DDoS Protection Methods

DDoS (Distributed Denial of Service) attacks can target your servers and disrupt your services. In this guide, we'll explain in detail how to protect your servers against DDoS attacks.

What is DDoS?

A DDoS attack is a type of cyber attack that aims to make your server or network unavailable through intense traffic from multiple sources. Attackers use networks of infected computers called botnets to overload the target server.

Types of DDoS Attacks

1. Volumetric Attacks

These attacks exhaust your bandwidth, making the system unusable.

2. Protocol Attacks

These attacks target server resources or intermediate hardware (firewall, load balancer).

3. Application Layer Attacks

These attacks target your web application and consume server resources.

Basic Protection Methods

1. Firewall Configuration

A well-configured firewall is your first line of defense:

Basic protection with UFW

sudo ufw default deny incoming

sudo ufw default allow outgoing

sudo ufw allow ssh

sudo ufw allow http

sudo ufw allow https

sudo ufw enable

2. Rate Limiting

Rate limiting example with Nginx:

http {

limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

server {

location / {

limit_req zone=one burst=5;

}

}

}

3. SYN Cookies

Protection against SYN flood attacks:

Enable SYN cookies

sudo sysctl -w net.ipv4.tcp_syncookies=1

Make it permanent

echo "net.ipv4.tcp_syncookies=1" | sudo tee -a /etc/sysctl.conf

Advanced Protection

1. Cloudflare or CDN Usage

CDN services reduce the impact by distributing DDoS attacks:

2. Fail2ban Configuration

Automatic IP blocking with Fail2ban:

Install Fail2ban

sudo apt install fail2ban

Configuration

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

sudo nano /etc/fail2ban/jail.local

jail.local example:

[DEFAULT]

bantime = 3600

findtime = 600

maxretry = 5

[sshd]

enabled = true

port = ssh

logpath = /var/log/auth.log

[nginx-limit-req]

enabled = true

port = http,https

logpath = /var/log/nginx/error.log

3. Traffic Monitoring

Real-time traffic monitoring:

Monitor network traffic with iftop

sudo apt install iftop

sudo iftop -i eth0

Monitor connections with netstat

netstat -an | grep :80 | wc -l

Adahost DDoS Protection Service

At Adahost, we offer professional DDoS protection services to our customers:

Features

How It Works?

1. **Traffic Analysis**: All incoming traffic is analyzed in real-time

2. **Threat Detection**: Abnormal traffic patterns are detected

3. **Automatic Filtering**: Attack traffic is automatically blocked

4. **Clean Traffic**: Only legitimate traffic reaches your server

What to Do During an Attack

1. Identify the Situation

Check CPU and memory usage

top

Check network connections

netstat -an | grep :80 | wc -l

Check log files

tail -f /var/log/nginx/access.log

2. Emergency Measures

Block suspicious IPs

sudo iptables -A INPUT -s SUSPICIOUS_IP -j DROP

Tighten rate limiting

Lower the rate value in nginx.conf

3. Get Support

In professional DDoS attacks, getting support from your hosting provider is critical. Adahost technical support team is available 24/7.

Preventive Measures

1. Infrastructure Preparation

2. Application Security

3. Monitoring and Alerting

Conclusion

DDoS attacks are serious threats but their impact can be minimized with proper measures. A combination of basic security configurations, professional DDoS protection services, and continuous monitoring can keep your servers safe.

At Adahost, we offer professional DDoS protection service on all our servers. Our customers can activate DDoS protection via the panel and monitor attack statistics in real-time.

The security of your servers is our priority. Our 24/7 technical support team is at your service for any questions or support needs.