Logo
Bearhost Logo
Knowledge BaseSecurity & SSL

How to Protect Against DDoS Attacks

By Elliot, BearHost·

A DDoS (Distributed Denial of Service) attack floods your server with traffic to make it unavailable. This guide covers how to identify, mitigate, and prevent DDoS attacks.

Understanding DDoS Attack Types

| Type | Layer | Description | Example | |---|---|---|---| | Volumetric | L3/L4 | Floods bandwidth | UDP flood, DNS amplification | | Protocol | L3/L4 | Exploits protocol weaknesses | SYN flood, Ping of Death | | Application | L7 | Targets web applications | HTTP flood, Slowloris |

DDoS vs Traffic Spike

| Indicator | DDoS Attack | Legitimate Traffic Spike | |---|---|---| | Traffic source | Many IPs, often from same regions | Diverse, organic sources | | Request patterns | Repetitive, identical requests | Varied pages and behaviour | | Duration | Sustained, does not taper off naturally | Peaks and declines | | Server logs | Same user-agent, no cookies | Normal browser signatures | | Referrers | No referrers or fake referrers | Social media, search engines |

BearHost Built-In Protection

All BearHost servers include network-level DDoS protection:

  • Layer 3/4 filtering automatically detects and blocks volumetric and protocol attacks
  • Traffic scrubbing separates malicious traffic from legitimate visitors
  • Always-on monitoring detects attacks within seconds

This protection handles most attacks automatically. For application-layer attacks, additional measures are recommended.

Cloudflare Setup (Recommended)

Cloudflare's free plan provides excellent DDoS protection for websites.

Step 1: Add Your Site to Cloudflare

  1. Sign up at cloudflare.com
  2. Add your domain
  3. Cloudflare scans your existing DNS records
  4. Update your domain's nameservers to Cloudflare's
  5. Wait for propagation (usually under an hour)

Step 2: Configure Security Settings

In the Cloudflare dashboard:

  • Security Level: Set to Medium (default) or High during an attack
  • Bot Fight Mode: Enable under Security > Bots
  • Challenge Passage: Set to 30 minutes
  • Browser Integrity Check: Enable

Step 3: Enable Under Attack Mode

If you are actively being attacked:

  1. Go to Security > Settings
  2. Toggle Under Attack Mode to ON
  3. This shows a JavaScript challenge to all visitors for 5 seconds
  4. Legitimate users pass automatically; bots are blocked
  5. Turn it off when the attack subsides

Step 4: Create Firewall Rules

Go to Security > WAF > Custom Rules:

  • Block specific countries that are sources of attack traffic
  • Rate limit requests to sensitive endpoints (login, API)
  • Challenge suspicious user agents

VPS Protection

For VPS servers, add these server-level protections:

fail2ban

sudo apt install fail2ban -y
sudo nano /etc/fail2ban/jail.local

[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 5

[sshd]
enabled = true

[apache-auth]
enabled = true

[apache-overflows]
enabled = true

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

mod_evasive (Apache)

sudo apt install libapache2-mod-evasive -y
sudo nano /etc/apache2/mods-available/evasive.conf

<IfModule mod_evasive20.c>
    DOSHashTableSize 3097
    DOSPageCount 5
    DOSSiteCount 50
    DOSPageInterval 1
    DOSSiteInterval 1
    DOSBlockingPeriod 60
</IfModule>

sudo a2enmod evasive
sudo systemctl restart apache2

CSF Firewall

ConfigServer Security and Firewall (CSF) is a comprehensive firewall for cPanel servers:

cd /usr/src
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Configure in WHM under Plugins > ConfigServer Security & Firewall.

WordPress Hardening

Disable XML-RPC

XML-RPC is a common DDoS amplification target. Add to .htaccess:

<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>

Limit Login Attempts

Install the Limit Login Attempts Reloaded plugin to block brute-force login attacks.

Disable Pingbacks

In WordPress, go to Settings > Discussion and uncheck Allow link notifications from other blogs (pingbacks and trackbacks).

During an Active Attack

  1. Enable Cloudflare Under Attack Mode immediately
  2. Check your server load: htop and netstat -ntu | awk '{print $5}' | sort | uniq -c | sort -rn | head
  3. Block attacking IPs with your firewall
  4. Contact BearHost support — we can apply network-level blocks
  5. Do not panic — most attacks are short-lived

Prevention Checklist

  • Enable Cloudflare (even the free plan helps significantly)
  • Keep all software updated
  • Use strong passwords and 2FA everywhere
  • Disable unused services and ports
  • Monitor traffic patterns for anomalies
  • Keep regular backups in case of data corruption
  • Have a response plan ready before an attack occurs
Tags:#security#ddos#cloudflare#firewall#fail2ban#protection#vps

Related Articles

Back to Security & SSL