VPS DDoS protection

Started by jainteq, Oct 30, 2022, 01:15 AM

Previous topic - Next topic

jainteqTopic starter

I am looking for one of two options - DDoS protection of an independent server (VPS) or shared hosting
with an integrated VPS protection service.

Now I'm trying (I needed it right urgently) EDGE Center protection, but they have something in my opinion, the traffic is being cut too much (attendance has fallen by 7-10%)
and very, very poor statistics and almost zero settings (you can only turn on/off countries).
Plus, a legal user does not have any captcha verification or something else. It's just that the site is unavailable if it is considered dangerous - this is very bad.
But relatively inexpensive (initial rate).

DDoS Guard seems to be cooler, but expensive - it is already economically unprofitable for me.
Are there any other decent options?

PS: CloudFlare connected during DDoS, configured - they break through, it was too powerful, apparently.
  •  

AuroINS111

To protect your VPS from DDoS attacks, it is important to determine which type of attack it is: HTTP, ICMP,- UDO or SYN flood, and depending on this, decide what measures need to be taken.

HTTP flood is one of the simplest DDoS attacks caused by an attacker, which forces the server to use the maximum possible resources to respond to each HTTP request (GET or POST). To prevent HTTP flooding, you need a properly configured and optimized server.
Choosing between Apache and Nginx, experts prefer the latter, since it is less resource-intensive and more stable. To avoid interference with your site, you can also analyze access logs and write an appropriate pattern based on the results. This will automatically catch bots and ban their requests.

During an ICMP flood, an abnormally large number of ICMP packets (Internet Control Message Protocol) of any type, especially ping, are sent to webserver. To make hosting more reliable, we recommend banning ping - this way you will hide your machine from Internet bots scanning networks.
An attack that involves the repeated sending of SYN (synchronization) packets to each server port using fake IP addresses is called SYN flood.
To protect the web hosting, you should calculate connections in the SYN_RECV state and limit new connections from a specific source for a certain period of time.

You also need to take into account the UDP flood. In this case, the attacker sends a huge number of UDP (User Datagram Protocol) packets to certain or random ports of the remote server, clogging the network channel.
Limiting connections to the DNS server will help protect the server from this kind of attack.
  •  

mike345

Distributed Denial of Service attack (DDoS) is a distributed attack aimed at causing a "denial of service" to the victim object. Unlike a single-threaded DoS attack, it is much more difficult to detect malicious traffic here, since the attacker distributes it, i.e. sends it from different devices. This is dangerous, because their number can reach hundreds of thousands: in September 2022, Google was attacked by a botnet numbering 200,000 bots. The attack was repelled, but this is the exception rather than the rule.
 DDoS usually leads to very disastrous consequences. Imagine that tens of millions of users are accessing one component of your system at a time — just such a number of packets (per second!) it came from a computer network that attacked Yandex servers. Such loads disable equipment, and this is fraught with problems for any business.

Firstly, downtime in the work of commercial Internet projects is always almost direct financial losses. While the online store is not functioning, it does not make a profit, but continues to spend money on maintenance. In addition, the restoration of damaged infrastructure will also require money. Mainly, this problem becomes relevant during peak sales periods.

Secondly, DDoS attacks can be used to cover up other cybercrimes. For example, hаcking a website and stealing confidential information. When the system fails to cope with the load and starts to fail, data leakage is a very likely consequence. This can also include extortion, which we talked about in the previous paragraph.

Thirdly, Internet users are extremely selective and will not turn to a resource that slows down or does not open at all for the second time. Due to DDoS, the company's reputation naturally suffers. And the loss of trust and loyalty of the audience quickly turns into a loss of the market.

Also, a multithreaded attack indirectly affects the work of the support service. If the site is unavailable, visitors masse begin to send complaints via mail or by phone. The burden on support staff is growing, and more and more people remain dissatisfied. But if the collapsed online project collaborated with other businesses and they suffered as a result of the failure, lawsuits will probably be filed against it.
  •