Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Best Tool for Protecting Server Against DDoS ?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Best Tool for Protecting Server Against DDoS ?

Hello, can any one recommend a tool for Linux servers to protect against DDoS , for hetzner dedicated servers
from some days someone doing DDoS on my server. Can anyone tell a free or paid DDoS Protection tool for Hetzner Linux Dedicated Servers?
Using cPanel, LiteSpeed , CloudLinux on the server.

Comments

  • cloudflare?

  • sandozsandoz Veteran

    Reverse Proxy of Combahton

  • iptables to filter all unwanted traffic, and Cloudflare to filter incoming attacks.

    Although, some people here don't like posts with the c-word.

  • sandozsandoz Veteran

    You can use IPTables, but that doesn't will save you from other types of attacks.
    It requires Hardware, if your Hosting Provider doesn't have it.

    Unfortunately you can't do much, it will be going Offline.
    People forget sometimes that Hardware in-house is always needed, not only to scrub the traffic and filtering but to prevent it.

    Hetzner DDoS Protection is not the best in the market, well use Cloudflare and some IPTables.

    Give a try to this
    https://github.com/theraw/The-World-Is-Yours

  • eva2000eva2000 Veteran
    edited April 2021

    Try Cloudflare with their Cloudflare For Teams free subscription so you can access free Argo Tunnels and setup your sites using Argo Tunnels and block off all non-Cloudflare traffic at firewall level. If on CF Pro plan enable and configure CF WAF and utilise CF Firewall rules to further fine grain control and mitigate layer 7 application level attack patterns. A guide I wrote on how to setup Argo Tunnels for Centmin Mod users https://blog.centminmod.com/2021/02/09/2250/how-to-setup-cloudflare-argo-tunnel-on-centos-7/

  • VJTVJT Member

    @eva2000 said:
    Try Cloudflare with their Cloudflare For Teams free subscription so you can access free Argo Tunnels and setup your sites using Argo Tunnels and block off all non-Cloudflare traffic at firewall level. If on CF Pro plan enable and configure CF WAF and utilise CF Firewall rules to further fine grain control and mitigate layer 7 application level attack patterns. A guide I wrote on how to setup Argo Tunnels for Centmin Mod users https://blog.centminmod.com/2021/02/09/2250/how-to-setup-cloudflare-argo-tunnel-on-centos-7/

    Thanks for this guide. Have you tried testing it out?
    I have setup argo tunnel with ingress rules and added as system service. It is able to connect to edge server and starts up fine. However, I am not sure if it works, unable to find any logs for reverse proxy in litespeed logs/ cloudflare logs.
    I even tried doing a curl using destination IP, it still works. I thought it will block direct incoming traffic to our dest server, or am I wrong ?

  • use imunify360

  • A DDoS large enough to fill up your pipe to the Internet can render any tool useless.

  • eva2000eva2000 Veteran
    edited April 2021

    @VJT said: Thanks for this guide. Have you tried testing it out?
    I have setup argo tunnel with ingress rules and added as system service. It is able to connect to edge server and starts up fine. However, I am not sure if it works, unable to find any logs for reverse proxy in litespeed logs/ cloudflare logs.
    I even tried doing a curl using destination IP, it still works. I thought it will block direct incoming traffic to our dest server, or am I wrong ?

    Argo Tunnels is on hostname basis not IP, you'd want to setup your firewall on origin to block all traffic other than Cloudflare or at least block on ports 80/443 or whatever front facing ports/services.

    Yes using Argo Tunnels in production right now and works nicely for 2 of my Wordpress blogs. It works when you can access your site via it's domain - it should be transparent to visitors as only the way CF connects to your origin has changed now to go via cloudflared proxy to your origin within CF network.

  • BuyVM and Path.net IP + GRE Tunneling

  • ezethezeth Member, Patron Provider

    ddos - x4b

  • What are you hosting that is attracting said DDoS attack? Is it a game server or website?

  • Shut it down and unplug the network cable. 100% protection.

  • Null route

  • AswinAswin Member, Host Rep

    You have to contact Hetzner - if it is DDOS since null routing is the only option over here. You can not use Cloudflare whether this attack against your server IP address. what is the number of attack requests?

