# Need DDoS Protection on my Website



## WebTech Hosts (Dec 31, 2014)

Hi Guys,

Recommendations for affordable DDoS protection for websites - multiple domains.

Needs to be good.

Thanks,

Kyle


----------



## MannDude (Dec 31, 2014)

Hey Kyle. Check out:


----------



## Nett (Dec 31, 2014)

BuyVM


----------



## WebTech Hosts (Dec 31, 2014)

I think you have misunderstood me - I have a managed VPS that I am quite happy with - but i require DDoS protection from an outside source.


----------



## Nett (Dec 31, 2014)

CloudFlare?


----------



## Munzy (Dec 31, 2014)

Nginx proxy on the buyvm vm to your managed server?


----------



## Joshua-Epic (Dec 31, 2014)

Cloudflare is pretty solid if you want to spend the extra $$


----------



## Francisco (Jan 1, 2015)

We do managed plans in the list prices.

cPanel would be $12/month more, filtered IP is $3.00/month.

A GRE would be possible and is easy enough to configure with cPanel.

Let me know,

Francisco


----------



## HalfEatenPie (Jan 1, 2015)

WebTech Hosts said:


> I think you have misunderstood me - I have a managed VPS that I am quite happy with - but i require DDoS protection from an outside source.


X4B is also available in addition to the recommendations above.

But you can also just do a GRE Tunnel from a BuyVM or RamNode VPS to your Managed server very easily.


----------



## RTGHM (Jan 1, 2015)

Where's your server located? If it's out by Moldova/Romania then voxility is good.


----------



## ModyDev (Jan 1, 2015)

WebTech Hosts said:


> I think you have misunderstood me - I have a managed VPS that I am quite happy with - but i require DDoS protection from an outside source.


I recommend you to use lighttpd or hiawatha-webserver and tweak it to stand layer7 attacks.

Also Cloudflare and Cloudlayer are good as outside source.


----------



## AlphaNine_Vini (Jan 1, 2015)

You can make custom script or use cloudflare or  use a plugin if you are running website on a CMS. I would recommend to apply captcha at your registration and login pages. Nginx is a good alternative to make your website fast.


----------



## RTGHM (Jan 1, 2015)

AlphaNine_Vini said:


> You can make custom script or use cloudflare or  use a plugin if you are running website on a CMS. I would recommend to apply captcha at your registration and login pages. Nginx is a good alternative to make your website fast.


How in gods name will nginx stop someone flooding the pipe with a ton of garbage?


----------



## raindog308 (Jan 1, 2015)

Coincidentally, I just blogged about this today:

https://raindog308.com/where-is-ddos-protection-in-premium-hosting/

tl;dr: I am surprised the premium managed VPS providers such as KnownHost/WiredTree, have not offered DDOS protection as an add-on offering.  Especially since so many budget providers (BuyVM, Ramnode, SecureDragon) do.


----------



## eva2000 (Jan 1, 2015)

raindog308 said:


> Coincidentally, I just blogged about this today:
> 
> https://raindog308.com/where-is-ddos-protection-in-premium-hosting/
> 
> tl;dr: I am surprised the premium managed VPS providers such as KnownHost/WiredTree, have not offered DDOS protection as an add-on offering.  Especially since so many budget providers (BuyVM, Ramnode, SecureDragon) do.


i think it's just a matter of when and not if they will have such 

and what about SLA and stuff with higher end hosts ? some would have greater responsibility and liability in case of downtime compared to low end web hosts ?


----------



## Francisco (Jan 1, 2015)

raindog308 said:


> Coincidentally, I just blogged about this today:
> 
> https://raindog308.com/where-is-ddos-protection-in-premium-hosting/
> 
> tl;dr: I am surprised the premium managed VPS providers such as KnownHost/WiredTree, have not offered DDOS protection as an add-on offering.  Especially since so many budget providers (BuyVM, Ramnode, SecureDragon) do.


We expect to have our fully managed cPanel plans out on the market in the next couple weeks. All of our current 256MB+ plans will also be fully managed w/o a price hike and cPanel plans will be starting at $25/m for 1G/1G.

Does that put us in the premium bracket or do we have to triple the price too? 

