Best practice to protect your site from DDoS for FREE!
First of all DDoS is for wannabe hackers who want to bug you but at the end it does make a big damage to your site from downtown and irritation!
Are you under DDoS ATTACK? And you’re lost how to get yourself outside this situation?
The first things you do, go to https://www.cloudflare.com/sign-up make a new account for free and add your site on cloud flare.
Change your site DNS to cloud flare, hopefully your DSN is not cached for long time…
Login in your cloud flare click on:
-> Cloud Flare settings > Security settings > Basic protection level
Change it I’m under attack.
Next step contact your host provider and change the IP that was your site pointed to… (Do this after your protected fully by cloud flare, then change the IP on cloud flare.
Don’t forget to disable the direct subdomain with cloud flare as you don’t want your attackers to find your new real IP and if you have a mail server on the same server make sure to use reverse proxy for the mail server as well.
It’s guaranteed your website will run back without any issues.
If you have 20USD/month for the site you better make the Pro Plan on Cloud flare.
Here you can find more information about cloud flare plans: https://www.cloudflare.com/plans
Now why cloud flare will protect you?
Usually most of the companies that I worked with used to spend thousands of Euros on buying bigger firewall’s, load balancers and multiple servers to handle DDOS and better performance but at the end if DDoS has a point (IP) to hit the firewall wont handle the huge requests of UPD and TCP attacks…
With Cloud flare you can forget about UPD/TCP attacks, your real IP’s are protected from public as the first layer of your site will be on reverse proxy and no one will know what’s your real IP and with this layer you have to worry only on port 80 attacks, which are also handled by cloud flare awesome team and lots of requests will be blocked… cloud flare has big database that will block any potential bot or infected IP’s.
So UDP and TCP attacks are out of order for now, the port 80 attacks which are nasty but cloud flare is good to handle them as well.
Here is a print screen of the IP’s my site is resolving on:
What other benefits you will receive with cloud flare?