Does a DDoS attack stop when the site goes down?

웹프로모(WebPromo) - 미국 한인 커뮤니티·블로그 플랫폼

계속 진행할 경우 웹프로모의 이용 약관에 동의하고 개인정보 처리방침을 이해하는 것으로 간주됩니다.

또는

Created on 09/14/2025
share Share

New York, New York link

A DDoS attack, or "Distributed Denial of Service," is a method of overwhelming a website with a massive number of access requests from numerous computers at the same time.

In simple terms, it prevents normal users from accessing the site by sending an enormous amount of requests. Servers have a certain processing capacity, and when a sudden influx of requests occurs, they can become overloaded and crash.

The key point here is the word 'distributed.' A site won't collapse just because one person keeps refreshing the page.

However, hackers control zombie PCs and infected IoT devices scattered around the world to launch simultaneous attacks. This is commonly referred to as a botnet, and when this network is mobilized, the scale of the attack can become unimaginable.

The purposes of DDoS attacks vary. Sometimes they are done just for fun, but they can also be used for business reasons to disrupt competitors, to showcase political messages, or as a means of extortion for money.

Recently, there are many cases where they are combined with ransomware, threatening that "the attack will continue unless payment is made."

For the victims, websites slow down or go completely down, leading to a loss of customer trust and significant business losses. To prevent this, methods such as CDN services that distribute traffic, protective networks like Cloudflare, or firewalls and dedicated equipment to absorb or filter attacks are used.

Ultimately, while DDoS attacks may seem technically simple, their destructive power is immense, making them one of the most common and troublesome security threats in the online world.

However, when a site is under a DDoS attack and goes down, the attack itself does not automatically stop.

The attacker simply sends massive traffic to a specific IP or domain, so regardless of whether the server is down or up, they continue to send packets.

Thus, just because the server is down does not mean the attack stops; in fact, it can intensify to the point where recovery becomes difficult.

In reality, there are two scenarios.

First, the attacker may lose interest and stop when the target no longer responds.

Second, if the attacker maintains the attack for monetary gain or to achieve their goal, the attack can continue even if the server is down.

This is precisely why protective services like Cloudflare or AWS Shield are used.

Even if the site goes down, they create a barrier to filter out attack traffic and help restore the server quickly.

In summary, just because the server is down does not mean the attack automatically stops; it continues until the attacker decides to stop or resources are exhausted.

Read in Korean

DISCLAIMERS: This blog post was written by the author and reflects their personal views and opinions. The author bears full responsibility for the content, and WEB PROMO does not guarantee the accuracy, completeness, or reliability of the information provided. WEB PROMO assumes no liability for any outcomes or consequences resulting from the use of this content. In the event that any content—including text, images, or videos—is determined to infringe upon copyright or other legal rights, WEB PROMO reserves the right to remove the content without prior notice.