage customers, and operate at scale ...

In the early days of the cloud revolution, business leaders perceived cloud services as a means of sidelining IT organizations. IT was too slow, too expensive, or incapable of supporting new technologies. With a team of developers, line of business managers could deploy new applications and services in the cloud. IT has been fighting to retake control ever since. Today, IT is back in the driver's seat, according to new research by Enterprise Management Associates (EMA) ...

In today's fast-paced and increasingly complex network environments, Network Operations Centers (NOCs) are the backbone of ensuring continuous uptime, smooth service delivery, and rapid issue resolution. However, the challenges faced by NOC teams are only growing. In a recent study, 78% state network complexity has grown significantly over the last few years while 84% regularly learn about network issues from users. It is imperative we adopt a new approach to managing today's network experiences ...

Image
Broadcom

From growing reliance on FinOps teams to the increasing attention on artificial intelligence (AI), and software licensing, the Flexera 2025 State of the Cloud Report digs into how organizations are improving cloud spend efficiency, while tackling the complexities of emerging technologies ...

Today, organizations are generating and processing more data than ever before. From training AI models to running complex analytics, massive datasets have become the backbone of innovation. However, as businesses embrace the cloud for its scalability and flexibility, a new challenge arises: managing the soaring costs of storing and processing this data ...

Staying Ahead in the Game of Distributed Denial of Service Attacks

Steve Persch
Pantheon

Too much traffic can crash a website. I learned that hard lesson relatively early in my web development career. Web teams recoil in horror when they realize their own success has crashed their site. Remember when Coinbase spent millions of dollars on a Super Bowl commercial that successfully drove traffic to their site and app? Their infrastructure got run over.

That stampede of traffic is even more horrifying when it's part of a malicious denial of service attack. I count my lucky stars that in my previous jobs of building and running sites I never went head-to-head with a determined attacker. I would have lost. Most web teams would if they were playing the game of Distributed Denial of Service (DDoS) on their own.

These attacks are becoming more common, more sophisticated and increasingly tied to ransomware-style demands. So it's no wonder that the threat of DDoS remains one of the many things that keep IT and marketing leaders up at night.

There's no one easy fix for DDoS attacks. DDoS isn't a bug — it's more like a never-ending game. But to understand the nature of the problem, we need to start from the basics.

Opening Play: Simple Servers Serving Websites

The game can start simple enough. Web teams put websites on the internet with servers. Whether those servers are in a basement office, on some virtual machine, or part of shared hosting, they are largely good enough to send out some HTTP responses.

Now it's the hackers' turn. Even though those servers are intended to only serve HTTP responses, they are still computers on the internet. So they're vulnerable to all kinds of asymmetrical networking attacks that exhaust their resources. How about a UDP flood? Game over.

Add a Firewall

Well, the game is never over. Get a firewall. That can keep out network-level attacks and you can block specific IP addresses. You're winning the game now!

Wait a second … Do you even want to be playing this cat-and-mouse game? While you're thinking about that, the hackers move on to attacking your DNS provider.

Looking for Weak Links

As you're scouring logs and blocking IPs, you're also on the phone with your DNS provider asking what's going on over there. Maybe it's time to switch DNS providers? Ugh, that'll eat up a ton of time and effort and that yields zero positive value to your stakeholders. They're asking for actual improvements to the site that they can see, not the switching of invisible building blocks.

That tension propelled the growth of extremely large services like Cloudflare, which consolidated some of these concerns. Lots of sites moved DNS there to get their free CDN service. Cloudflare withstood low-level network attacks that could overwhelm via sheer volume even a firewalled website. Still, the internet never sleeps. Hackers don't seem to sleep much either because they are finding more ways to slide through the protections of these platforms.

The Street Finds Its Own Use For Things

Many of the technological advances in the 2010s that seemed so useful for benevolent purposes like browser automation are also really handy for generating fake traffic that seems real. The capacity to script browsers that we leverage for visual regression testing can also trick a CDN into thinking that fake traffic is real traffic. The street finds its own use for things, as the writer William Gibson once put it.

