Ultimate DDoS Solution! Nice on the budget too!

[AzzidReign]

My site is a gaming site, and with that, the demographics it attracts appears to contain a high rate of wanna be hackers, which means they love playing with their skiddy tools.

This is the absolute cheapest and best solution I've been able to find (I've been around the block, you can read my history at the bottom). Since I've deployed this solution 3-4 months ago, we haven't gone down due to DDoS yet! Prior to this, we would go down a few times a week after the skiddies worked around our DDoS proxy to get our server URL, and at times DAILY.

If the attacks are large enough, it will likely knock any site offline, and I'm talking about 100gbps+ which almost all solutions would take your site down, including a hardware firewall. But for everyone here, this solution should be bullet-proof unless you've really attracted some skiddies with a lot of money to pay the people that own massive botnets.

I apologize for the lack of technical details, I hire people out to do the work for me but anyone of technical know-how can easily tell you or you can hire them to do so for you. To disclose further, I've put my affiliate links below. If this helps you, please use my links to help me out. I'm in no way affiliated with either company, other than them providing affiliate links to their customers.

What you need:

• A great DDoS Proxy - a lot of people use Cloudflare, I don't recommend them. We had them for a while and our users would constantly complain about the errors and slow loading times from them. We are using DDoS Defend. They are cheaper, less errors (none so far), and our users love the loading times. I highly recommend these guys.
• A separate VPS to set up as an email server (these guys are also very nice and helpful). The reason I give you these guys is because you can include some DDoS protection on your email IP so if the attacker hits your email server, you at least have some protection and hopefully will be able to continue to send out emails.
  • Scrub the originating headers so your web server's IP address does not show up in the email headers (again, I don't know the technical information on how to do it). This is how the attackers can get your web server IP if you are sending out emails from your server behind the proxy without a separate server. Double check to make sure that emails being sent out are only showing the VPS's ip and not your web server.
  • For those already using proxies for protection, this is the only place your IP will be leaked, hence why you need a separate server for it. When you've bought this and made the proper changes, make sure you change your web server IP. I'd ask for a different range and see if they will swap it out for you. They may do this for free if you let them know you are protecting their network from DDoS this way.
  • Obviously, in your software, you will need to route all your outgoing emails through this server.
  • THERE IS ONLY ONE PROBLEM with this solution. Your emails will likely go to spam until you can warm up the IP address and have all your users mark you as NOT SPAM. We've put up notices for our users and the new users to check their spam folders when they join.
    • While this is an inconvenience to your users, having the site down for 24 hours a few times a week is a bigger inconvenience to everyone.

This is the most bullet-proof solution I've found in this price range. I'm paying right around $175/month with the above set up, Cloudflare Business alone costs $200/month and it didn't perform as well. If you get only small attacks and less than 500gb of traffic, this whole set up could cost less than $100/month! If you don't want to use DDoS Defend, you can still follow the email server recommendations in conjunction with whatever service you prefer or are currently utilizing.

One thing to note about DDoS Defend before I explain some of my history with these companies. These guys have been very honest, upfront, and very helpful through all this. I don't see them exaggerating attacks on your site to get you to go with a higher package. Quick ticket replies too. Some of the nicest people you'll meet on the internet. They care about their customers, which is hard to say about any of the companies I've dealt with in the past.


I've used the following DDoS "solutions":

Spoiler

• ServerOrigin - Worst of the worst (imo), which is why they probably merged with BlackLotus. Since the merger, I wouldn't touch either of them with a 10 foot pole. Terrible experiences with them that I won't go into since they are no longer around, but at the time I used them, they were considered one of the "top dogs". If SO's owner works with BL now...oh boy. I'll leave it at that.
• BlackLotus - These guys have great claims but when it came down to it for us, their service slowed our site down tremendously, and the site would go down to DDoS often (no stats now, it has been years so maybe they are better). Myself and a friend had experienced them reporting these large attacks and then saying you need to upgrade your service. Funnily, they claim that when attacks are being mitigated, attackers increase their attacks (opposite of what we've currently documented in our logs). Even funnier, when we moved away from them and still filtered out the attacks, it was far less than previously claimed (maybe a few time fluke?). It's been years since I used them, who knows if their services are better and even the integrity of their company is better.
• SharkTech - Didn't mitigate much for us. We had a lot of technical difficulties with them (*cough* they deleted our harddrives "on accident" - did the same to a friend within days of mine *cough*). Not much more to say about them...didn't work/filter DDoS for us, and I question their tech guys abilities.
• CloudFlare - Best out of all my "failures". They DID work for us. Slowed us down some at peak times. Had a lot of errors that they were claiming were our server errors, when our server wasn't reporting any errors, and I would mess with my hosts file to direct connect to my site when I couldn't do it through cloudflare to make sure my site was up (and it was), and they still claimed it was our server's problem, etc., and now we haven't had any issues with those errors/issues with DDoS Defend. In different areas of the world, they would get far more errors and slow loading speeds at times. I just think their servers are over saturated. I like the idea that the system learns and helps everyone else, which is great due to their sheer size; i.e. someone attacks my site, they filter it, and now those rules apply to everyone else on the entire network. It just didn't work out as well as DDoS Defend has for us.

