Best way to overcome DDoS attacks?

meetdilip

Member
Registered
Joined
Apr 19, 2016
Messages
36
Points
0
What is the best way to survive DDoS attacks ? Do we have to pay for it ? Are there any free methods available ?
 

Chris Worner

Well-known member
Registered
Joined
Apr 15, 2016
Messages
612
Points
28
What is the best way to survive DDoS attacks ? Do we have to pay for it ? Are there any free methods available ?
As my experience, if you want a free method to anti DDOS, you should go with a CDN like cloudfare, maxcdn

Otherwise you should contact your hosting provider for support and they can provide you a best way to anti ddos attacks
 

meetdilip

Member
Registered
Joined
Apr 19, 2016
Messages
36
Points
0
Thanks for the reply. Can we just depend on our hosting provider and still be safe from DDoS attacks ? How to know whether your host supports protection from DDOS ?
 

RDO Servers

Well-known member
Registered
Joined
Apr 3, 2015
Messages
1,027
Points
83
RDO Servers
The only way to know for sure is to ask them. Also be sure to ask what level of DDoS protection they can provide. Some advertise "DDoS Protected", but only provide protection up to 2Gbps, which is a pretty small attack!
 

Mihai B.

Well-known member
Registered
Joined
Apr 19, 2016
Messages
243
Points
18
Mihai B.
Could you please explain what is the difference between 2Gbps and 10Gbps? Gbps is billions of bits per second or Giga bits per second?
 

macklong

Active member
Registered
Joined
Jun 17, 2016
Messages
67
Points
0
macklong
The attacker speed metered by Gbps. it depends on attacker what computer speed he got! 2Gbps or 10Gbps.

Giga bits per second.
 

RDO Servers

Well-known member
Registered
Joined
Apr 3, 2015
Messages
1,027
Points
83
RDO Servers
Actually, it has nothing to do with the speed of the attackers computer.

A DDoS (Distributed Denial of Service) uses many computers/servers to attack a single server. The speed of the attack depends on the number of servers being used, and the combined throughput.

i.e
10 servers, each with a 100Mbps port speed = 1Gbps attack
40 servers, each with a 100Mbps port speed = 4Gbps attack
5 servers, each with a 1Gbps port speed = 5Gbps attack
20 servers, each with a 1Gbps port speed = 20Gbps attack

There are MANY different types of DDoS attacks, but this should give you a general idea of what the speed rating of an attack means.

Defeating DDoS attacks is difficult task.
 

macklong

Active member
Registered
Joined
Jun 17, 2016
Messages
67
Points
0
macklong
That's the basic attack you are talking about. that's so 80's !

I was saying..

i.e.
I have 1Gbps port speed 1 server which act like 100 computers with 1Gbps connection avg. = Impact you 10Gbps Attack.

now think I have 10Gbps server. Then how big my attack could be?

There are lik 25 types of ddos attack we are researching one. And when we thought about ddos protection we are prepare for all kinds of attacks. :)

I'm just giving you the idea how big an ddos attack could be.. not to scare you!

Well, good DDoS protection filter the traffic and then work against the attack. :) it's complicated@!
 

RDO Servers

Well-known member
Registered
Joined
Apr 3, 2015
Messages
1,027
Points
83
RDO Servers
It does not matter what the server is "acting like". 1 server with a 1 Gbps port, cannot push traffic at 10Gbps.

A DDoS attack is distributed, meaning it comes from multiple sources, not just one server.
 

meetdilip

Member
Registered
Joined
Apr 19, 2016
Messages
36
Points
0
How are DDoS attacks rated ? What does it mean by protection upto 2 Gbps ? How much rating we should ask for ?
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
A DDoS attack is distributed, meaning it comes from multiple sources, not just one server.
Right RDO, the DDoS overload the server with a huge amount of small files. More files it can send, more your server will be slow. And when you see there are around the world thousands of computer or servers, with VNC installed and without a password to access, you understand why DDoS is so easy. Get zombie is not a "hacker" skill.
 

Marc A

Well-known member
Registered
Joined
Jun 14, 2016
Messages
125
Points
18
I've gotten DDoS and all I did was just wait for my website to come back. Not really tough, but it is illegal :p
 

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,510
Points
63
David Beroff
Yes it can be applied for small websites but if you are having a big with with more visitors and earning money good with it then you will know why you need a DDOS protection service. :)
 

Luxin Host

Well-known member
Registered
Joined
Jun 26, 2016
Messages
543
Points
43
@meetdilip
the best way is of course not the free way however the free ways are very effective for small websites.
I highly suggest cloudflare as a free DDOS protection service.
Also it is recommended that you purchase hosting with a company whom has DDOS protection and good firewalls in place.

