Answer the question
In order to leave comments, you need to log in
The most effective way to protect against DDoS without Cloudflare and the like?
Hello. Need your advice.
Suppose there is a blog N on WP, which receives a moderate DDoS attack, the site hangs on the Nginx FPM+Apache2 server.
All of this is running Ubuntu Server.
Can Sasha Pupyrkin's poor blog and his server survive without Cloudflare and similar services?
If so, which method is more efficient?
Answer the question
In order to leave comments, you need to log in
DDoS is a failure attack when the hardware fails.
It is of two types -
The first variant of the attack can be beaten off on your own - put a more powerful server, optimize the software, ignore "heavy" requests, filter requests. install another server, install a balancer.
In general, everything can be solved with your own hands and at low cost, although knowledge and experience are needed.
The second option is not treated in any way, the attack will stupidly clog the channel of your hoster or provider and you will be left without communication.
Of course, you can buy a really wide channel, but it is a lot of money and infrastructure.
Cloudflare and others like it have a lot of money, infrastructure, and a bunch of channels - it's almost impossible to score them, they withstand an attack on the network and provide filtering services for traffic that goes to your server.
"Medium gravity" is by what standards?
You did not mention the channel and server hardware (virtual?) at all.
If the channel is clogged, then you will not do anything on your own.
If the virtual machine is overloaded, then the hoster will disconnect you.
If everything is not so bad, then put some kind of fail2ban, configure and rejoice (if possible).
In any case, good luck with this endeavor.
a banal udp storm and you can protect yourself from it as you like - you won’t do anything, only at the uplink/hoster level it can be solved even higher ....
Can Sasha Pupyrkin's poor blog and his server survive without Cloudflare and similar services?No. It most likely will not really withstand a good influx of legitimate users, and even a simple attack on the application even more so.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question