How to succesfully block DDoS attacks for free ?

Portal Home > Knowledgebase > Articles Database > How to succesfully block DDoS attacks for free ?

Posted by brysonems, 10-02-2012, 12:00 PM
Hey guys, i would want to know how to block ddos attacks, i tried to google how to, but i always end up in a you-need-to-pay solution. Is there any way to block ddos attacks for free ? I already know cloudflare, but are there any better solutions ?
Posted by TravisT-[SSS], 10-02-2012, 12:01 PM
Not really. You need to invest in hardware. Software is very limited.
Posted by badboyx, 10-02-2012, 09:57 PM
real ddos can't be blocked in the server level you must move to a ddos protected provider for small dos/ddos you can use CSF but it doesn't help too much
Posted by BoxIntense, 10-02-2012, 10:02 PM
CloudFlare is as best as you can get for free protection.
Posted by ssfred, 10-03-2012, 12:09 AM
Defending DDOS is quite difficult and an effective mechanism to filter the packet can be done only through a HW firewall.
Posted by Orien, 10-03-2012, 12:15 AM
Or Google PSS.
Posted by HostFriendly, 10-03-2012, 03:41 AM
The word DDOS should not be used alone(without approximate size), especially if you are discussing for technics and price that would cost to block it Because they can be in different sizes. May be From 5Mbps to 100Mbps, or 1Gbps to 20-30 Gbps. If the attack size iz more than 1-2Gbps, i think it would not even be cheap. As stated above, CloudFlare can help you do this. You want to protect one or 2 sites or the whole server? Regards.
Posted by Dillybob, 10-03-2012, 04:06 AM
For preventing DOS Attacks, use https://github.com/ess/citadel Which is an upgraded python level script that was made out of DDOS deflate. DDOS deflate is really buggy. You may also use particular iptables by googling "iptables help ddos". The above users are correct as in ddos can't really be blocked at the server level. You can indeed block a DOS and/or http flooding using the links and ideas I've listed above. Also make sure if you're on a OPENVZ that the following modules are installed before purchasing: "xt_connlimit xt_conntrack xt_state... xt_hashlimit" Especially, if you want to stop script kiddies from harming your vps. But like I said, citadel works fine for low level DDOS attacks. But packets will still destroy your server unless you have good hardware protection if a real DDOS attack is active. Cheers,
Posted by cyanide5000, 10-03-2012, 06:58 AM
The last time our server got nuked, this was many years ago - we just had t upgrade our hardware - and it cost a fortune!
Posted by Server Management, 10-03-2012, 07:03 AM
Generally depending upon the size of attack this is a paid service, Correct and good mitigation of decent sized attacks requires decent hardware which doesn't retail for the same as your average server around here... Don't get me wrong ive used Litespeed + CSF to fend off small attacks but if you start talking a handful of servers from OVH hacked and launching multiple attacks using their servers with bigger pipes its not going to stand up to much Regards,
Posted by vineet89, 10-03-2012, 08:41 AM
Thanks Orien, never knew about Google PSS. Cloud flare is good for small to medium attacks, which is all that is required for most of the websites. Also AFAIK cloud based hosting services provide some redundency that helps in withstanding DDOS attacks.
Posted by betterthanyours, 10-03-2012, 09:28 AM
Cheapest defence against DDoS is to null route your IP
Posted by BestServerSupport, 10-03-2012, 10:34 AM
Actually, it depends on the size of attack. CloudFlare, CSF, mod_evasive module of Apache are best options to protect your server against small size of DDOS attacks.
Posted by BINFO-CH, 10-03-2012, 01:19 PM
Thats is not really a solution!
Posted by betterthanyours, 10-03-2012, 01:21 PM
It's the cheapest....
Posted by neilmcaliece, 10-04-2012, 02:35 PM
Use cloudflare. It's cheap and it works very well. From what I've read it works against larger DDOS attacks as well as small scale attacks. For example read this about cloudflare and a 65 Gbps attack : http://blog.cloudflare.com/65gbps-ddos-no-problem
Posted by ddosguru, 10-04-2012, 02:48 PM
DDoS mitigation is all economics. Many providers have grand capabilities, but will only exercise these capabilities where it is economically feasible to do so.

Add to Favourites Print this Article