Nine ways you can protect your servers from DDoS attacks
Distributed Denial of Service (DDoS) is an attack where the perpetrator uses several compromised systems to send messages or requests to a targeted system to overload it.
The attack prevents legitimate users from accessing that system, even though their requests may be legitimate. The goal is to render an online service unavailable by exhausting its resources.
The good news is that you can protect your servers from DDoS attacks in several ways. Here are nine suggestions.
1) Deploying CloudFlare
Cloudflare is an intelligent reverse proxy service that speeds up and secures content delivery network (CDN) for any website. It provides protection from DDoS attacks, custom caching rules, SSL support, and many more features to ensure optimal performance of your site in terms of speed and security.
2) Hosting with DDoS protection
Cloud hosting offers plenty of advantages for your business. When you choose a hosting service, you should choose one that provides access to the latest technology. More importantly, it should be a service that offers anti DDoS protection, which may hit your servers anytime without prior warning.
It’s crucial to select a provider that has comprehensive DDoS protection in place.
3) Using Fail2ban
Fail2Ban scans log files and bans IP addresses that make too many password failures to protect your system from SSH brute force attacks. It can be configured to email you the banned IPs so you can manually blacklist them in the /etc/hosts/deny file (so they cannot reconnect).
4) Using firewall
Configure a firewall and block all incoming traffic except communication on ports needed for the application to work properly. It will protect your servers against TCP-based DOS attacks.
Also, experts recommend that you use the latest iptables firewall features like connlimit, which helps limit the number of simultaneous connections from an IP address to a specific port (you can do this by specifying the source and destination addresses). However, firewall configuration will affect your website’s SEO which is essential.
5) Always use SSL for login pages
Make sure your login page uses SSL/TLS to prevent dictionary attacks, as hackers won’t be able to sniff passwords. Also, it’s best to use a unique password for each account and a firm password policy.
6) Performing rate-limit on firewall/router
A firewall or router with a rate limit feature can protect servers from DDoS attacks to a certain extent. You should configure your device’s firewall or rate limit according to the type of server and protocols you’re using.
If you’re using FTP, then limit it to 20 connections per second, while you should limit HTTP to 50 connections per second.
7) Securing your server with GeoIP limit
To minimize DDoS attacks against a particular service, one can limit access from certain countries. For example, if you’re only providing support to customers from the United States, then block requests coming from other countries.
Another way to prevent DDoS attacks is by limiting connections to specific ports. However, this method will only restrict the attack but not protect the service entirely.
8) Protecting your servers using CDN
Content Delivery Network (CDN) automatically serves static content closer to users, thus delivering your application fast and securely without taking too much load on your servers which can be a significant problem during DDoS attacks.
9) Basic network security
You can deploy basic network security measures to protect your servers from DOS/DDoS attacks. Security experts recommended that you disable source routing, restrict ICMP usage within your network, and block all incoming connections on ports 139 and 445 since they are no longer needed. Use routers with good quality firewalls such as Cisco, Sonicwall, and Juniper.
There are several steps for protecting your servers from DDoS attacks. While choosing a hosting provider, make sure they offer DDoS protection as well as other security measures to ensure your servers are always safe and secure. The tips above should be more than enough to get you up and running.
Photo by Andreea Avramescu