Francisco


----------



## lbft (Jan 1, 2015)

raindog308 said:


> tl;dr: I am surprised the premium managed VPS providers such as KnownHost/WiredTree, have not offered DDOS protection as an add-on offering.  Especially since so many budget providers (BuyVM, Ramnode, SecureDragon) do.


Some companies see DDoS as something that happens to 'difficult' clients - clients that they don't want. Of course with the rise of DDoS extortion/protection rackets, cheap booters usable by any disgruntled 14 year old with mommy's credit card, and scumbags throwing attacks at their competitors, it's no longer only skids that get attacked.

The unfortunate thing is that things are unlikely to change until DDoS becomes more commonplace and it is no longer possible to pretend that it doesn't harm legitimate customers.


----------



## Nett (Jan 1, 2015)

Francisco said:


> We expect to have our fully managed cPanel plans out on the market in the next couple weeks. All of our current 256MB+ plans will also be fully managed w/o a price hike and cPanel plans will be starting at $25/m for 1G/1G.
> 
> 
> Does that put us in the premium bracket or do we have to triple the price too?
> ...


Does that mean my 512MB VPS will have management for free?


----------



## DomainBop (Jan 1, 2015)

AlphaNine_Vini said:


> You can make custom script or use cloudflare or  use a plugin if you are running website on a CMS. I would recommend to apply captcha at your registration and login pages. Nginx is a good alternative to make your website fast.


Interesting, so a custom script,  or a Wordpress or CMS plugin, or captcha on registration and login pages, or Nginx will help prevent or mitigate a DDoS attack.


----------



## ModyDev (Jan 1, 2015)

setting keep-alive to 0 will reduce the amount of load on the server , blocking bad or unknown user-agents and setting low max request size will help.

Here is my lighttpd config


server.even-handler = "linux-sysepoll"
server.network-backend = "writev"
status.status-url ="/server-status"
server.max-fds = 9096
server.max-keep-alive-idle =0
server.max-keep-alive-requests=0
server.max-request-size=10
server.max-write-idle=15

Here [i own this domain ] you can see Lighttpd standing on a medium layer7 attack.

I hope this config helps you ,

Regards.


----------



## splitice (Jan 2, 2015)

@ Looking at the attack you have just a bunch of open connections, i.e likely a Layer 4 connection flood. Event based web servers are great for resolving Layer 4 floods against a HTTP Server (Layer 7 server). However you still need the ram (nginx 4-32kb per connection) to track the connection, so keep that in mind.

Layer 7 attacks can be quite complex to mitigate compared to Layer 4 attacks. For example. here is a non-exhaustive list of common types:


HTTP Reflection: a Joomla / Wordpress Reflection (large numbers of compromised / insecure software) attack
Flooding: HTTP (GET|POST|HEAD|OPTION) flooding
Dynamic: Dynamic attack (i.e with cache busting ?=/d+ or crawl based urls)
Resource Inclusion: Iframe, AJAX or Image resource inclusion attack
Semantic: Range resource exhaustion, long form names, large numbers of PHP arrays etc.
Slow Client: Slow POST, Slow client header. Attack types like Slowloris etc.
Its not exhaustive either, and already out of date but earlier this year we built this table if you want some more information - https://www.x4b.net/kb/CategoriesOfAttack


----------



## Francisco (Jan 2, 2015)

Nett said:


> Does that mean my 512MB VPS will have management for free?


Yes sir.

Francisco


----------



## Nett (Jan 2, 2015)

Francisco said:


> Yes sir.
> 
> 
> Francisco


Sounds good! Hoping it's not GVH style because it's simply too good to be true.


----------



## Francisco (Jan 2, 2015)

Nett said:


> Sounds good! Hoping it's not GVH style because it's simply top good to be true.


It'll be better than it is now since we're bringing on a lot more people starting next week  We'll be 24/5 and working on getting the weekends fully covered as well.

We hired a dedicated marketing/sales person to take over that for us, leaving Aldryic & I to handle support, billing, & development as we come up with new ideas. The first chunk of this year is going to be getting the websites done, Jersey upgrades in place, & pushing hard on fixing our documentation.

We've been promising new & awesome things for the past 6 months or so and this is (along side the anycast stuff) it 

Francisco


----------



## ModyDev (Jan 2, 2015)

@splitice the attack was wordpress pingback(xmlrpc)  and lighttpd was dropping it so fast.


----------