I think that's all the ones I've tried over the years (I may be missing 1). I hope my experiences can help save at least one person on this site. It's been a frustrating path but we've finally made it to paradise.

 

[Slavik]

I think LiteSpeed are offering a free trial of their Anti-DDoS services on request, I haven't looked into it or even know if its something they're actively developing, but know they've managed to bail out some people before, to what degree I don't know.

Perhaps @lsmichael can shed some more info.

 

[RastaLulz]

Honestly, the cheapest solution would be to host with OVH; everything is protected by their VAC system, for free. It can handle the biggest of attacks, and since switching to them I haven't had an issue. I also know many other people who have, and they're all blown away by how good it is. Obviously OVH would be for more technical people though, since it's not managed or anything in terms of support.

 

[rdn]

Honestly, the cheapest solution would be to host with OVH; everything is protected by their VAC system, for free. It can handle the biggest of attacks, and since switching to them I haven't had an issue. I also know many other people who have, and they're all blown away by how good it is. Obviously OVH would be for more technical people though, since it's not managed or anything in terms of support.

Yes exactly, Same here

 

[AzzidReign]

Honestly, the cheapest solution would be to host with OVH; everything is protected by their VAC system, for free. It can handle the biggest of attacks, and since switching to them I haven't had an issue. I also know many other people who have, and they're all blown away by how good it is. Obviously OVH would be for more technical people though, since it's not managed or anything in terms of support.

How big of attacks can they handle? I've had multiple over 60gbps. And just because it comes "free" doesn't mean it's free. It's certainly worked into their prices.

 

[Slavik]

How big of attacks can they handle? I've had multiple over 60gbps. And just because it comes "free" doesn't mean it's free. It's certainly worked into their prices.

160Gbps/160Gbps apparently...

 

[AzzidReign]

Nice. Looking at similar specs, I'm not seeing anything that is above what I currently have for the price I'm currently paying for my entire set up. I'll keep this as my backup option if they truly are as good as you guys say they are. But that's why I created this thread, my solution seems to be the cheapest thus far and provides great coverage.

 

[WSWD]

OVH will terminate you if the attack is too large. Real DDoS protection isn't cheap, and certainly not free. Much better getting real protection from Blacklotus, or CNServers or the like before I would go with any of the above "solutions".

 

[AzzidReign]

OVH will terminate you if the attack is too large. Real DDoS protection isn't cheap, and certainly not free. Much better getting real protection from Blacklotus, or CNServers or the like before I would go with any of the above "solutions".

I've used BlackLotus. 2nd worst experience. DDoS Defend has been the best, hands down, and to put "solutions" in parenthesis just shows you didn't read the entire OP. By no means would I put BL down as a "real solution" lolol Too pricey and couldn't do what DDoS Defend has done for me. Had a lot of downtime and slow loads with BL, SO (merged with BL), and SharkTech. Will never give them another shot.

I've heard good things about CNServers but never actually used them.

 

[WSWD]

I've used BlackLotus. 2nd worst experience. DDoS Defend has been the best, hands down, and to put "solutions" in parenthesis just shows you didn't read the entire OP. By no means would I put BL down as a "real solution" lolol Too pricey and couldn't do what DDoS Defend has done for me. Had a lot of downtime and slow loads with BL, SO (merged with BL), and SharkTech. Will never give them another shot.

I've heard good things about CNServers but never actually used them.

Never had any issues with BlackLotus. Staminus is good as well. Had very good luck with Staminus.

 

[rdn]

OVH will terminate you if the attack is too large. Real DDoS protection isn't cheap, and certainly not free. Much better getting real protection from Blacklotus, or CNServers or the like before I would go with any of the above "solutions".

OVH has built-in free for all and also premium solution: http://www.ovh.com/us/anti-ddos/

 

[Mike Edge]

Staminus is good as well. Had very good luck with Staminus.

Matt is an awesome guy and knows his stuff when it comes to DDoS. Known him since back when he ran Falcon Networks.. Back before FooNet got raided by the Feds..

