Latest Announcemnent
New thread

DDoS Protection? what should i do

Status
Not open for further replies.
R

ram.sharma

Member
10
2013
4
0
I just purchase a dedi from fdcserver.net to sell cPanel hosting accounts
I want very very very good uptime so what should i do to give user good uptime
should i purchase hardware firewall or what? I can invest $1000s (one time)

Please give me valuable suggest what should i do to protect my server from all minor and major ddos attack
 
15 comments
you can buy a hardwarefirewall, but this will only let you migitate small attacks.
if they are getting bigger, you have to use a whole network with huge bandwidth to migitate such attacks.
So buying a service like cloudflare or any other service-provider is your only chance (or just buy a ddos-protected server from the beginning)

the best thing you can do is: Do not allow sites that attract DDOS-Attacks.
if you get a ddos-attack nullroute the ip that's targeted.
Write in your TOS what you will do if DOS or DDOS or any other things (abuse of hardware) will happen - e.g. nullrouting, shutdown whatever.
 
DDoS mitigation companies do exist (I run one). The process is relatively simple, we take your IP and give you a new one. All traffic that arrives at our IP gets inspected and if it meets the criteria forwarded to your server behind the scenes. We are the ones who buy the $100k+ hardware in this case, well in most cases lease a share of it.

But like everything the best solution is prevention, try not to aggravate people. Thats always the best solution.

On a side note its impossible to protected from all ddos attacks, everything has a limit. There is a limit to the number of packets hardware can process. There is a limit to the capacity of the lines being used to receive the traffic. There is a limit to the effectiveness of mitigation rules. There is a limit to the budget of every mitigation provider.

A better statement is, protection up to XXGbit/XXPPS and from that you can work out the cost (X4B, BlackLotus, CNServers, Voxility etc)
 
In order to provide best uptime, you must manage your server properly like updating modules, monitoring server round the clock, install cloudlinux so none of user can use high resources that could result in server getting down. If you are getting ddos then only think about implementing solutions for the ddos otherwise proper management of the server is good solution to maintain better uptime.
 
ram.sharma said:
I just purchase a dedi from fdcserver.net to sell cPanel hosting accounts
I want very very very good uptime so what should i do to give user good uptime
should i purchase hardware firewall or what? I can invest $1000s (one time)

Please give me valuable suggest what should i do to protect my server from all minor and major ddos attack
Click to expand...

1st you should change DC because fdcserver's network not stable, and their chicago dc don't have ups backup.
 
you can limit number of connection from each ip in csf
for example after 100 connection ip go to the banned list
i think it prevent ddos atack somewhat
 
The problem with CSF is that it will filter the packets on your server level, However DDoS Packets will still reach the FDC network which is not supporting DDoS mitigation and won't keep a server on its network if the specific server allows DDoS attacks on FDC's network. You should consider either remote DDoS protection filtering service such us Proxy DDoS filtering or rent a server that comes with DDoS protection plan.
 
Status
Not open for further replies.
Back
Top