Question
Does DigitalOcean have an Anti DDOS protection??
- Posted on December 23, 2016
- SecurityUbuntu 16.04DigitalOcean
Asked by Badde Liyanage Don Dilanga
I am really concerned about this. I don’t plan to use Cloudflare as it forces me to use their free SSL cert which I don’t like, I have my own certs which I bought especially for my wordpress website and I also plan to use an EV cert in one day which Cloudflare doesn’t support in their free plan. Also I have a premium DNS service, so cloudflare is really out of my border. I am wondering what should I do if I am getting a DDOS attack? I read many horror stories how droplets are disabled for 3 hours without letting access, and how they are unable to handle flood. I am wondering Does DigitalOcean have an Anti DDOS protection at least in their end? can it at least handle small DDOS attack? I saw some people have stated, DigitalOcean isn’t for production and only for developers. Is that even true? Thanks.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Hello there,
Quick update here. I’m excited to share that DigitalOcean has introduced a new feature in response to the valuable feedback we’ve received from users like you: DigitalOcean DDoS Protection:
Here are some key points about this new offering:
Cost: DigitalOcean DDoS Protection is available at no additional cost. That’s right, it’s a free service for all users!
Coverage: The protection extends to a range of DigitalOcean resources including:
Protection Layers: This service provides protection primarily at the Network (layer 3) and Transport (layer 4) layers of the OSI model. Please note that Application layer (layer 7) DDoS Protection is currently not supported.
Latency Concerns: One of the standout features of this service is that mitigation takes place entirely within the DigitalOcean network. This means that data traffic doesn’t leave our network for mitigation, ensuring that your applications experience no additional latency.
Overall Benefit: DigitalOcean DDoS Protection is an always-on service designed to defend your DigitalOcean cloud resources against a range of generalized, network-layer DDoS attacks. This ensures that your apps and websites run smoothly, without the threat of potential disruptions from such attacks.
Best,
Bobby
At Datacenter level, DigitalOcean is well-protected. Even if DDoS attack happen to Datacenter, you should still be able to use site normally. There was an answer on Community about measures DigitalOcean takes for Datacenter so you can read them here.
About your server (Droplet)… you’re on your own here. However you can take some additional measures to make it more secure.
CloudFlare is probably best out-of-box solution but if it doesn’t suit your needs you can do some server tweaking.
Set up Firewall. Allow only ports you use. Disable ping requests via firewall to be more protected against that type of attacks. When you get DDoS attack you can use firewall to block IP ranges.
Research about Load Balancing. That can help take load from one server to multiple and make your site harder to go down.
Also, you can take a look at advanced Logging system so you have better management over server.
For all abode DigitalOcean has great tutorials that can get you help starting.
I solved this problem by installing vDDOS Proxy Protection software as a Reverse Proxy (simulating CloudFlare’s mechanism by combining many things like Nginx proxy + Testcookie + reCaptcha + Iptables + Cloudfalre API …)