DDoS attacks are increasingly common. Here's how to protect your VPS.
Understanding DDoS
DDoS (Distributed Denial of Service) attacks flood your server with traffic, making it unavailable.
Types of DDoS
- Volumetric: Floods bandwidth (UDP floods, DNS amplification)
- Protocol: Exploits protocol weaknesses (SYN floods, Ping of Death)
- Application: Targets specific applications (HTTP floods)
Hardware Protection
Provider-Level DDoS Protection
Use providers with built-in DDoS mitigation:
- Space-Node: Included on all plans
- Linode: Basic mitigation included
- OVH: Available on higher tiers
Recommended Configurations
- Minimum: 100 Gbps mitigation
- Recommended: 300+ Gbps for game servers
- Premium: 1 Tbps+ for critical services
Software Protection
UFW (Firewall)
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 27015/udp # Game server port
sudo ufw enable
Fail2ban
Blocks brute force attacks:
sudo apt install fail2ban
Rate Limiting
Use nginx or your proxy:
limit_req_zone $binary_remote_addr zone=general:10m rate=10r/s;
Network Configuration
IP Reputation
Monitor your IP:
- Check Shodan
- Monitor DNS reputation
- Keep backups of IPs
Anycast Network
Route traffic through multiple nodes for redundancy.
Monitoring
Tools to monitor attacks:
- netstat - Monitor connections
- iftop - View bandwidth usage
- DDoS mitigation service logs - Track attacks
Response Plan
- Identify the attack
- Isolate affected services (if possible)
- Activate DDoS protection
- Monitor until traffic normalizes
- Document the incident
Best Practices
- Keep backups of configurations
- Use content delivery networks (CDN)
- Implement rate limiting
- Monitor traffic patterns
- Have redundant servers
When to Scale Up
Consider upgrading if you receive:
- Regular attacks over 10 Gbps
- Attacks lasting hours
- Attacks targeting specific services
Conclusion
DDoS protection is essential for online services. Use layered protection combining hardware and software solutions.