There are many paid services which offer Strong DDOS protection however you would not need those unless you have a very popular website or game server.
 

fwh

Administrator
Staff Member
Joined
Dec 8, 2012
Messages
773
Points
63
fwh
I also checked this and it appeared as a redirected page to your web pages when you enable DDOS protection on Clouflare. I suppose it will affect to search engines for websites so it can not be good for websites, although can be effective in protecting from DDOS.

What about IP DDOS filter and DDSO service that already integrated into hosting packages? can we trust these as a good solution for DDOS protection?
 

Luxin Host

Well-known member
Registered
Joined
Jun 26, 2016
Messages
543
Points
43
Luxin Host
not the best with cloudflare however i believe Yes, the redirection does have its down side however I see it as a price that comes with getting such good free service.
I am not 100% sure however Believe that IP DDOS filter is accessible via cloudflare.
By integrated DDOS service I mean your hosting provider, providing you with DDOS protection. E.g. we ahve 20Gbps DDOS protection on shared hosting plans.
for a small website, yes you can as simply there arent many better options (in my opinion). However for a large website which has good profit, it is ideal to purchase Dedicated DDOS protection which can be expensive.
 

RDO Servers

Well-known member
Registered
Joined
Apr 3, 2015
Messages
1,027
Points
83
RDO Servers
Cloudflare works as a reverse proxy which is not the same as a redirection. I don't believe there is any negative SEO effects to using Cloudflare.
Over 2 million websites use Cloudflare including Reddit, eHarmony, oDesk, MIT, SEO.com, and many others.
Why would search engine penalize these websites for using a CDN to inrease their speed?

As far as ways to mitigate a DDoS attack, there are a couple option.
- Reverse proxy service like Cloudflare, Incapsula, X4b.net. Traffic is directed to these remote servers, then their servers request the data from your server.
- Tunneled solution. Some remote DDoS protection providers also offer the option to setup a GRE tunnel from their server to yours. If done correctly, then eliminates (or at least greatly decreases) the chance of someone bypassing the remote server and attacking your server directly. (Most hosting providers use one of these 2 methods)
- In house protection. This is the best, but most expensive method. This involves dedicated DDoS mitigation hardware on site, filtering traffic as it comes in. These devices cost hundreds of thousands of dollars, plus you have to have very large amounts of transit coming into the datacenter so that an attack does not saturate the transit lines.
 

fwh

Administrator
Staff Member
Joined
Dec 8, 2012
Messages
773
Points
63
fwh
If this is true then I am sure Cloudflare has ignored spiders from search engines to verify at that step on their DDOS protection tool

They only show that page to Suspect IP addresses so it could not affect rankings for any sites using this service. I just thought this and guessed that. It also can use other ways to filter IPs attacking sites.
 

RDO Servers

Well-known member
Registered
Joined
Apr 3, 2015
Messages
1,027
Points
83

showcrit

Member
Registered
Joined
Jul 18, 2016
Messages
16
Points
0
Summing up, is CloudFare a good choice to overcome DDoS attacks?
 

Luxin Host

Well-known member
Registered
Joined
Jun 26, 2016
Messages
543
Points
43
Luxin Host
yes but not your only choice. (upgrading your CloudFlare can really help with very large DDOS attacks)
What ive seen done a lot is using the massive OVH DDOS protection as a DDOS protection for a website that is not hosted on OVH.
 

AlbaHost

Well-known member
Moderator
Hosting Provider
Joined
Jan 18, 2017
Messages
818
Points
43
AlbaHost
Ovh does not provide ddos protection for website a.k.a layer 7, so if someone is using ovh to protect their website, they might be wrong. Ovh has one of the best ddos protection for networking like layer 3,4 etc but not the layer 7 which is specified for websites nor http server.
 

AlbaHost

Well-known member
Moderator
Hosting Provider
Joined
Jan 18, 2017
Messages
818
Points
43
AlbaHost
Many ppls use cloudflare to speedup their site due for cdn, others use cf to hide their original ip address from attackers. CF has great ddos protection for a website, but you need to know that CF is just cdn and not a hosting provider. So if a attacker get your original server ip he/she will ddos direct your servers ip which cloudflare is useless in this case. Also i would recommend cloudflare to protect and hide your servers ip. Otherwise get a corero ddos protection, we are using corero ddos protection which has been great from all ddos attacks tcp and udp.
 
Last edited:

CrazeHostBee

Member
Registered
Joined
Jul 2, 2016
Messages
17
Points
3
Defeating a DDoS attack is not an easy task. It requires experience in technology and understanding the concept. Most ddos protection providers have software and hardware firewalls working in conjunction to stop these attacks from reaching your server.

