Control Web Panel

Security => CSF Firewall => Topic started by: tokar86a on March 07, 2019, 09:46:39 AM

Title: DDOS
Post by: tokar86a on March 07, 2019, 09:46:39 AM
How can i best protect my server against DDOS? I seems to be getting some high recurse spike i couple of times a day. I need to protect my server someone more. any suggestions? 
Title: Re: DDOS
Post by: Rug3r on March 08, 2019, 02:15:03 AM
Did you look at this?
http://centos-webpanel.com/tag/ddos-protection
Title: Re: DDOS
Post by: tokar86a on March 08, 2019, 08:26:58 AM
Did you look at this?
http://centos-webpanel.com/tag/ddos-protection

Yes but then you need to pay. I am looking for something else here.
Title: Re: DDOS
Post by: Netino on March 09, 2019, 02:46:29 AM
You can use CSF, but you must to consider the posted here:
https://www.liquidweb.com/kb/basic-dosddos-mitigation-with-the-csf-firewall/

Specially in following part:
1) There is no way to prevent a DoS/DDoS attack against any server connected to the Internet; once in progress, the only thing that can be done is to try to mitigate its effects.
2) There is no way to make a server respond normally when it is under attack; the most that can be done is to try to keep it online during the attack by reducing the impact of the incoming traffic.
3) In some cases, the best way to deal with a large-volume attack is to null-route the server’s IP address. Effectively, that means temporarily taking it offline until the incoming traffic subsides.
4) Any measures employed within CSF will be effective only against small attacks, and measures should be implemented in CSF only while the server is under attack. The firewall settings always should be restored afterward to minimize disruption of legitimate traffic, as the measures outlined below will slow incoming packets.
5) CSF is not the only way to mitigate small-scale attacks. Services such as those offered by CloudFlare’s network also may help because they are external, buffering traffic to the server. And for maximum protection against large attacks (millions of incoming packets per second), a specialized DoS mitigation service may be necessary. You can read more about such protection at https://www.liquidweb.com/services/network/ddos.html.

Regards,
Netino