07-01-2020, 02:08 PM
(06-29-2020, 12:47 PM)LightDestory Wrote: As the title says, what do you think about anti-DDos protection?
Does your VPS (standard paid plan or sponsored) have it?
Did you ever experience an attack? How did you handle it?
These are simple questions that, if you own a VPS, you will face someday. There is nothing to hide, I have experience it, at least 3 time with different systems.
As for my experience I can say that publishing your RAW IP address on the big internet is very dangerous.
These are a lot of attacks that can target you:The criminals just need your IP address, with simple software such as NMAP they can scan your entire port set and know what are you using.
- HTTP attack
- SYN attack
- NTP attack
- SSH brute force
- ICMP attack
- Minecraft's sever attack (I am not joking, they flood the sever with ad-hoc simulated login requests)
- ect...
When it will happen?
Well there isn't a specific moment, as soon as you publish something on the WEB you are in danger. There are services such as CDN that helps you hiding your real IP address but there are some exceptions:What you can do to protect yourself?
- To use SSH you need to access via the real IP address, CDN can't forward SSH.
- When you want to host a game server you need to publish your real ip, CDN can't forward game traffic.
- Free CDN services are limited, for example they cover only the 3rd level domain, if you need some nested domain you are naked.
- Service such as mail servers, torrents are ignored by CDN, you are naked.
You can only prevent the leak of your IP address. If it has leaked and an attack is performed there are very few chance that you, as a VPS's provider customer, can handle it. You can shutdown your VPS but the traffic will always reach your provider's network.
Speaking of what action you can do:All I have said util now is useful when your own a VPS without a anti-ddos protection, when you have such protection mostly of the attack will be handled by experts and proper hardware thanks to the providers, we are speaking of:
- Shutdown whatever is not necessary at that moment;
- DON'T REJECT THE TRAFFIC, you let it be dropped with a HUGE timeout, so you can slow down the criminal
- Be sure to use a CDN service which provides minimal protection
So, let's end this little talk: after reading such things and how easy is to get targeted, what do you think? Should anti-ddos protection be a must-have for every VPS? Should be a paid or included service?
- Hardware firewall
- Blackhole where redirect criminals' traffic
- Proper IP filtering systems
I am just a user, I am not aware of how complex is to setup such protection on providers'end. I am very curious, so if any provider read this, let us know what mean to setup a anti-ddos protection!
The short answer would be: sort off
The long answer:
It really depends on your use-case.
If you’re running something that’s not so important, or something that won’t need to have any decent uptime, then DDoS protection would be the least of your concerns. So no point in even worrying about it being included in whatever plan you’re using.
On the other hand, if what you’re running requires good uptime and/or is of significant importance, then having DDoS protection included with your existing plan would be much appreciated.
However, DDoS protection does come at a cost with most providers (simply because it costs them money as well to offer it for you!). So even if it’s included in your plan, that could mean that plans would shoot up in price. So even though you’re not paying for at as an extra addon, you’re now paying for it as part of your recurring billing plan. So it won’t save you anything cost-wise in most cases. And doing so this way would either mean that people who don’t want it are paying for it, or having separate non-protected plans, which defeats the purpose.
Hence, offering it as an addon is the winner here. Reduces the confusion, keeps things simple and straightforward and is simply the most advantageous for both the provider and client.
Thank you Post4VPS and VirMach for providing me with VPS9! But now it’s time to say farewell due to my studies.