Started by siyajoshi, Jul 07, 2022, 11:14 PM

Previous topic - Next topic

siyajoshiTopic starter

Are there any methods to deal with DDoS attacks?
The server is powerful, but from a demanding engine with a lot of information (vBulletin) it is very amenable to DDoS...


Depends on what kind of attack, server power, which OS.
Fighting methods:
1. do not anger, do not communicate with hаckers
2. tuning of all services (mysql, apache, nginx, etc.)
3. install nginx fronted.
4. sysctl tuning
5. limits in nignx
6. closing all ports, opening only those needed in the firewall
7. dynamic rules in the firewall, triggered by the number of connections
9. nginx log analyzer for subsequent blocking
10. cutting off unnecessary (if any) traffic on the upstream, for example udp
11. more powerful machine
12. more port to the server
13. proxy machine
14. cloud of proxy machines
15. Combination of different security hardware.


One of the first methods of neutralizing DDoS attacks is to minimize the size of the zone that can be attacked. Such a technique limits the attackers' ability to attack and provides the possibility of creating centralized protection. It is necessary to make sure that access to the application or resources has not been opened for ports, protocols, or applications that are not intended to interact with.
So, minimizing the number of possible points for an attack allows you to focus efforts on neutralizing them. In some cases, that can be achieved by placing your computing resources behind content distribution networks (CDNs) or load balancers and limiting direct Internet traffic to certain parts of your infrastructure, such as database servers. You can also use firewalls or access control lists (ACLs) to control what traffic enters applications.

Scaling plan

The two main elements of neutralizing large-scale DDoS attacks are bandwidth (or transit potential) and server performance sufficient to absorb and neutralize attacks.

Transit potential. When designing applications, you need to make sure that the hosting provider provides excessive Internet connection bandwidth that allows you to handle large amounts of traffic. Since the ultimate goal of DDoS attacks is to affect the availability of resources or applications, it is necessary to place them next not only to end users, but also with large traffic exchange nodes that will easily provide your users with access to the application even with a large volume of web traffic.
Working with Internet applications provides even more opportunities. In that case, you can use content distribution networks (CDNs) and intelligent DNS address translation services, which create an additional layer of network infrastructure to serve content and resolve DNS queries from places that are often located closer to end users.

Server performance. Most DDoS attacks are voluminous and consume a lot of resources, so it is important to be able to quickly increase or decrease the amount of your computing resources.
That can be achieved by using an excessive amount of computing resources or resources with special capabilities, such as more productive network interfaces or improved network configuration, which allows you to support the processing of large volumes of traffic. In addition, appropriate load balancers are often used to constantly monitor and distribute loads between resources and prevent overloading of any one resource.

Information about typical and atypical traffic

Every time an increase in the volume of traffic entering the host is detected, the maximum possible amount of traffic that the host can handle without impairing its availability can be taken as a guideline. This concept is called a speed limit. More advanced security methods, respectively, have additional capabilities and can intelligently accept only traffic that is allowed by analyzing individual packets. To use such tools, it is necessary to determine the characteristics of the good traffic that the target object usually receives, and be able to compare each packet with that standard.