  • JarryJarry Member

    @Daniel15 said:
    Shut it down and unplug the network cable. 100% protection.

    More like 100% effective DDOS...

  • @Jarry said:

    @Daniel15 said:
    Shut it down and unplug the network cable. 100% protection.

    More like 100% effective DDOS...

    Technically just a DoS, not a DDoS :tongue:

  • @Jarry @Daniel15 @Aswin Keep in mind that I have used Hetzner, Corero, OVH, NFO, etc, and they have all null routed when I did GRE with them for my servers. Now I'm using Path.net and I've had no problems with DDoS attacks for 8 months now, they mitigated over 250gbps+ attacks for me and I didn't even feel any packetloss or lag like I did with other companies that lied about their protection to me cough NFO

  • DataIdeas-JoshDataIdeas-Josh Member, Patron Provider

    @theprotector said:
    @Jarry @Daniel15 @Aswin Keep in mind that I have used Hetzner, Corero, OVH, NFO, etc, and they have all null routed when I did GRE with them for my servers. Now I'm using Path.net and I've had no problems with DDoS attacks for 8 months now, they mitigated over 250gbps+ attacks for me and I didn't even feel any packetloss or lag like I did with other companies that lied about their protection to me cough NFO

    Path.net is good service and good customer service.
    Most providers don't want you to take their services outside of their network. Probably why you got null routed.

  • BinaryBinary Member, Host Rep

    Cloudflare (with proper rules) or FluxCDN will do the job at a reasonable price (or free).

    FluxCDN Anycast utilizes Path.net btw.

  • @DataIdeas-Josh said:

    @theprotector said:
    @Jarry @Daniel15 @Aswin Keep in mind that I have used Hetzner, Corero, OVH, NFO, etc, and they have all null routed when I did GRE with them for my servers. Now I'm using Path.net and I've had no problems with DDoS attacks for 8 months now, they mitigated over 250gbps+ attacks for me and I didn't even feel any packetloss or lag like I did with other companies that lied about their protection to me cough NFO

    Path.net is good service and good customer service.
    Most providers don't want you to take their services outside of their network. Probably why you got null routed.

    For example NFO and Stormwall would null route me when big attacks occurred on my game server, OVH, and others didn't nullroute but they had severe leaks enough to take the server down or bad packetloss

  • DataIdeas-JoshDataIdeas-Josh Member, Patron Provider

    @theprotector said:

    @DataIdeas-Josh said:

    @theprotector said:
    @Jarry @Daniel15 @Aswin Keep in mind that I have used Hetzner, Corero, OVH, NFO, etc, and they have all null routed when I did GRE with them for my servers. Now I'm using Path.net and I've had no problems with DDoS attacks for 8 months now, they mitigated over 250gbps+ attacks for me and I didn't even feel any packetloss or lag like I did with other companies that lied about their protection to me cough NFO

    Path.net is good service and good customer service.
    Most providers don't want you to take their services outside of their network. Probably why you got null routed.

    For example NFO and Stormwall would null route me when big attacks occurred on my game server, OVH, and others didn't nullroute but they had severe leaks enough to take the server down or bad packetloss

    To me Null routing is only protection for the network as a whole or for your ISP. But it doesn't keep the service online.
    I don't consider Null routing a form of DDoS protection as the hosted service still goes down.

  • MannDudeMannDude Host Rep, Veteran

    CloudFlare is annoying for the end-user. Just think of all the times you've been hassled by LET's own use of CloudFlare and ask yourself if you want your website visitors constantly bothered by CAPTCHAs and check points.

    CloudFlare works, sure. But it's certainly not the only option out there. Where affordable filtering was few and far between 5+ years ago it's more and more common place for providers to offer filtering at an affordable cost nowadays. Effectiveness, I'm sure, varies.

    Get a box with DDoS filtering or setup filtering through a GRE tunnel or something.

  • jhjh Member
    edited April 2021

    Get an Asus router

    image

    Thanked by 1WSWD
  • djndjn Member

    The best tool is the off switch :)

Sign In or Register to comment.