Just suppose your web hosting company became a target of a large multi Gb/s attack against your servers? Some of your clients’ websites go down on Friday afternoon at 5:00 depending on the region and stay offline for approximately 20 hours. Certain regions are not able to resolve DNS, while other regions resolve normally. Your clients’ reactions range from slightly annoyed to becoming outraged. Most customers are accustomed to your 24/7 support which has been excellent, and do not have the technical sophistication to even know anything about a DDoS attack. How does a company explain the situation in full for all clients, even though some regions are normal, others are slower than normal, and still others are not reachable at all?
Let’s just say the attack was first recognized when network storage was unavailable, and some websites in certain regions slowed to a complete halt. Even though you knew what had happened and maintained the problem was not with the server, specialists had to be called in which took the 20 hours to restore all service.
Attacks raise questions about how quickly clients should be informed about a DDoS attack and what levels of trust customers should place in their providers. Many clients would not notice DNS downtime and would not even have known of an attack.
How much do you tell the clients about a DDoS attack? After all, they want a reason as to why their website was down.
What is a DDoS attack?
Distributed denial of service or DDoS attacks have been around since the beginning of the Internet, and it is the least sophisticated method of targeting a website. Basically, a large number of computers all visit the same web address at the same time and overwhelm the site’s system to view a page thus blocking the site to real visitors. Picture setting up a kissing booth in the nearest supermarket and inviting Brad Pitt; the aisles would be so crowded with women that no one would be able to shop for groceries until Brad left. In other words, DDoS attacks most commonly involve a group of attackers who flood a website with excessive amounts of requests in an effort to prevent it from providing services for regular customers.
Most attacks, fortunately, are short-lived. However, some attacks have brought down entire companies for a period of time including Google, Twitter, and most recently PayPal, as well as government websites.
What customers expect.
Customers show the most respect and become the most loyal when web hosts are honest. DDoS attacks are likely beyond the control of web hosts; certainly the ability to predict an attack.
Clients are entitled to an explanation of what you believe to be the cause of the outage. In any communication, you should explain exactly what you are doing, how you have analyzed and verified the cause of the outage, and what you plan to do to prevent anything similar happening in the future. Customers want to know that you have employed due diligence into securing their websites and assets. Customers want honest and straight talk with maximum transparency. Customers want to know what can be done in the case of another DDoS attack and how they can mitigate any future attacks without service degradation.
Customers also need to know that standard strategies may not be sufficient to prevent network nodes from being flooded and should have the knowledge of mitigation strategies to combat these crimes.
Even though there is no need to get overly technical, customers have the right to know how the attack can be stopped and what provisions could be taken for their future protection.
BlockDos.net deals in DDoS mitigation and provides DDoS protection services for different kinds of websites; one of only a few companies that provides true DDoS protection by setting up firewalls, providing solutions to handling DDoS attacks and employing 24/7 customer support in acute emergencies. Simply explained, in the case of a DDoS attack, BlockDos assigns a new IP, acts as a middleman, cleans and subsequently filters traffic back to the server accordingly.
Looking for answers
There will always be some customers who will leave as a result of this type of event, but most reasonable clients will respond to honest, upfront answers and explanations. It’s just part of doing business that you will meet some people you are never going to please, but if you give your best to every customer, your sincerity and honesty will show through; after all it is all about impressions and perception that attract customers and then retain them. Never forget to apologize and fix the problem. In the end, no customer wants to read a press release that skirts the issue and merely states, “We are experiencing some minor delays in our accessing our service. We hope to have everything resolved shortly.”