How we protect our Hosting clients against DDoS attacks

The number of DDoS attacks is growing every year. They are becoming increasingly complex and cause serious damage to businesses. The 11 largest attacks held in 2020 forced their victims to pay about $144 million to ransom their web services and make them work again.

If you are buying a hosting service on a dedicated server or on a virtual server, it is important to check whether your provider ensures reliable protection against DDoS attacks.

Read on to discover how we protect our Hosting clients against malicious users.

Types of DDoS attacks

Nowadays, DDoS attacks are mostly complex: malicious users use several methods at a time in order to make the server stop working. Yet all attacks can be classified into three types:

1. Volumetric attacks (also referred to as high-volume attacks or flooding) imply sending plenty of requests to the server, which results in blocking network bandwidth capacity and the website becoming unavailable. The most well-known examples include DNS Amplification, DNS Flood, ICMP Flood, and SYN Flood.
2. Protocol attacks exploit the vulnerabilities of network protocols. As opposed to the attacks of the first type, they overload network capacity not with a giant amount of traffic but with pinpoint actions that exploit the network defects. A typical example of such an attack is POD (Ping of Death).
3. Application attacks are application-layer attacks (Layer 7 of the OSI model) intended to directly disrupt web services. The most widespread attacks of this type are Slowloris and HTTP Flood.

Read more about it in our article “The most dangerous DDoS attacks of our time”.

How Gcore protects its hosting clients against DDoS attacks

We offer basic and advanced protection against DDoS attacks.

Basic DDoS protection

Basic DDoS protection is available for all our hosting clients by default. It’s free of charge. You get it automatically together with your server, and you don’t need to add any further options.

This protection works on all dedicated and virtual servers and is available for all our Hosting locations.

How it works

1. We analyze all your incoming traffic and check the number of unique IP addresses, packets delivery speed, bit rate, and other parameters.
2. The traffic gets filtered following the basic rules. This mode works well against the widespread volumetric attacks.
3. The system blocks all suspicious requests. Only real users get access to your website.

Basic protection is effective against the attacks using the following protocols and systems:

• DNS
• NTP
• SSDP
• MSSQL
• LDAP
• SNMP
• CharGen
• Memcache
• RIP

Yet it has its limits and disadvantages:

1. The traffic below 200 Mbps isn’t detected, meaning that this kind of protection won’t help against low volume attacks like Slowloris.
2. No rules settings are available, meaning that you can neither close ports, nor create a blacklist of IP addresses, nor set any other rules. This option is available in the advanced protection option only.
3. In case of a high-volume attack, the system will temporarily block all requests sent to the IP address that is currently under attack. Malicious users won’t be able to plant a virus into your system or steal valuable data, yet your website will become unavailable for real clients.

When your website gets blocked, you receive an automatic email notification informing you of the time when the IP address is going to be available again.

In addition to data protection, blocking IP addresses allows us to keep other servers working. For example, if a certain VDS is under attack, it will be blocked whereas all other VDS units located on the same physical server won’t be affected.

Basic protection is enough if you have a small business that rarely experiences DDoS attacks, or if your online project is currently at its starting stage. Your website will be protected, allowing you to save some money.

Select a protected server

Advanced DDoS protection

Basic protection will ensure you are safe against many types of attacks. It is suitable for small-scale projects or as a temporary measure.

But even if you have just started your online business and never experienced a DDoS attack, you should bear in mind that in the future your project is going to grow, and the number of attacks is increasing every year.

If you want your web services to always be available to your clients and quickly beat back malicious users’ attempts at making your server stop working, we recommend that you opt for our advanced protection.

This is a paid option but it provides complex protection against all known DDoS attacks at the network, transport, and web application layers.

Our advanced protection algorithm works similarly to the basic one but it features more advantages. You can:

• set filtration rules including analyzing packet contents at the L7 OSI layer
• block addresses or allow server access basing on geolocation
• get protection against complex UDP attacks
• cope with “smart” low-volume traffic attacks

In the advanced version, your website will remain available to the users even in case of a massive attack with a volume exceeding 5 Gbps. The capacity of out filtration centers exceeds 1.5 Tbps. All malicious traffic will be blocked starting from the first request, and real clients will be able to continue using your web service and won’t even notice any changes in its work.

Here are some facts about our advanced protection against DDoS attacks:

• We protect our clients against all types of volumetric attacks.
• We help our clients cope with SYN/ACK/RST Flood attacks.
• We can analyze traffic up to the L7 layer.
• We detect TLS attacks and can successfully protect you against them.
• Your protection profile is formed individually depending on your traffic and on the type of services provided.
• You can integrate protection with client server apps.
• We give you access to detailed statistical data.
• We can inform you about the DDoS attacks revealed using any method that you find convenient.
• We provide technical support 24/7 together with Security Operations Center engineers.

Apart from server protection, we also protect websites and web applications against bots. We can prevent data scraping, brute force, and advertising fraud. We won’t let malicious users steal your website content or crack your users’ accounts.

We also have a highly effective WAF (Web Application Firewall) that can protect your web application against cracking. The firewall blocks attacks, finds app vulnerabilities, and gives recommendations on their removal.

Conclusions

1. The number of DDoS attacks is increasing every year, and they are growing more complex. When choosing a hosting provider, pay attention to how it protects its clients.
2. Gcore offers two types of protection against DDoS attacks: basic and advanced.
3. Basic protection is free of charge and available to all our hosting clients by default. It is effective against many widespread attacks. Basic protection is enough if you have just launched your online business or if you have a small-scale project that rarely experiences attacks.
4. If you want to protect your website against all known types of attacks and ensure that your services remain available to your clients even in case of massive attacks, we recommend that you opt for advanced protection. In addition to that, you can enable the smart WAF that won’t let malicious users crack your web application.

Enable complex protection now and forget about DDoS attacks.

Enable DDoS protection