I recently banned a young hаcker from my forum for posting content that violated our rules. The hаcker was unhappy and threatened to seek revenge. As a result, he launched a real DDoS attack on the forum, which lasted for five days. The site is hosted on a dedicated server running Ubuntu Linux and was bombarded with requests from about 200-800 different IP addresses disguised as users on port 80.

Now that the DDoS attack has stopped, I'm exploring options for preventing it from happening again. Option one is to install a hardware proxy for DDoS filtering, which costs $100 per month from Hostel (Filanko). Another option is to set up a proxy or firewall on my server to collect real-time IP addresses of DDoS attacks and block access from these addresses. I'm also looking for data centers that have affordable DDoS protection for servers that cost no more than $20 per month, in addition to hosting costs up to $50 per month.

I'm also curious if there are any shared hosting services that offer DDoS protection. Lastly, I'm wondering if it's possible to add DDoS protection software to the same computer where the site is hosted. If so, what Linux software tools are available for this purpose?

If a hаcker doesn't gain financially, the attack may not last long. For non-commercial projects, paying $100 for DDoS protection is too expensive, and companies that provide guaranteed protection can be expensive. Two options are available: hosting with DDoS protection or renting a server and setting up firewall protection.

The first option avoids the need for the site owner to manage an attack, but the hosting provider may disable the account in the event of a significant DDoS, and finding a new place becomes necessary. To manage a server, a control panel is required, and a firewall must be installed and configured.

The best choice is a self-protection using firewall, but keep in mind that you'll need and experienced admin for this and configuring a firewall isn't easy

To get started, try a budget solution - move your site to Cloudflare.
There are both free and paid features.
Even serious banks use their solutions.

I do not think that a young hаcker is capable of organizing an attack comparable in power to those that go to banks.

If a website is targeted in an attack and no protection is provided, several measures can be taken. The first step is to ban IP addresses from which the attack originates, which can be found in the logs. Grep is a utility that automates this process, allowing you to identify and block specific elements within a file.

Unfortunately, DDoS attacks can last several days and come from thousands of different IP addresses, making manual blocking extremely difficult. Additionally, attackers may use dynamic IP addresses, making blocking by IP address ineffective.

Geolocation requests can also be blocked but are only effective where traffic is coming from a specific part of the globe. Another option is to block access to a particularly vulnerable section of the website, such as search, if it is not essential. However, these methods are limited in their effectiveness and may cause additional problems. For example, an attacker could use bots to add all available products to their basket, preventing real users from accessing them. Furthermore, even if an attack is ultimately repelled, the website's services may experience downtime while the issue is resolved.

In a nutshell, to improve security, you need to:

1) provide as little information as possible to the attacker;
2) provide as much information as possible to the DDoS defender;
3) provide clear attack filtering capabilities;
4) ensure the reliability of the service under attack.