I'm currently exploring two options for safeguarding my website against DDoS attacks - either protecting an independent server (VPS) or opting for webhosting which includes VPS protection services.

At the moment, I'm trying out EDGE Center Protection due to its expeditious requirement. However, in my opinion, it's cutting down too much traffic and subsequently causing a drop in attendance by 5-15%. Additionally, it has poor statistics and almost non-existent settings. The only option available is to turn on/off countries. Furthermore, legitimate users don't have to complete any captcha verification which is worrisome because if the website is considered dangerous, it becomes unavailable. Though the initial tariff is relatively cheap.

DDoS Guard appears to be superior but the cost is high and economically unviable for me. So, I'm wondering if there are any other suitable alternatives.

PS: I used CloudFlare during a DDoS attack and implemented proper configuration, but the attackers were still able to penetrate it. This suggests that the attack was exceptionally strong.

Based on your description, I'm unsure about the specifics of your situation. However, I myself was attacked regularly (twice a week) from various subnets - the bulk originating from the USA and some from China.

To counter this issue, I created a simple script that analyzed apache logs several times per minute. The script helped me identify unnecessary activity and requested that those responsible be banned swiftly. Eventually, the attackers figured out that their approaches were no longer working and they began to change tactics. Although it was quite basic, it worked efficiently since the attackers were not targeting me specifically but rather many websites in general. Consequently, it was a straightforward and resource-friendly method of resolving the issue. Initially, the attack appeared to be a powerful force, as it took out a 20 MBit channel which made it impossible for me to reach the server.

If you are interested, I can share the script as well as the details with you.

Provided below is a comprehensive list of tools that were beneficial in combating DDoS attacks. Although we do not aim to advertise these tools, it seems unnecessary to conceal their names.

Qrator filtering system: assisted significantly in resolving the problem

Iptables firewall: very effective in blocking traffic, works efficiently when used with a DDoS filter

Basic DDoS protection from Selectel: either didn't help or we failed to recognize its usefulness

DDoS protection from Cloudflare: appeared to provide advantages, but it wasn't suitable for our specific needs

ngx_http_geoip_module module: beneficial for accurately identifying the location of attackers

The appropriate course of action depends on the attack's strength and duration. If there are sufficient resources available and the attack isn't impacting website stability, it can be overlooked. However, if the site remains inactive for an extended period, it is recommended to establish a filtering system.

Regarding EDGE Center Protection, it's concerning that it's causing a drop in website attendance. It's crucial to find a balance between security and user accessibility. Cutting down legitimate traffic by 5-15% is definitely a significant impact on your website's performance. The lack of granular settings and the limited option to turn on/off countries makes it difficult to tailor the protection to your specific needs. The fact that legitimate users don't have to complete any captcha verification raises concerns about the effectiveness of the service.

Moving on to DDoS Guard, it's understandable that the higher cost is a deterrent, especially if it's economically unviable for you at the moment. However, it's worth considering the trade-off between cost and the level of protection provided. If DDoS Guard offers superior protection and a more comprehensive set of features, it might be worth revisiting your budget to see if there's room for investment in stronger security measures.

Considering your experience with CloudFlare, it's evident that even well-configured protection can struggle against exceptionally strong DDoS attacks. This highlights the importance of having robust and scalable protection in place.

In terms of alternatives, it may be beneficial to explore other DDoS protection services that offer a good balance between effectiveness and cost. Additionally, consulting with cybersecurity experts or seeking recommendations from industry peers could provide valuable insights into other suitable alternatives that meet your specific requirements.
Finding the right DDoS protection solution is crucial for maintaining the availability and security of your website. It's essential to weigh the pros and cons of each option and make an informed decision based on your unique circumstances and security needs.