How to Protect Server from an DDOS Attack ?

[azadhussnain]

Hello , I am facing an DDOS Attack from 3 days.
DataCenter also not helping me. I asked them how much GBPS attack is going on right now? They said 10-15-20GBPS attack is going on.

Is there any way to protect my dedicated server from 10-15gbps ddos attack ?

 

[cPRex]

Hey there! There isn't going to be much of anything you can do on the server-side for an attack of that size. To help with that size of an attack you would need to look at external hardware, such as advanced firewall configurations.

If you don't have a way to do that I would recommend looking into a tool like Cloudflare to help with that situation.

 

[ServerAdminz]

You can use a combination of attack detection, traffic classification, and response tools, aiming to block traffic identified as illegitimate and allow legitimate traffic only.

For a better understanding, you can go through this article - Distributed Denial of Service (DDoS) Attack

You can also follow this thread - DOS attack on my site

 

[ServerHealers]

Since the attack is above 10-15gbps as cPRex mentioned, there is not much you can do on the server-side, and a CDN is the best available options. But I can suggest a few points which you can consider if this is frequently happening.

1. Add a CDN tool like Cloudflare or similar, which is the most effective way to prevent DDoS.
2. Most of the cloud hosting companies are providing Native DDoS Mitigation System at an additional cost. I don't want to mention the name here but one of them is providing Native DDoS Mitigation System for $10 per month for DDoS up to 10Gbps. Do your research and consider adding one.
3. If it's a dedicated server and if you have access to the DC, then it's recommended to add a hardware firewall or a perimeter DDoS mitigation device.
4. Install and configure mod_evasive which is a server-side DDoS prevention Apache module. Effective if you are getting a very minor DDoS attack. Please check this article: Apache Module: Evasive.

 

[kodeslogic]

I would second to agree that Cloudflare CDN service can help to mitigate the DDOS attack, but the free plan will not do the much you may need to consider their Pro Plan

 

[sahostking]

Have you got CSF installed and CT_LIMIT set to a reasonable amount. Try that first. Why not try Bitninja or Imunify360 aswell. Request a trial from them if possible to see if it works and if it does stick with them it worthit for peace of mind.

If its huge DDOS a hardware firewall is best and your DC should be able to stop it on their end. Most Data Centers give DDOS protection on the network layer for colocation or Self managed servers. But doesnt hurt to try one of the above options either.

 

[BBernard]

Hello , I am facing an DDOS Attack from 3 days.
DataCenter also not helping me. I asked them how much GBPS attack is going on right now? They said 10-15-20GBPS attack is going on.

Is there any way to protect my dedicated server from 10-15gbps ddos attack ?

Hi! I hope you're doing fine! There are 3 steps to stop it even you got a small budget
1.Ensure to make your server as fast as possible
For a start, your web server should be as fast as possible. In other words, it must be able to answer a request in milliseconds. If you are using an IIS server, the easiest way to achieve this is to enable HTTP Keep-Alive. This will allow your webserver to process multiple requests in parallel using a single connection
2. Make use of a CDN service
Another way to achieve a high rate of requests per second is to use a CDN service. This is a distributed network of servers that will send your content to the end-user instead of your web server. This way, your web server only needs to deal with requests from the CDN servers.
A CDN service can undoubtedly help you mitigate a DDoS attack with a small budget, but you will still need to implement a few other things to increase your protection level.
A reverse proxy server can accept incoming requests and forward them to your web server. The web server will then decide if the reverse proxy server can handle the request or if it needs to be sent to a different server. This way, you can have multiple web servers behind a single IP address or have a single server with multiple IP addresses (VIPs).
3. The use of SSL encryption
Another trick to reduce your attack surface is to use SSL encryption. With SSL, you can secure your web server, the reverse proxy server, and your CDN servers. This way, your attackers are unable to access your network because all your servers use encryption. source
Take care and all the best!