A café with 15 seats can handle its usual crowd. But if 200 people show up at once, all demanding service simultaneously, the staff gets overwhelmed. Real customers can’t get in. The doors are blocked. Nobody gets coffee.
That’s a DDoS attack. Except instead of people, it’s thousands of fake requests. And instead of a café, it’s your website.
The mechanics: flooding your server with garbage traffic
When someone visits your site, their browser sends a request to your server. The server responds by sending back your homepage, images, whatever’s needed. Normal traffic flows in and out without issue.
A DDoS attack — Distributed Denial of Service — floods your server with so many requests that it can’t tell the real visitors from the fake ones. We’re talking tens of thousands of requests per second, sometimes millions. Your server tries to respond to all of them, burns through its resources, and eventually just stops responding to anyone.
Your site goes down.
The “distributed” part means the attack comes from multiple sources at once. Attackers use botnets — networks of compromised computers, smartphones, IoT devices they’ve infected with malware. Each device sends requests on command. You can’t just block one IP address and call it solved.
Why websites actually crash during attacks
Your server has limits. It can handle X number of simultaneous connections. It has Y amount of bandwidth. It can process Z requests per second.
A DDoS attack deliberately exceeds those limits.
Think of it like RAM on your laptop. Open too many browser tabs and everything slows down. Open 500 tabs and your computer freezes. The server faces the same problem, just at a larger scale.
Some attacks choke your bandwidth — flooding your pipe with so much data that nothing else can squeeze through. Others target your CPU — forcing the server to run expensive database queries over and over until it’s gasping for resources. Your legitimate visitors? They’re stuck waiting behind the wall of garbage traffic.
Common attack types you’ll actually encounter
Volumetric attacks are the blunt instrument. Pure traffic volume. The attacker sends massive amounts of data — could be 300 Gbps or more — to overwhelm your bandwidth. Your server’s internet connection becomes a jammed highway.
Application layer attacks are more surgical. They mimic legitimate user behaviour — requesting pages, submitting forms, searching your site. But they do it thousands of times per second. These attacks are harder to detect because the traffic looks almost normal at first glance.
Protocol attacks exploit weaknesses in how servers handle connections. SYN floods, for example, start thousands of connection requests but never complete them. Your server keeps these half-open connections alive, waiting, until it runs out of capacity for real visitors.
The nastiest attacks combine all three.
Who gets targeted and why
You don’t need to be Amazon to get hit. Small business sites get attacked regularly. Sometimes it’s competitors trying to knock you offline during a sale. Sometimes it’s extortion — pay us or we keep your site down. Sometimes it’s just someone testing their botnet.
Gaming servers and forums get targeted by angry users. E-commerce sites get hit during peak shopping periods. Even personal blogs can become collateral damage when attackers test new methods.
The barrier to entry is low. You can rent a DDoS-for-hire service for $20. You don’t need technical skills. You point it at a target, pay with cryptocurrency, and let it run.
What happens during an attack if you’re unprotected
Your site becomes unreachable. Pages time out. Your email stops working if it’s on the same server. If you’re running an online store, you’re losing sales every minute you’re down.
You call your hosting provider. They might tell you they’ve temporarily suspended your account because the attack is affecting other customers on the same server. Or they tell you to upgrade to a more expensive plan with “mitigation services” that costs 10x what you’re paying now.
Even after the attack stops, recovery isn’t instant. Your server might stay sluggish for hours. Legitimate search engine crawlers might have gotten blocked during the chaos, potentially affecting your rankings.
How protection actually works
DDoS protection sits between the internet and your server. All traffic routes through it first. Think of it as a bouncer who checks IDs before anyone gets near your door. The system watches incoming requests in real-time, separating the legitimate visitors from the bot army.
When attack traffic arrives, the protection layer absorbs it. Your actual server never sees the malicious requests. Real visitors get through normally. The attack is still happening, but your site stays online.
TrentaHost’s infrastructure includes this protection by default on every server. TrentaGuard filters run continuously — no configuration needed, no “attack mode” to manually enable. If your site gets hit with 50 Gbps of attack traffic, the system handles it automatically while you sleep.
The key word is “automatic.” You don’t get a phone call at 3am asking if you want to enable protection. You don’t pay per attack. The filters just work.
The difference between having protection and not
Without protection: Your site goes down. You scramble to figure out what’s happening. You lose revenue. You potentially lose customer trust. You might pay emergency fees to get “premium support” to bring things back online.
With protection: The attack happens. Your site stays up. You might notice unusual traffic in your logs. But your customers never know anything happened.
It’s the difference between your café having security at the door who turns away the mob, versus letting everyone rush in and destroy the place.
What you should look for in hosting
Check if DDoS protection is always-on or something you activate during an attack. Always-on is what you want. By the time you realise you’re under attack and manually enable protection, you’ve already been down for 20 minutes.
Ask about traffic limits. Some providers offer “DDoS protection” but throttle your site after a certain threshold. If an attack exceeds their limits, they either take you offline or charge overage fees.
Find out what happens to your site during mitigation. Some protection methods route traffic through so many checkpoints that your site becomes painfully slow for real visitors. That’s barely better than being down.
TrentaHost’s DDoS-protected servers handle attacks without traffic caps or performance degradation. The protection exists in the network layer itself, not as an add-on service you pay extra for later.
Most site owners never think about what is a DDoS attack until they’re in the middle of one. By then, your options are limited and expensive. The time to consider protection is before you need it — ideally built into your hosting from day one.