Recently I removed from my forum a juvenile hаcker who posted materials that violated the rules of the forum.
The hаcker was offended and promised to take revenge.
He organized a real DDOS attack to the forum. The site runs on a dedicated server running Ubuntu Linux.
For 5 days the site was under DDoS and did not work.
From about 200-800 different IP addresses, requests were sent to the server port 80 under the guise of users.
Now ddos ��has stopped, but it can start again.
At the moment I am considering such options for protecting against DDoS.
Hoster (Filanko) offers to install a hardware proxy (separate computer) for DDOS filtering. The price is $100 / month.
Set up on my server some kind of proxy or firewall that will collect a list of IP addresses from which DDOS is coming from in real time and block access from them. Are there similar solutions for Linux?
1) Which data centers can be contacted to host a server with DDOS protection? My forum is not commercial, so I would like to get protection from DDOS at a price of no more than $20 / month + the hosting of the server itself up to $50 / month.
2) Can someone provide shared hosting with DDoS protection?
3) Maybe I can do it without a separate physical proxy server and put protection on the same computer where the site is hosted?
What software tools are there in Linux to protect against DDOS?
If there is no financial benefit for the hаcker, then the attack may not be permanent.
For a non-commercial project, I think paying $100 is too much for protection.
If the company guarantees protection against DDoS, it will not be cheap.
I think there are 2 options:
1. hosting that provides protection against DDoS attacks.
2. rent a server and set up firewall protection yourself.
plus of the first option:
the attack is not your headache, but the hosting provider.
minus of the first option:
with a large ddos, the hoster will disable your account and you will have to look for a new place.
Do you have a control panel on your server?
you need to install and configure a firewall.
The best choice is a self-protection using firewall, but keep in mind that you'll need and experienced admin for this and configuring a firewall isn't easy
To get started, try a budget solution - move your site to Cloudflare (https://www.cloudflare.com/).
There are both free and paid features.
Even serious banks use their solutions.
I do not think that a young hаcker is capable of organizing an attack comparable in power to those that go to banks.
If you have been attacked, and you have not provided any protection for web site, there are several actions that can be taken.
Ban the IP addresses from which the attack is coming. They can be found in the logs.
In order not to block each request manually, you can use grep. This is a utility that allows you to find certain elements in a file and perform simple actions with them: for instance, block.
You will be very lucky if the attack on web site was short. Then you will be able to calculate at once where the "garbage" traffic is coming from and block it.
But such luck is rare. A DDoS attack can last several days and come from thousands of different IP addresses. It is impossible to block them all, even with grep.
Plus, blocking by IP addresses by itself is not very effective in smart attacks. Attackers can use dynamic IP addresses - then no blocking will save.
Block geolocation requests. The method is suitable only if you see that a lot of requests to web site come from a specific point of the globe. For instance, your users live in Eastern Europe, and suddenly a huge amount of traffic came from Africa.
But such luck is rare. Right now, most DDoS attacks are smart, and attackers most likely won't give you that opportunity.
Block a heavy section of web site. The attack may not go to the entire site, but to the most vulnerable part of it, for instance, search. If this is not the most important element of the site, you can simply disable access to it for everyone. Let customers not be able to use the search, but everything else will work.
The disadvantage of this method is that it will be useless for most attacks.
WHY THESE METHODS ARE OFTEN INEFFECTIVE
These methods will help stop some simple types of DDoS attacks. At the same time, they are all designed to repel attacks on servers and will not save you from bots on web site in any way. But they can also cause big problems.
For instance, if you have a limited number of products, an attacker can launch bots that will add all the goods to their baskets, and real users will not be able to buy anything.
In addition, even if you manage to repel the attack, you will spend time solving the problem.
That means that the services will be unavailable for some period.
In a nutshell, to improve security, you need to:
1) provide as little information as possible to the attacker;
2) provide as much information as possible to the DDoS defender;
3) provide clear attack filtering capabilities;
4) ensure the reliability of the service under attack.