DDoS protection

[sahostking]

mod_qos helps on apache linux servers I think aswell as try something like syspeace which I'm still looking at for protection for Windows Servers. Looks good.

 

[sahostking]

I've looked into ths a bit more and think going for a hardware firewall is best. Will check budget and make this decision. Secondly I will implement Cloudflare for my customers as an option with CPanel should help aswell I assume.

 

[easyhostmedia]

Our upstream provider has the hardware protected, we as a host have the following

CSF
Configserver Mod Sec control
Configserver exploit scanner
Clam AV
Mod security
CHKrootkit
DOS deflate

+ a few others

Also Cloudflare for our customers

 

[incloudibly]

DDoS protection has proved to be effective and in some cases cost-effective - there are companies that provide DDoS protection service free of charge as an additional complimentary service to paid web hosting service.

 

[micronetvps]

I've seen people who use software based DDOS protection and they claim it works, however nothing is going to be as effective as higher end hardware and good network design.

 

[incloudibly]

I've seen people who use software based DDOS protection and they claim it works, however nothing is going to be as effective as higher end hardware and good network design.

Based on my personal experience, sometimes properly set iptables would be enough to get the site up, however, it's rather an exclusion than a rule.

 

[FusedServers]

If you are worried about ddos protection check the prices at Black Lotus and see if you can afford protection. Like many has said, its pricey but cloudflare is not that great as a free a small attack can take it offline and that is even for servers thats ddos protected.

It all depends on the size of attack and what kind of ddos it is.

 

[Epidrive]

Yes, ofcourse its effective. There are already a lot of DoS protection up in the industry, just google it.

They're effective to prevent DoS

 

[trueman1]

most important thing is to have 1 Gbps Network Link to your server(must)
Firewall software will help with a small DDoS attacks
physical firewall can help alot with small to medium ddos attacks,
your ISP should have very big network connection and also monitor ddos attack and then you will be protected from high ddos attacks.

 

[LeetHost]

Well, from my personal experience using CSF firewall protects from about 95% of attacks. But using a hardware firewall will provide you best and maximum protection against DDOS.

buy only if you really need it,as it costs very high.
mostly web masters dont use it.

 

[tnhcatherine]

It is important to remember that DDOS is becoming more sophisticated and they are using fewer connections with more attacking IP's.

 

[Stream101]

You can always find a host that offers DDoS protection. Usually the cost will be slightly higher, but well worth it if your site is prone to DDoS attacks!

 

[incloudibly]

Arbor networks have recently released DDoS attack trend data for Q2 2013, worth to see: http://www.arbornetworks.com/corporate/blog/4938-ddos-attacks-in-1h-2013-infographic

 

[KarlZimm]

You can always find a host that offers DDoS protection. Usually the cost will be slightly higher, but well worth it if your site is prone to DDoS attacks!

Don't count on that to be able to protect you from the majority of attacks though. A lot of attacks are just high volume, and at a certain volume those hosts are still going to just null route you as you can't monopolize their resources on that device and handling that much traffic can get expensive.

Full DDoS protection is very expensive. For a generally basic config, a provider will need to spend $500k and it just goes up from there. There are real costs in mitigation, and I see all the time people complaining about spending a couple thousand a month to mitigate 10 Gbit/sec attacks, well, simply put, that is what it costs. If you can't afford that, you likely need to change your business plan.

 

[hostfly]

I use CFS firewall as DDOS protection on my VM's

 

[Stream101]

Don't count on that to be able to protect you from the majority of attacks though. A lot of attacks are just high volume, and at a certain volume those hosts are still going to just null route you as you can't monopolize their resources on that device and handling that much traffic can get expensive.

Full DDoS protection is very expensive. For a generally basic config, a provider will need to spend $500k and it just goes up from there. There are real costs in mitigation, and I see all the time people complaining about spending a couple thousand a month to mitigate 10 Gbit/sec attacks, well, simply put, that is what it costs. If you can't afford that, you likely need to change your business plan.

Exactly, DDoS is expensive. Thats why the hosts out there that specialize in it charge a premium. I know our network (prior to me purchasing this company) cost a LOT of money to get setup for DDoS mitigation.

That being said, the level we offer is fairly basic to our clients unless they do get a lot of DDoS attacks, in which we can recommend them to change to a different plan.

 

[Avuntia]

This is really hard. It depend on what kind of website you have (does it run in flash or other heavy code like images or video). It depend how much traffic you have also. If your a company worth more than 100,000 or more you probably should have a whole cluester of servers running and high end cisco routers. The olny way small websites can protect them self from ddos is cloud flare and cdns. There is no real answer for this problem yet