The Danger of Application Layer DoS Attacks
I host a website on a cheap $5 IaaS hosting service without a CDN.
An actor with a higher bandwidth internet connection could try to overload my webserver with recursively downloading some data with wget/curl/lynx until my server crashes/stops responding in general due to Denial of Service.
Is application layer DoS dangerous?
A site which does not scale well is of course in danger to be easily made unavailable (denial of service) by an attacker. But it does not matter a lot if this is application layer DoS or bandwidth based DoS – it’s just that the site cannot deal with it. And it is irrelevant what tools are actually used, i.e. GUI tools, command line tools, self-made scripts etc – all what matters is the result.
Could a single attacker without access to some botnet or larger amount of computing power do this – unlikely, unless your system has a really small performance or bandwidth or if each requests causes lots of work in your server, like expensive database lookups. But, it is usually easy and cheap for a determined attacker to get access to botnets or more computing power.
Am I fearing for nothing?
Is this is an actual problem for you – it depends. If the site is relevant for running a business then it can financially hurt a lot if the site gets unavailable. If the site is only for your own fun then such attacks might be annoying for you, but don’t cause real harm.