DDoS Protection Recommendations?

SenseiSteve

HD Moderator
Staff member
In web hosting, ensuring that your servers and websites are protected from DDoS attacks is critically important as attacks by cybercriminals continues to increase in both scope and volume. An alarming number of web hosting providers still lack adequate DDoS protection services, so it’s incumbent to ask what protection they do provide.

If you’ve purchased DDoS protection from your web hosting provider, do you know what levels of network, application or protocol layers that it protects you from? When they filter attacks, will they allow legitimate traffic to pass through unhindered? Will those services encapsulate DNS, UDP/TCP, SMTP, FTP, SSH and VoIP protections?

When a web hosting provider offers DDoS protection, what are your recommendations on what to ask about their protection?
 
While not the hosting provider, CloudFlare does a pretty great job for many sites these days. They've been able to handle insane levels of DDoS attacks and filter them out before ever hitting the web host itself.

I use CloudFlare on some sites, but not all of them. Most of the big guys have a form of DDoS protection in place, but certainly, any smaller host or reseller can easily link up with CloudFlare and protect the network for their clients too.
 
The mass majority of web hosting providers provide DDoS protection, if you have any questions, you can simply contact them directly. But, generally speaking, over 80% of providers should offer DDoS protection on all services.
 
The mass majority of web hosting providers provide DDoS protection, if you have any questions, you can simply contact them directly. But, generally speaking, over 80% of providers should offer DDoS protection on all services.
When a web hosting provider offers DDoS protection, what are your recommendations on what to ask about their protection?
 
Depending on hosting provider, they will usually mention the protection on the SLA. I have also come across some companies go out and get it DDOS protection on their own. They do this to cater to their own configuration or access.
 
We've placed our cloud servers in a DataCentre with extensive DDoS protection at the networking layer, and our customers each have their own IPs. DDoS mitigation is automatic when traffic to a given IP breaks the detection threshold. Their traffic is scrubbed, and only the clean traffic is allowed through. This has always worked so far.
We've been happy to migrate customers who are already under attack on their old hosts.
Of course, this only works as we sell dedicated resources to the customers.
We've also been able to shield customers existing hosts with our CDN, although this has its own issues. We've mainly only shielded people who are migrating to our services.
 
Back
Top