- Aug 28, 2010
- 1,551
- 204
- 106
A friend of mine has a simple website.
On a shared hosting server.
She uses WordPress. About 8-10k pageviews per day. (Not bad for an amateur).
According to her hosting provider, there was a DDoS attack recently.
They say that the attack was against her website.
Theoretically I know TCP/IP pretty well. But I'm not so familair with HTTP. Nor with the latest practical stuff.
AFAIK DDoS attacks are attacks where IP packets are sent to a specific IP address. If you sent enough packets, the path to the target will become congested. There are/were other variants of DoS attacks where people sent TCP SYN packets, trying to overflow the half-open connection table on the target. Etc, etc.
But AFAIK all those DoS attacks are targeted towards a specific IP address.
Not against a specific website.
So I am wondering how that webhosting-provider can claim the attack was against my friend's website ? I'm pretty sure her website runs on a shared server, where many other small websites are hosted. I don't believe her website has its own IP address. That would be possible if she rented a Virtual Private Server. But she doesn't. In theory, the DoS packets could be HTTP packets with the name/url of her website. But AFAIK all DoS tools target IP addresses, not websites.
I assume that the employee of the hosting provider is just a simple helpdesk worker. Who doesn't know what he's talking about. Or maybe misunderstood his 2nd line collegues.
Still, I'd like to know if I missed something.
Do any of you know a way to determine if a DoS attack is just against a specific IP address ? Or in fact against a specific website on the shared server ? TIA.
On a shared hosting server.
She uses WordPress. About 8-10k pageviews per day. (Not bad for an amateur).
According to her hosting provider, there was a DDoS attack recently.
They say that the attack was against her website.
Theoretically I know TCP/IP pretty well. But I'm not so familair with HTTP. Nor with the latest practical stuff.
AFAIK DDoS attacks are attacks where IP packets are sent to a specific IP address. If you sent enough packets, the path to the target will become congested. There are/were other variants of DoS attacks where people sent TCP SYN packets, trying to overflow the half-open connection table on the target. Etc, etc.
But AFAIK all those DoS attacks are targeted towards a specific IP address.
Not against a specific website.
So I am wondering how that webhosting-provider can claim the attack was against my friend's website ? I'm pretty sure her website runs on a shared server, where many other small websites are hosted. I don't believe her website has its own IP address. That would be possible if she rented a Virtual Private Server. But she doesn't. In theory, the DoS packets could be HTTP packets with the name/url of her website. But AFAIK all DoS tools target IP addresses, not websites.
I assume that the employee of the hosting provider is just a simple helpdesk worker. Who doesn't know what he's talking about. Or maybe misunderstood his 2nd line collegues.
Still, I'd like to know if I missed something.
Do any of you know a way to determine if a DoS attack is just against a specific IP address ? Or in fact against a specific website on the shared server ? TIA.