 

[WSWD]

OVH has built-in free for all and also premium solution: http://www.ovh.com/us/anti-ddos/

They do indeed...but I have seen people kicked off of both. They claim "unlimited" gbit attack, but then throw you off their network when you get a large attack. Never used them. I've just heard from folks who have.

 

[Forsaken]

They do indeed...but I have seen people kicked off of both. They claim "unlimited" gbit attack, but then throw you off their network when you get a large attack. Never used them. I've just heard from folks who have.

Eh... Two of my friends use OVH and one of them gets a 20-30Gbps attack every other day, with the occasional 60-80Gbps+ attack (maybe once a month).

 

[WSWD]

Eh... Two of my friends use OVH and one of them gets a 20-30Gbps attack every other day, with the occasional 60-80Gbps+ attack (maybe once a month).

They might have changed things then, but I know quite a few people who were kicked out, dedicated servers shut off, and no refunds/backups given.

 

[Forsaken]

They might have changed things then, but I know quite a few people who were kicked out, dedicated servers shut off, and no refunds/backups given.

My friend just told me it was changed once 8 months ago, and again 4 months ago and that OVH is still updating their service.

 

[psx]

My site is a gaming site, and with that, the demographics it attracts appears to contain a high rate of wanna be hackers, which means they love playing with their skiddy tools.

This is the absolute cheapest and best solution I've been able to find (I've been around the block, you can read my history at the bottom). Since I've deployed this solution 3-4 months ago, we haven't gone down due to DDoS yet! Prior to this, we would go down a few times a week after the skiddies worked around our DDoS proxy to get our server URL, and at times DAILY.

If the attacks are large enough, it will likely knock any site offline, and I'm talking about 100gbps+ which almost all solutions would take your site down, including a hardware firewall. But for everyone here, this solution should be bullet-proof unless you've really attracted some skiddies with a lot of money to pay the people that own massive botnets.

I apologize for the lack of technical details, I hire people out to do the work for me but anyone of technical know-how can easily tell you or you can hire them to do so for you. To disclose further, I've put my affiliate links below. If this helps you, please use my links to help me out. I'm in no way affiliated with either company, other than them providing affiliate links to their customers.

What you need:

• A great DDoS Proxy - a lot of people use Cloudflare, I don't recommend them. We had them for a while and our users would constantly complain about the errors and slow loading times from them. We are using DDoS Defend. They are cheaper, less errors (none so far), and our users love the loading times. I highly recommend these guys.
• A separate VPS to set up as an email server (these guys are also very nice and helpful). The reason I give you these guys is because you can include some DDoS protection on your email IP so if the attacker hits your email server, you at least have some protection and hopefully will be able to continue to send out emails.
  • Scrub the originating headers so your web server's IP address does not show up in the email headers (again, I don't know the technical information on how to do it). This is how the attackers can get your web server IP if you are sending out emails from your server behind the proxy without a separate server. Double check to make sure that emails being sent out are only showing the VPS's ip and not your web server.
  • For those already using proxies for protection, this is the only place your IP will be leaked, hence why you need a separate server for it. When you've bought this and made the proper changes, make sure you change your web server IP. I'd ask for a different range and see if they will swap it out for you. They may do this for free if you let them know you are protecting their network from DDoS this way.
  • Obviously, in your software, you will need to route all your outgoing emails through this server.
  • THERE IS ONLY ONE PROBLEM with this solution. Your emails will likely go to spam until you can warm up the IP address and have all your users mark you as NOT SPAM. We've put up notices for our users and the new users to check their spam folders when they join.
    • While this is an inconvenience to your users, having the site down for 24 hours a few times a week is a bigger inconvenience to everyone.

This is the most bullet-proof solution I've found in this price range. I'm paying right around $175/month with the above set up, Cloudflare Business alone costs $200/month and it didn't perform as well. If you get only small attacks and less than 500gb of traffic, this whole set up could cost less than $100/month! If you don't want to use DDoS Defend, you can still follow the email server recommendations in conjunction with whatever service you prefer or are currently utilizing.

One thing to note about DDoS Defend before I explain some of my history with these companies. These guys have been very honest, upfront, and very helpful through all this. I don't see them exaggerating attacks on your site to get you to go with a higher package. Quick ticket replies too. Some of the nicest people you'll meet on the internet. They care about their customers, which is hard to say about any of the companies I've dealt with in the past.


