I wan to know how to stop a DDoS attack?
But are DDoS attacks something that businesses and government agencies must simply endure, or, can they be more actively resisted?
Please make me clear about these questions.
DDOS will never be something that can be fixed while computers are limited by processing power, perhaps quantum computing many years from will put and end to it.
If someone has the resources and strong intentions, you will go down and their is nothing you can do about it. No amount of DDOS protection or filtering / firewalls can protect against 100,000 + world wide zombies hammering you with 100mps at the same time, you just null route the ip till it stops. Something of that size could even cause the backbone provider big problems.
You can't really prevent DDoS attacks these days. It's best to find a data center or hosting provider which employs traffic scrubbing and other mitigation techniques to have the greatest odds of being adversely affected by a denial of service attack.
Mod_evasive is a well known module. We use to install it for our customers who request for full server hardening. Like I said, it won't do any good if it's a major DDoS attack but it'll help you prevent normal DDoS. https://wiki.atomicorp.com/wiki/index.php/Mod_evasive
There are several ways to mitigate DOS and DDoS attacks. I personally prefer a software solution as opposed to a hardware solution, which costs a lot. There is a service called Cloudflare which will help you avoid DDoS attacks.
They offer a free plan to explore the service. Let me know if you need any assistance.
Nowadays DDoS attacks have become the headlines. It's always better to have a DDoS protected hosting provider. choose your package according to your need it varies from 10mpps to 500mpps. Else CloudFlare is also an option
DDoS can't be prevented these days due to the limitation of computers.The best practice is to start out on a good ground, choose a good hosting provider that has no record of DDOS attack. Get CloudFlare, it's free to protect your site.
You can stop certain attacks like Slow Loris with firewall rules, however when it comes to volumetric attacks a host that offers ddos protection or a 3rd party service is required. Some providers will fine tune the ddos mitigation according to your needs, before buying always make sure that the provider can offer such a service.