Denial of service (DoS) and distributed denial of service (DDoS) attacks are increasingly common phenomena, used by a variety of actors—from activists to governments—to temporarily or indefinitely prevent a site from functioning efficiently. Often, the attack floods the target with server requests designed to overload its bandwidth, leaving the server unable to respond to legitimate traffic.

Although the owners of major sites often have the resources to protect against such attacks, smaller sites—such as those belonging to small independent media or human rights organizations—are sometimes permanently disabled due to a lack of resources or knowledge.

Defending against a DDoS attack can be prohibitively expensive for all but the best-funded organizations, but there are solutions! This guide aims to assist the owners of such websites by providing advice on choosing an appropriate webhost, as well as a guide to mirroring and backing up their websites so that the content can be made available elsewhere even if their site is taken down by a DoS or DDoS attack.

Acknowledgements

This guide is a collaboration between the Electronic Frontier Foundation and Tactical Technology Collective, originally made possible by The Open Society Foundation.

EFF would like to thank Maria Xynou, who contributed a bulk of the writing to this guide, and Nick Stenning, who offered external feedback.