[Security] DDoS Protection

[EvanWells]

I'm aware that this question isn't 100% relavant to MyBB, but I figured I would ask the knowledge-base just incase someone is experienced in this field and would be willing to point me in the right direction.

I run a WAMP Website off of a personal home server. I was wondering how I can prevent DDoS from ocuring? IT hasn't happened yet, but I also run a Minecraft Server off of the same server and am trying to be proactive. Thanks for any info!
Evan

[katos]

Software alone wont be enough, and I would strongly suggest a DDoS protected network such as Gigenet or OVH, however you should check out Cloudflare here: https://www.cloudflare.com/

[Consaholic]

This user has been denied support.

Cloudflare (for layer 4 protection, act as reverse proxy thus concealing backend ip)

Or

Cloudflare -> Sucuri (for malware/ddos protection) -> nginx configured with fail2ban

For your minecraft server I recommend you purchase a ddos protected TCP tunnel (http://prontohost.net/) - they sell affordable and effective solutions.

[andrewjs18]

there's also incapsula, although they don't allow you to use a cert on their free tier.

[eaportela]

Instead of creating another thread on the same subject, I figured I'd ask my question here.

I use Globat.com as my web host, and today I received a threat from a source that they were going to launch a DDoS attack on my forums. There's a chance that this guy might have been bluffing, but other than regularly backing up my forum, how can I implement DDoS protection on my forums? Globat.com wanted to charge me thousands of dollars through their SiteLock services and it seemed a bit much.

I have to admit, I'm new to this and I don't have much knowledge on the subject other than backing up things constantly, which I do. I also host several forums for other friends and I wouldn't want to see them targeted either.

How could I go about this? I would appreciate any and all advice, I'm definitely willing to learn. Thank you.

[Lunorian]

Instead of creating another thread on the same subject, I figured I'd ask my question here.

I use Globat.com as my web host, and today I received a threat from a source that they were going to launch a DDoS attack on my forums. There's a chance that this guy might have been bluffing, but other than regularly backing up my forum, how can I implement DDoS protection on my forums? Globat.com wanted to charge me thousands of dollars through their SiteLock services and it seemed a bit much.

I have to admit, I'm new to this and I don't have much knowledge on the subject other than backing up things constantly, which I do. I also host several forums for other friends and I wouldn't want to see them targeted either.

How could I go about this? I would appreciate any and all advice, I'm definitely willing to learn. Thank you.

People who make threats have the generally have the full ability to do this. The most important thing you can do is to have enough protection on your site to block off the attacks and to ensure that they'll try larger attacks and end up getting caught.

---

For the Minecraft Server you'll need to find a DDoS mitigation provider who has L4 DDoS Protection. If I recall correctly a paid plan with Incapsula (the Business plan, $299/month). However DDoS Protection for websites is a lot cheaper.

Don't use Cloudflare unless you either have a paid plan or further filtering behind it. I would recommend WebDeflect for DDoS Protection, their free plan is great, and their paid plans are low cost, the most expensive plan is just $20/month. Cloudflare alone is very easy to bypass, only a plan with their Web Application Firewall will be effective at mitigating DDoS Attacks (well they have a beta program for rate limiting but you have to be accepted, my site uses it, against support policy so I will not link to it) For smaller layer7 attacks (on a good server under 1m req/s, more if you iptables block the sources) on websites,

One thing to note is that nginx can be configured to block them off without too many issues.

If you don't want to pay huge fees for layer4 protection consider getting a server host who has DDoS Protection a few notable providers are Voxility (expensive), BlazingFast, and OVH.

Let us know if you have further questions

[Matt]

It's really not something you do to protect the forum, you do it to protect the server. If you don't have access to the server itself, then you need to proxy your traffic through something else like the services mentioned above. If you've got shared hosting though, if you were DDoS'd, it'd be the server getting attacked, so every other customer on it would be affected too, so you'd presume the hosting company would take measures to protect against it.

[eaportela]

True. I should have worded my request for advice better. Thank you guys. I'm trying out WebDeflect right now. So we'll see.