New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Obviously not free, but get a cheap Hetzner vps and put DDoS protected reverse proxy (e.g. BuyVM @Francisco ) in front.
There is no tutorials at all. And can't be any.
Why? In past 15 years a lot of things changed dramatically in market and capacity of ddos attacks. Right now almost zero VPS or dedi servers capable to TANK massive multiplied ddos attacks against network layer. I.e. zero firewall will tank for example 20Gbit/s attack while you have 1Gbit/s port.
The same related to websites. I mean to L7 layer of ddos protection.
You can always tune things one like banning if conn_limit in nginx is higher than X, you can configure fail2ban, you can restrict maximum connections, use cache, fastcgi cache, i dunno even redis, or other shit like that, but nothing will help in the end against DDoS attack.
So what to do?
The only way to protect your server & website against attack is paying money to companies / people who doing that for their living. I.e. different companies with protection. Right now not a 2012 or 2013 anymore. After VAC arrival to the market, the price for protection of ddos attacks reduced dramatically in dozens of times.
So, current solutions to mitigate pretty damn powerful attack costs starting from around 10 usd and more. I do talk about and L4 and L7.
If focus on specific L7 layer (application one, i.e. your wordpress site) the price starting from 10-20 usd / mo, for effective protection. Which in my own opinion - pretty damn cheap. While in the past you paid 200 - 500 usd for the same. So it's okay and good price.
That's all that you need to know about ddos attacks and protection against them.
Tuning kernels like it was with syn-cookies in 3.16 kernel, like tons of tcp related optimizations in 4.* kernels - is over. This time is over. Maximum efforts in different apps, kernel and so on to optimize and squish as much as you can performance to tank volumetric DoS is over. Everything is squished already.
So, the only way to protect against ddos - by using ddos protected services.
Sorry for the wall of text, i just wish explain in easy form what is going on and what to do.
https://javapipe.com/blog/iptables-ddos-protection/
Also install crowdsec and block all know bad IPs.
There is no 100% anti-ddos protection against all layers. Is like playing a game rat and mouse.
People needs to understand that. The only way is to paying some team to monitorize your network and doing the right configurations.
What to do?
Usually most of 90% of attacks are caused by fights between community whatever. If you stay in your side without trying to be smart or mess with someone it will have less or none attacks. (I know that also happens when you don't do nothing)
There are many DDoS protection one should work better for game servers, others don't.
Voxility
Combahton
Rioray
Path
Corero
For L3/L4