Support Forums

Basically there are 3 levels to stop a DDOS attack.

Site Level
Server Level
Router Level

At site level it's the weakest but if you're shared host you have no choice. htaccess is the main method here.

At server level you'll need a kernel based firewall. One that allows for fast dropping of packets that are denied or don't pass your ruleset. You'll need to really get to know your firewall and begin the process of fine-tuning a ruleset. Also this is a useless prevention method if the attack is above your pipe. If you're on a 10mbps port and the attack is 12mbps there is nothing server level you can do.

At router level you'll need to pretty much rely on your host. Some hosts will do nothing and some hosts have built in DDOS protection based on PPS (packets per second). Some hosts will even simply null route you to protect the datacenter if indeed you're being DDOS attacked.

This will be helpful for webmasters unfamiliar with such attacks.

Thanks for the information Omni, very helpfull indeed.

Helpful as an overview, a more indept view would be nice.

Awesome guide, Very informative great work Omni.

8D this is what ive been wanting for a while now 8). Oo and I just toook my active directory test. OMG who in the world writes those? They should be SHOT. Who would EVER remember that the dhcpdiscover packet contains 8 bits, and is a 2 packet process. Whos needs to know that?

Thanks for the information Omni.

You could just use firehost and they will deal with all the problems you have.

Thanks for this, I am unfamiliar with this, a it helped a little, I hope I do not need to use these :/

~A

Thanks for the share, I hope I never have to experience a DDOS attack on my site. However someone keeps implementing Java drivebys