All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DDOS Protection (L7) for one Website, where?
By end of month we start to host a website for a client. It's a legal classifieds site for adults.
I already know that this site would be seriously attacked soon and wish to prepare whatever possible and within Budget to leave it online without downtime.
For now: I have prepared two OVH dedicated servers in Frankfurt that will host the Website, legitimiate traffic will be up to 20 TB monthly.
DNS is hosted by two different premium DNS providers.
Mail is hosted by external Provider.
Site uses HTTPS (HTTP is forwarded to HTTPS).
Goal is that the Website has no DDOS caused outage.
Even this Website is hosted with OVH there can be spent EUR 500 every month on a "ready" DDOS protection that will take care of L7 attacks too, as I know OVH don't handle any L7 attacks.
Where should I go to buy the protection? I see ofthen x4b and Incapsula do they work well?
Comments
They already handle this now.
Also add:
OVH doesn't mitigate L7 attacks towards web servers
Cloudflare + Website cache (you can use cloudflare cache too)
why would anyone attack porn site? are they digital jihadis ?
x4b client here (in past). Yes, they're to be clear one of the best here around let with L7 ddos protection for websites.
@Roldan
As already mention, L7 migitation atm is not supported by OVH. They have listed the SSL Gateway enteprise that will do this soon on the website but I found nowhere when it will be available.
@jooja
I read often that the $200 Businessplan is not enough and the enterprise comes somewhere around $5'000, the 5sec preloader on a new session is not well too.
@creep
Competitor(s) with money for serious attacks. It's a classifieds website serving a western europe country, not a p0rn website.
@desperand
thank you, do you had during this time some kind of serious attacks?
I would recommend checking with the provider whether they support L7 protection. Because many simply won't filter it. For example, CloudFlare + Website cache is "unlikely" to work. CloudFlare passes most of L7 ddos to your server. While Caching would have to be "extensive" - i.e. pre-generated HTML pages lying in the folder.
Here is a Testing script you can use to check whether the Protection provider allows L7 ddos to Pass through:
https://github.com/grafov/hulk
Simply run the script against your website:
hulk -site http://example.com/test/
(It is NOT harmful in any way and test lasts only a minute or so. Also while running the test check the NGINX Access Log. If you see Huge amount of generated Visits and Increased Server Load - sometimes up to a point of server unavailability - then your Protection is NOT working...
Cloudflare $200/m plan worked for me. But I switched to Sucuri which is like $10/m and it did the job even better.
yes, dozens of very powerful attacks in a highly competitive market, where competitors wish to destroy your business via different methods (DDoS attacks, hacks, manipulating of client minds (via creating misinformation, and different toxic things which ruin a community, etc, long story).
What means powerful attacks? Depends on time (I talk about a big gap of time frame (several years)). And depends on founded exploits in different IoT's, hacked popular CMS software, etc.
For example, I remember a time when were founded super critical issues with Joomla and WordPress, and I was targeted via DDoS attacks from FRESH botnets of hosted websites.
RPS (requests per second) vary from 5k up to 200-210k easy. On dynamic site, it's more than enough to turn off site. I tried hell a lot of providers around let and not only to protect the website, only a few able to mitigate such attacks. Another guy (super top provider here) just kicked off me from them with fake reason, but I'm not angered to them, because it's common practice to declare features which you do not have for attracting more customers. And when real shit happens, you can't help your client with things what you offered.
I even tried top providers (DDoS-guard, and forgot another one (super popular protection) even bought Cloudflare business plan for protection against DDoS, and nothing did not help to me to survive until I finally moved to x4b for the website.
For around 2 weeks my site was under super heavy attacks, attackers tried almost ALL methods what they were able to use and spend I guess a lot of money to take website off. And nothing happens. When they realize that DDoS attacks and hacks do not work (stupid naxsi setup was super helpful against different hacks attempts), they finally destroyed my project via manipulations by clients minds and via buying community leaders directly to move out from my project to competitors projects, etc.
And yes, since that time I did not even try anymore any 3rd party provider (except maybe kms-hosting (which is called now by a different name) to protect website. KMS-hosting is good too, but x4b is best for me.
Also, x4b good in mitigation, but not good with support. When you have problems with configuration and you have no time and you're under stress and you NEED to have a website online and stuck with configuration part, and support saying "everything is ok at our side" while it was not, it's provoking very negative things. But after figuring out how everything should work, etc, everything super easy.
So yes, try at least several providers:
@desperand thanks for the mention
@desperand
Thank you for the deep insights. Exactly this, the high amount of RPS is that what will make trouble on this site, even if we add more Cache elements the attacker could use endpoints that involve database fetch (like search) to harm the Server.
I'm aware that most providers where this is not part of core business don't wan't such clients, this is the reason I ordered dedicated Servers from OVH as I hear on L4 mitigation they do a great job and they will not kick or 0route me out (hopefully) because of a attack.
I will order and setup the service from all 3 mentioned providers plus sucuri and as soon a attack starts switch to one of them or round robin way split requests to all of them and then check from who too much bad traffic is coming in and kick them out.
@Wicked
Thanks on input, will add them too.
@cloudlayar1
Thank you on the scripts, I will code some own one that I will use for me known weak points on this website.
Probably https://www.hyperfilter.com/web-protection/
Hi, as @desperand said, we are able to handle also Layer7 attacks after you have activated Layer7 mitigation within our customer area. All traffic is routed over a additional set of ddos-filters, which acts like a transparent reverse proxy with "human visitor" validation.
You can also add your own ssl certificates, in case your website uses ssl.
I'm not sure but I think DDOS Guard offers Layer 7 protection too.