DDoS protection

Started by kotowicz, Jul 14, 2022, 04:03 AM

Previous topic - Next topic

kotowiczTopic starter

I recently banned a young hacker from my forum for posting content that violated our rules. The hacker was unhappy and threatened to seek revenge. As a result, he launched a real DDoS attack on the forum, which lasted for five days. The site is hosted on a dedicated server running Ubuntu Linux and was bombarded with requests from about 200-800 different IP addresses disguised as users on port 80.

Now that the DDoS attack has stopped, I'm exploring options for preventing it from happening again. Option one is to install a hardware proxy for DDoS filtering, which costs $100 per month from Hostel (Filanko). Another option is to set up a proxy or firewall on my server to collect real-time IP addresses of DDoS attacks and block access from these addresses. I'm also looking for data centers that have affordable DDoS protection for servers that cost no more than $20 per month, in addition to hosting costs up to $50 per month.

I'm also curious if there are any shared hosting services that offer DDoS protection. Lastly, I'm wondering if it's possible to add DDoS protection software to the same computer where the site is hosted. If so, what Linux software tools are available for this purpose?
  •  

Koza Dereza

If a hacker doesn't gain financially, the attack may not last long. For non-commercial projects, paying $100 for DDoS protection is too expensive, and companies that provide guaranteed protection can be expensive. Two options are available: hosting with DDoS protection or renting a server and setting up firewall protection.

The first option avoids the need for the site owner to manage an attack, but the hosting provider may disable the account in the event of a significant DDoS, and finding a new place becomes necessary. To manage a server, a control panel is required, and a firewall must be installed and configured.
  •  

adm.1.n

The best choice is a self-protection using firewall, but keep in mind that you'll need and experienced admin for this and configuring a firewall isn't easy
  •  

_AnnA_

To get started, try a budget solution - move your site to Cloudflare.
There are both free and paid features.
Even serious banks use their solutions.

I do not think that a young hacker is capable of organizing an attack comparable in power to those that go to banks.
  •  

Chiru

If a website is targeted in an attack and no protection is provided, several measures can be taken. The first step is to ban IP addresses from which the attack originates, which can be found in the logs. Grep is a utility that automates this process, allowing you to identify and block specific elements within a file.

Unfortunately, DDoS attacks can last several days and come from thousands of different IP addresses, making manual blocking extremely difficult. Additionally, attackers may use dynamic IP addresses, making blocking by IP address ineffective.

Geolocation requests can also be blocked but are only effective where traffic is coming from a specific part of the globe. Another option is to block access to a particularly vulnerable section of the website, such as search, if it is not essential. However, these methods are limited in their effectiveness and may cause additional problems. For example, an attacker could use bots to add all available products to their basket, preventing real users from accessing them. Furthermore, even if an attack is ultimately repelled, the website's services may experience downtime while the issue is resolved.
  •  

carleone236

In a nutshell, to improve security, you need to:

1) provide as little information as possible to the attacker;
2) provide as much information as possible to the DDoS defender;
3) provide clear attack filtering capabilities;
4) ensure the reliability of the service under attack.
  •  

xiaolanzhuji

Let's start with the hardware proxy for DDoS filtering. While this option provides robust protection, it comes with a monthly cost. Investing in dedicated DDoS protection can be compared to purchasing insurance – it's a proactive measure to minimize risks.

Setting up a proxy or firewall on your Ubuntu Linux server to collect real-time IP addresses of DDoS attacks is also a smart move. This will allow you to analyze and block malicious traffic more effectively. Implementing this solution may require technical expertise, but it offers greater control over your security measures.

As for data centers with affordable DDoS protection, finding a reliable provider that offers additional protection within your budget is crucial. Prioritize providers who specialize in DDoS mitigation and have a proven track record in handling such attacks.

Exploring shared hosting services with DDoS protection is a good idea, but it's essential to conduct thorough research to ensure that the level of protection meets your forum's needs.

It's absolutely possible to add DDoS protection software to the same computer where the site is hosted. There are several Linux-based DDoS protection tools available, such as Fail2Ban, CSF (ConfigServer Security & Firewall), and ModSecurity. These tools can help strengthen your defenses against DDoS attacks and complement your existing security measures.


Let's dive deeper into the options and strategies available to safeguard your website.

First, let's discuss the hardware proxy for DDoS filtering. This solution involves routing all incoming traffic through a dedicated hardware device designed to filter out malicious requests. While this can be an effective defense against DDoS attacks, it's essential to carefully evaluate the cost and benefits. Hardware-based solutions often provide robust protection but come with a recurring expense.

Setting up a proxy or firewall on your Ubuntu Linux server can be an effective way to collect real-time IP addresses of DDoS attacks. By analyzing incoming traffic and identifying patterns associated with DDoS attacks, you can proactively block malicious requests. However, this approach may require technical expertise to implement and maintain effectively.

In your search for data centers with affordable DDoS protection, it's important to identify providers with a strong track record in mitigating DDoS attacks. Look for data centers that offer scalable DDoS protection services at a cost-effective price point. Prioritize providers who can tailor their protection to suit your specific hosting requirements.

Exploring shared hosting services with DDoS protection is a viable option. Many reputable hosting providers offer DDoS protection as part of their service packages. However, it's crucial to review the level of protection offered and ensure that it aligns with the demands of your forum.

When it comes to adding DDoS protection software to your server, there are several Linux-based tools available. Fail2Ban is a popular choice for blocking suspicious traffic by monitoring log files for signs of malicious activity. Additionally, CSF (ConfigServer Security & Firewall) and ModSecurity provide robust firewall and intrusion detection capabilities, helping fortify your server's defenses against DDoS attacks.

Implementing a combination of these measures can significantly enhance the resilience of your forum against DDoS attacks. As you navigate the landscape of DDoS protection solutions, prioritizing a comprehensive and proactive approach will be key to safeguarding your online platform.
  •