Thread: How to prevent a DDOS

Hello,

I know there is no way to completely prevent or mitigate a DDOS if it gets up to a certain level. Currently though I do have CSF Firewall installed on High which will perm block a IP if it hits any of the firewall rules instead of temporarily and also do have a pretty good custom apache configuration. Is there any other suggestions you may have to help me prevent a DDOS or help "secure" my server?

Sue the source of the attack. XD
(If you can figure out where it originated, and who by)

If it is a http ddos attack install apache mod evasive . It saved us a lot of times

To prevent a DDoS attack on your server, install a security module such as CSF for cPanel which will help prevent attacks. It may not completely stop them but it will definitely help to keep them away!
Other than that, I cannot think of anything. Although, there are a few other things that ConfigServer do, as well as CSF.

When a DDOS attack is pummeling your server, there are very few ways of successfully mitigating the attack as the attackers will often have a vast amount of machines, and associated IP's that they can work from with a large quantity of bandwidth.

Having a software firewall although might provide a minimum amount of protection with barring certain individuals from using services on your server. A software firewall still accepts the connection directly to the server, therefore flooding the port, increasing loading times or even flatlining the port and not really protecting from a DDOS attack.

A hardware firewall however can help towards mitigating an attack. Many firewalls now come inbuilt with load balancers, and have the ability to withstand hundreds of thousands of connections. The firewalls if configured properly can also attempt to mitigate an on going DDOS attack. However, the bandwidth that the firewall can take is still limited by its hardware. So is still not guaranteed to successfully block a DDOS attack.

To this day there is no way of guaranteeing 100% that you are protected from a large DDOS attack which takes up the bandwidth of the incoming pipe, the only thing we can do take is to take as many precautions as practically and financially viable to help avoid a complete blackout.