Skip to content ↓ | Skip to navigation ↓

SCENE: A man and a woman stare at a computer screen. They are both visibly stressed. The man is sweating through his shirt. The woman grips a fistful of her own hair.


This DDoS attack is bad. Really bad.


Almost as bad as this DDoS attack script pun.

If only actual DDoS attack scripts could be so anti-climactic. In reality, DDoS attack scripts are the weapon of choice for less-than-skilled hackers looking to cause a lot of trouble with only a little effort. Read on to find out what DDoS attack scripts are, who is using them and why, and what you need to do to protect your website.

DDoS Attack Script Details

DDoS attack scripts are the software that make the execution of DDoS attacks possible. They’re commonly written in PHP, Python and Perl programming languages. If that doesn’t sound like something less-than-skilled hackers could come up with, you’re right. These so-called script kiddies don’t write DDoS attack scripts themselves, rather they take them from social media or online forums where black hat hackers make them available for use.

In the hands of script kiddies, DDoS attack scripts are often used to execute what is technically a DoS attack – a denial of service attack as opposed to a distributed denial of service (DDoS) attack – because the attack is generally only coming from one source instead of multiple sources. Most typically these attacks are aimed at the application layer, stressing specific applications of a website in order to disable those applications and chew up resources that could otherwise be used for website performance. The ultimate goal of an application layer attack is to crash the web server, taking the website offline.

A Tool, But Not a Toolkit

DDoS attack scripts are often confused with DDoS toolkits. According to anti-DDoS service provider Incapsula, DDoS attack scripts and DDoS toolkits are vastly different in both how they’re created and how they’re used.

While DDoS attack scripts are used to directly launch application layer DoS attacks from a single source against a target, DDoS toolkits are used to infect computers and other internet-connected devices with malware in order to build a botnet which will be used to launch a large-scale DDoS attack, most likely against the network layer. Creating and using a DDoS toolkit requires much more expertise, time and resources than using a DDoS attack script. A DDoS attack that results from the use of a DDoS toolkit also typically results in more serious damage than what would come from a DDoS attack script.

dos vs ddos
Main differences between DDoS attack Scripts and DDoS toolkits (Source: Incapsula)

Still a Hideous Threat

Don’t let the previous paragraph dissuade you from taking the DDoS attack script threat seriously. Certainly organizations that are targeted by a professional hacker’s DDoS attack will be left reeling, paying upwards of $40,000 an hour to deal with an unmitigated DDoS attack. These crippling attacks are typically aimed at major websites in industries like finance and online banking – highly competitive industries. But DDoS attack scripts can be devastating in their own right.

If your website doesn’t quite fit the above description, you probably need to be more concerned with script kiddies and the havoc they wreak all over the internet than you need to be with those massive DDoS attacks that make headlines. And because DDoS attack scripts are so widely available and so relatively easy to use, websites need to duck and cover like never before.

A DoS attack stemming from a DDoS script can render your website unavailable to your users. This causes you to not only lose out on the immediate traffic you would’ve gotten if your site were up, but it also results in a loss of trust from users or damaged client relationships. With an infinite number of competitors only a click away, this is damage your website simply can’t afford.

Script kiddies most often do what they do in order to get attention from other hackers. That means they don’t much care who they hit, they just want to take a website down. That means anyone and everyone is a potential target.

Common Script Types

There are a wide variety of DDoS attack scripts floating around the internet. Some of the most tried and true have been in use for years, like the Slowloris, which sends a stream of partial HTTP GET requests to the target server, which opens up more and more connections as it awaits the complete requests, which will never come.

Another common script type is the Low Orbit Ion Cannon (LOIC), which was famously used in an attack on the Church of Scientology (by Anonymous as part of Project Chanology). This script overwhelms a target server with either TCP requests or a UDP flood. The next-gen version of the LOIC is the High Orbit Ion Cannon, which crashes a target server with an HTTP flood.

ion cannon
High Orbit Ion Cannon Gui and website (Source: Wikipedia)

Here’s Your Cue

What you need to do in order to prevent DDoS attack scripts from harming your website is invest in professional DDoS protection.

One of the challenges in protecting against application layer attacks is distinguishing between legitimate traffic and attack traffic, since attack traffic often appears to be legitimate requests. Professional DDoS protection that filters traffic by either deploying a content delivery network in front of your server or by rerouting all traffic to your protection service’s network solves this problem. This advanced filtering inspects traffic at a granular level in order to send legitimate traffic through to your website unfettered while eliminating attack traffic.

More people than ever are capable of launching DDoS or DoS attacks, even those that don’t possess many (or any) actual hacking skills (ahem…Lizard Squad). The perpetrator circle has widened and so too has the potential victim pool. Hoist your website out of it. Lights, camera, DDoS protection.


Ben CampbellAbout the Author: Ben Campbell is an accomplished, experienced freelance writer and web security expert who has featured in a number of high profile publications and websites. If he’s not writing about protecting your website you’ll find him listening to live music or at the coast surfing.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Title image courtesy of ShutterStock