Zap Competitions Knowledgebase

What is a DDoS attack? Have I been hacked?

DDoS (distributed denial-of-service) attacks are a common cause of spikes in website traffic connected with malicious bot activity. This is when the attacker uses a collection of different servers across the world to send traffic to the server over and over again until it can’t handle the load and crashes.

If a website has been hacked, it means someone has managed to gain unauthorised access to a server and its data. This is usually done using a virus (malware or trojan), often through an un-patched loophole in an outdated WordPress plugin.

A DDoS attack is not the same as being hacked. The attacker is usually unable to gain access to the server or any secure data from the database.


Common signs of a DDoS attack include…

  • A suspicious amount of traffic from a single IP address or range
  • An influx of traffic from users who share a single behaviour profile (e.g. device type, geolocation, or web browser version)
  • An unexplainable increase in requests to a single page
  • Traffic spikes at odd hours of the day or patterns which appear unnatural (e.g. a spike every 10 minutes.


Your site has several systems in place to combat DDoS attacks. These are…

  • Firewall – this blocks suspicious IP address
  • Web Application Firewall (WAF) – looks for malicious actions performed on the server
  • DDoS Protection – prevents server overloads.
  • Brute force protection – prevents abuse of login forms
  • WordPress level firewal/WAF – additional security at the application level and hardens WordPress security.

We also deploy an additional firewall that sits between the domain name and server, allowing it to intercept any attacks before they are even able reach the server. If you suspect that your site is under attack, please contact a member of the development team.