How do you prevent server from DDoS

[ICPH]

Hi, which steps do you recommend to protect openvz / kvm / xen host server (node for vps reselling) from denial of service attacks or similar abuse?

in my case install:

- fail2ban with basic ssh prevention (im yet unsure if there is any tutorial with good rules fitting to vps node servers)

- ddos deflate (from medialayer.com)

- nodewatch (from vpsantiabuse.com)

- change ssh server port to non standard one

Thank you

 

[sv01]

since DDOS from outside network you fail2ban, ddos deflate or anything else won't work. Setup your own firewall hardware and upgrade to bigger network upstream.

 

[Munzy]

Please define what you mean by "prevent"?

 

[Francisco]

syncookies can help you with very very small stuff but past that you'll need actual filtering or a datacenter with some kind of autonull to ride things out for you.

- fail2ban would help stop containers from getting rooted but that'd have to be installed inside each VPS.

- ddos-deflate is again on a per VPS basis and it just blocks single IP's making many connections - it doesn't

help with any sort of volumetric floods or spoofed floods.

- I don't think nodewatch does much for inbound floods short of maybe dropping the ARP in hopes of making

the flood drop at the switch and not your node.

Now, if you're trying to stop floods from *leaving* your node, nodewatch/etc can do that pretty good supposedly. Fail2ban running on each VPS can help stop SSH brute attacks. DDOS-Deflate won't help with this at all.

Francisco

 

[litespeedhost]

Will hire some server management company to fix that.

 

[texteditor]

only host websites everyone likes

 

[splitice]

As funny as @texteditor is probably trying to be its fairly true. Dont attract hate, or offer commercial services (blackmail) and you should be fairly fine. For everything else, there are plenty of companies offering protection as services.

Alternately if you have budget, you can purchase appliance hardware and a suitable network connection and do it in-house. Rioreys are good example of mitigation appliance hardware that is sold for this purpose.

 

[ICPH]

Please define what you mean by "prevent"?

i mean prevent server be affected by attack (stop respondig to requests)

 

[Enterprisevpssolutions]

You need a DC that will either null the traffic before it reaches your server or you need to get a 3rd party filtering service, only a few ways to clean up a DDOS before it reaches your server. Also make sure you keep all logs and report the abuse to the correct providers so they can clean it up on their end.

 

[MannDude]

Aside from not stepping on the toes of people who'd want to do such things, DDoS filtered services is becoming more and more affordable. I get more than adequate protection from BuyVM and RamNode. For the price it can't be beat, and their are more and more options in similar price ranges nowadays that offer similar levels of protection. That alone helps out a lot against your average DDoS attack.

 

[Roger]

- fail2ban will help on a per host, not node level.

- ddos deflate (from medialayer.com) will also help on a per host, not node level.

In any case, the attack should be treated before reaching the server at all or null route manually if you do not have the resources to pay for the service and do have 24/7 monitoring.

 

[incloudibly]

There is not much that can be done on your side in case of a DDoS unless you operate a DDoS protected server or route all traffic through a protected network. Most VPS providers would just try to find out which client attracts the attack and suspend his or her account to prevent other clients from being affected.

 

[AbeloHost]

Based on a conversation I've had with our technical manager, it's almost to impossible to prevent it. You can, however, lower the chances. You can do what I do and make sure you hire a good technician. 

 

[splitice]

The one question I dont think anyone has asked yet is do you actually want to 'prevent' it yourself? Perhaps if you are a large enough company to be purchasing multiple 10Gbps uplinks to handle it yourself you can handle the cost of purchasing appliances (e.g Riorey) $XX,XXX ea or in-house filter development ($XXX,XXX - $X,XXX,XXX) otherwise isnt your time better spent on your buisness objectives?

There is plenty of people turning mitigation into a service. Why not just capitalize on that as needed, and take appropriate measures to mitigate risk (i.e dont advertise on Hack Forums).

 

[sshgroup]

you can't move to a datacenter have ddos protection , vps / dedi servers mostly have low spec to can keep up with DDOS or if low network bandwith