GRIDINSOFT HELP CENTER

DDoS (Distributed Denial of Service): What it is, warning signs, and how to defend fast

What it is

A DDoS attack is a traffic jam on purpose. Thousands of hacked devices (a botnet) or misused services flood your site, app, or API with requests so real users can’t get through. Outages can last minutes—or much longer without a plan.

How it works 

  • Network floods: overwhelm bandwidth (UDP/TCP floods).

  • Protocol tricks: exhaust servers/load balancers (SYN, ACK, ICMP).

  • Application hits: target URLs/APIs that are expensive to serve (HTTP GET/POST).

  • Amplification: abuse open services (DNS/NTP/memcached) to multiply traffic.

Signs you’ll see

  • Site/API is slow or unreachable; timeouts climb

  • Spikes from a few regions or thousands of odd IPs

  • Infrastructure OK, but one URL or endpoint pegged at 100%

Defend smart (before it happens)

  • Use a DDoS-capable CDN/WAF in front of everything public.

  • Turn on rate limiting, challenge pages, and bot filtering.

  • Lock down amplifiers you control (no open resolvers); prefer anycast edge protection.

  • Create an emergency profile: cached pages, maintenance mode, and API allowlists.

If you’re under attack 

  1. Activate DDoS mode on CDN/WAF; raise challenges/rate limits for hot paths.

  2. Block/shape by ASN/geo/signature; throttle or drop obviously bad traffic.

  3. Protect the origin: only allow CDN IPs; increase autoscale limits temporarily.

  4. Communicate: status page and brief updates reduce support load.

  5. Capture evidence: traffic samples and logs help tune long-term rules.

    Helpful?

    Glossary (A-Z)

    Still can’t find an answer?

    Send us a ticket and we will get back to you.

    Submit a ticket