I've used the following DDoS "solutions":

Spoiler

• ServerOrigin - Worst of the worst (imo), which is why they probably merged with BlackLotus. Since the merger, I wouldn't touch either of them with a 10 foot pole. Terrible experiences with them that I won't go into since they are no longer around, but at the time I used them, they were considered one of the "top dogs". If SO's owner works with BL now...oh boy. I'll leave it at that.
• BlackLotus - These guys have great claims but when it came down to it for us, their service slowed our site down tremendously, and the site would go down to DDoS often (no stats now, it has been years so maybe they are better). Myself and a friend had experienced them reporting these large attacks and then saying you need to upgrade your service. Funnily, they claim that when attacks are being mitigated, attackers increase their attacks (opposite of what we've currently documented in our logs). Even funnier, when we moved away from them and still filtered out the attacks, it was far less than previously claimed (maybe a few time fluke?). It's been years since I used them, who knows if their services are better and even the integrity of their company is better.
• SharkTech - Didn't mitigate much for us. We had a lot of technical difficulties with them (*cough* they deleted our harddrives "on accident" - did the same to a friend within days of mine *cough*). Not much more to say about them...didn't work/filter DDoS for us, and I question their tech guys abilities.
• CloudFlare - Best out of all my "failures". They DID work for us. Slowed us down some at peak times. Had a lot of errors that they were claiming were our server errors, when our server wasn't reporting any errors, and I would mess with my hosts file to direct connect to my site when I couldn't do it through cloudflare to make sure my site was up (and it was), and they still claimed it was our server's problem, etc., and now we haven't had any issues with those errors/issues with DDoS Defend. In different areas of the world, they would get far more errors and slow loading speeds at times. I just think their servers are over saturated. I like the idea that the system learns and helps everyone else, which is great due to their sheer size; i.e. someone attacks my site, they filter it, and now those rules apply to everyone else on the entire network. It just didn't work out as well as DDoS Defend has for us.

I think that's all the ones I've tried over the years (I may be missing 1). I hope my experiences can help save at least one person on this site. It's been a frustrating path but we've finally made it to paradise.

Which host are you using for your server?

 

[HostDash]

Eh... Two of my friends use OVH and one of them gets a 20-30Gbps attack every other day, with the occasional 60-80Gbps+ attack (maybe once a month).

I've heard of a couple people being kicked off of their network due to DDoS attacks. Reality is proper anti-DDoS services are very expensive and can cost any provider a lot so I'd wonder how long they will be able to offer this unlimited DDoS protection, for free.

I am aware of a site using BlackLotus and know of sites using them which are really snappy. Which service of theirs did you opt for?

 

[AzzidReign]

Which host are you using for your server?

I keep that private due to the nature of my demographics and people wanting to take us down. They've been contacted on a few occasions (when people could trace our server ip) saying that they were me and needing access to the server. Luckily, they called me up with the number on file before proceeding.

I've heard of a couple people being kicked off of their network due to DDoS attacks. Reality is proper anti-DDoS services are very expensive and can cost any provider a lot so I'd wonder how long they will be able to offer this unlimited DDoS protection, for free.

I am aware of a site using BlackLotus and know of sites using them which are really snappy. Which service of theirs did you opt for?

It was some time ago, but I had bought one of their dedicated servers that was coupled with one of their best protections.

 

[Tim Jay]

Honestly, the cheapest solution would be to host with OVH; everything is protected by their VAC system, for free. It can handle the biggest of attacks, and since switching to them I haven't had an issue. I also know many other people who have, and they're all blown away by how good it is. Obviously OVH would be for more technical people though, since it's not managed or anything in terms of support.

I had DDoS attacks (UDP flood attacks) on and off for quite a few months this year. I had to move servers 4 times in 2 months.
I tried Staminus for a month and they were complete junk. I started off by paying nearly $500/mo for a dedicated server with their 10gbps+ protection plan. The attacks hit right above 10gbps and immediately they told me I should upgrade. They said they could offer me a deal at 10k/year with a full down payment for no limit of protection. WTF? I left a week later and they were quick to shut down the server instantly after cancellation. Thankfully I already had everything ready to be moved. On 2 or 3 occasions I opened a ticket about downgrading the 10gbps protection plan and literally seconds later the site would be under attack after not having issues for a day or two.

I finally discovered OVH and I have been with them since. I spoke to them over the phone and they assured me they could handle the attacks. Having the anti ddos included is such a relief. I'm paying close to 250/mo for a dedicated server and nothing more. After months, the attacks died down shortly after going live with OVH. I now get a small attack maybe once or twice a month but it gets automatically mitigated.

Cloudflare free service is still semi useful for hiding the ip. Of course when dealing with someone malicious enough you need to hide those email headers and like you said run the service on a separate server. I run everything on the same server with OVH and I am no longer stressed about ddos attacks. Their infrastructure + pricing simply can't be beat.