When the attack is coming in the form of a lot of web browsers making legitimate-seeming requests, the current state of the art is either an expensive WAF solution, which still requires some ongoing maintenance, or an "I'm under attack" mode. That can keep your site up by adding a CAPTCHA test. However, it isn't acceptable for most teams over the long term to leverage a CDN layer, which is supposed to make the site faster while also making the overall experience slower by forcing the real visitors to pass through some kind of virtual security line. Ugh.

The Winning Move Is Not to Play Alone

Back to the same question from earlier. Do you want to be playing this game at all?

I don't personally want to play in the game, so it's key to identify a platform solution that accelerates and eases management by taking whole classes of problems off the table. Any given web team could do the toiling work of updating PHP versions, but the modern sophistication of DDOS has evolved to require a sizable platform WebOps team that can hold the line.

Steve Persch is Director of Developer Experience at Pantheon

The Latest

Businesses that face downtime or outages risk financial and reputational damage, as well as reducing partner, shareholder, and customer trust. One of the major challenges that enterprises face is implementing a robust business continuity plan. What's the solution? The answer may lie in disaster recovery tactics such as truly immutable storage and regular disaster recovery testing ...

IT spending is expected to jump nearly 10% in 2025, and organizations are now facing pressure to manage costs without slowing down critical functions like observability. To meet the challenge, leaders are turning to smarter, more cost effective business strategies. Enter stage right: OpenTelemetry, the missing piece of the puzzle that is no longer just an option but rather a strategic advantage ...

Amidst the threat of cyberhacks and data breaches, companies install several security measures to keep their business safely afloat. These measures aim to protect businesses, employees, and crucial data. Yet, employees perceive them as burdensome. Frustrated with complex logins, slow access, and constant security checks, workers decide to completely bypass all security set-ups ...

Image
Cloudbrink's Personal SASE services provide last-mile acceleration and reduction in latency

In MEAN TIME TO INSIGHT Episode 13, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses hybrid multi-cloud networking strategy ... 

In high-traffic environments, the sheer volume and unpredictable nature of network incidents can quickly overwhelm even the most skilled teams, hindering their ability to react swiftly and effectively, potentially impacting service availability and overall business performance. This is where closed-loop remediation comes into the picture: an IT management concept designed to address the escalating complexity of modern networks ...

In 2025, enterprise workflows are undergoing a seismic shift. Propelled by breakthroughs in generative AI (GenAI), large language models (LLMs), and natural language processing (NLP), a new paradigm is emerging — agentic AI. This technology is not just automating tasks; it's reimagining how organizations make decisions, engage customers, and operate at scale ...

In the early days of the cloud revolution, business leaders perceived cloud services as a means of sidelining IT organizations. IT was too slow, too expensive, or incapable of supporting new technologies. With a team of developers, line of business managers could deploy new applications and services in the cloud. IT has been fighting to retake control ever since. Today, IT is back in the driver's seat, according to new research by Enterprise Management Associates (EMA) ...

In today's fast-paced and increasingly complex network environments, Network Operations Centers (NOCs) are the backbone of ensuring continuous uptime, smooth service delivery, and rapid issue resolution. However, the challenges faced by NOC teams are only growing. In a recent study, 78% state network complexity has grown significantly over the last few years while 84% regularly learn about network issues from users. It is imperative we adopt a new approach to managing today's network experiences ...

Image
Broadcom

From growing reliance on FinOps teams to the increasing attention on artificial intelligence (AI), and software licensing, the Flexera 2025 State of the Cloud Report digs into how organizations are improving cloud spend efficiency, while tackling the complexities of emerging technologies ...

Today, organizations are generating and processing more data than ever before. From training AI models to running complex analytics, massive datasets have become the backbone of innovation. However, as businesses embrace the cloud for its scalability and flexibility, a new challenge arises: managing the soaring costs of storing and processing this data ...