Attack speed (10gbps attack etc) may not matter if you website have other security flaws. There are various types of ddos attack like some effect on application layer while some effect on network.

For starters, try cloudflare service as it is easier to setup and maintain. Keep in mind not every provider can block every type of attack.

Highly recommended services after cloudflare would be incapsula, black lotus, imperva, bitninja, blockdos etc.
 

borisdavenport

New member
Registered
Joined
May 12, 2016
Messages
4
Points
0
hardware firewalls are best and effective against DDOS, I am not that much supportive to the services of cloudflare, but it will work greatly for mid rage traffic. I heard some issues regarding Cloudflare on our page rank. Hope this one helps here.

What is the best way to survive DDoS attacks ? Do we have to pay for it ? Are there any free methods available ?
Prevention is better than cure, I refer you to go through this article regarding DDOS from NCI
You can easily implement some simple steps like limiting router to prevent the web server from being overloaded and adding custom packet filters.
To make sure that company operations aren't affected in the event of DDOS attack try to avoid sharing the same server for hosting website and Company data.
You can implement different methods depending upon your priority of business through online.
If you are having an online payment system which is critical to your business , I recommend you should go with a premium protection service. We can easily implement an early DDOS detection system by motoring our traffic and comparing it with previous logs like. A sudden spike in traffic is one of the major signs of DDOS.
 

michal_novacek

New member
Registered
Joined
Oct 10, 2016
Messages
14
Points
0
What is the best way to survive DDoS attacks ? Do we have to pay for it ? Are there any free methods available ?
There is no universal DDOS protection on market. There are so many types of DDOS attacks. There are hw elements which can filter DDOS (I think that OVH has got some of them) and also there are SW filters, which I find out not too usefull (why? The best way to filter DDOS is to do it manually - by hosting provider or your network admin. If you do it manully you'll find a unique pattern of DDOS which most of DDOS are unique). Even though I would recommend you to set up some (eg. CSF).

PS: Despite the OVH have a HW DDOS they experienced a brutal 1Tbps DDOS (find out more @ https://twitter.com/olesovhcom/status/778830571677978624) so it corresponds with what I wrote above > that there is no universal protection against DDOS attacks.
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
VirtuBox
Yes they experienced up to 1Tbps DDoS from IP cameras few weeks ago. But they have 3Tbps available for that :dancing2:
 

EpicGlobalWeb

Well-known member
Registered
Joined
Jan 24, 2016
Messages
180
Points
0
EpicGlobalWeb
I was pretty sure of this and was talking about it on another thread I wrote on how there is virtually no recourse for a DDoS attack, particularly if it was administered through a large botnet and sheltered again through vpn services or even Tor. Even if you can prevent it, it's even more difficult to catch the attacker, and nearly impossible to prosecute them, which means that there is no way to prevent the same attacker coming back.

Best bet is to allocate some resources to "absorb" some of the attack and manually deny the IP addresses of large and repetitive packet requests.

The challenge is sorting through legitimate traffic and illegitimate traffic. Some automated systems can assist you but like Michal said, there's little recourse against large scale attacks.

An example is when Anonymous took down PayPal, the FBI website, the CIA website, and similar.
 

Nixtree

Well-known member
Registered
Joined
Jul 16, 2016
Messages
133
Points
28
For small Attacks, Cloudflare will do the job but if the attack is large and huge, then Hardware firewall will be the only hope and that too the capacity depends regarding how much large attack it can hold and that you need to clarify with your own datacenter as it can be different for each data center.

Cloudflare is a good one and I will suggest the same for small attacks
 

Joshua

New member
Registered
Joined
Oct 16, 2018
Messages
4
Points
1
Definitely a hardware device that protects DDoS. Some software firewalls can be used to prevent it to some extent but not fully supported. Thank you.
 

Marcus_SM

Member
Hosting Provider
Registered
Joined
Apr 6, 2018
Messages
53
Points
8
What is the best way to survive DDoS attacks ? Do we have to pay for it ? Are there any free methods available ?
There's a number of hosting offers, both virtual and bare metal, with DDoS protection offered as a free add-on. However, there's always a cap and if the attack exceeds the free inlcuded GbpS or PpS limit, you may be asked to pay extra.
 
Older Threads
Replies
3
Views
3,477
Replies
5
Views
5,630
Replies
0
Views
2,380
Replies
4
Views
3,568
Newer Threads
Replies
5
Views
4,617
Replies
2
Views
2,558
Replies
84
Views
51,839

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top