DDoS protection

Discussion in 'Security' started by jnicol, Nov 10, 2013.

  1. jnicol

    jnicol New Member

    As a VPS noob, I'm wondering if it's worthwhile installing some sort of protection against DDoS attacks. I'm not aware of any of my sites or my client's sites having been the target of an attack before, but there's a first time for everything!

    My questions are:

    - Do other KH customers run software to mitigate DDoS attacks?
    - If so, what? I've seen mod_evasive and dos_deflate mentioned.
    - Am I being paranoid by worrying about DDoS?
     
  2. Dan

    Dan Moderator

    Morning jnicol,

    Your server should have CSF (Configserver Firewall) and it can provide some protection against DDoS. However anything installed at the VPS level is going to leave the traffic on the network anyways and KH is the only one that can do anything to mitigate that...which they will.

    Perhaps some others will chime in with their thoughts/feelings on the subject.
     
  3. jnicol

    jnicol New Member

    Thanks Dan. It sounds as if taking special measures to mitigate DDoS at the VPS level is somewhat ineffectual, and really needs to happen at the web host or data centre level? I suspect I'm overthinking something that isn't really a problem, or at least not one I can do much about!
     
  4. Dan

    Dan Moderator

    jnicol,

    That would be correct. When a DDoS attack occurs KH will null-route the IP numbers being attacked and that gets done in the routers, not even in the host machines our VPSs are in. If there is anything more we could do I am sure that KH would have let us know before now as their have of course been some of these attacks on the KH network.
     
  5. KH-Jonathan

    KH-Jonathan Director of Managed Services Staff Member

    This is pretty spot-on. DDoSs these days are to the level that in-VPS mitigation can only go so far with a truly distributed attack. If it's just a standard attack with only a few hosts hitting you, then sure, a VPS can filter a ton.

    True DDoS protection is a very expensive and complex process. That's why it basically has it's own market segment with significantly higher prices.
     

Share This Page