What should I do if I have a DDoS attack?


(Pirat) #1

I recently wrote about the error, but now I have turned off the server
cheapest protection I can not afford
what should i do?


(Iolo) #2

I would think the first line of defense is with a properly configured load balancer put in front of the container like haproxy or possibly nginx.


(Jeff Atwood) #3

Easiest answer is to put yourself behind cloudflare.

If you can still get to the server, IPTables editing will be necessary:

edit I also like @iolo’s answer!


#4

Also consider fail2ban which automatically adds iptable bans based on particular server logs.


(Pirat) #5

but as it is fully set can write the code for the console discourse


(Jeff Atwood) #6

Just SSH into the server and set it up. These protections we are discussing are in the native server OS, not the Docker container that runs Discourse.


(Jens Maier) #7

One point: if the DDoS attack completely fills your downstream, getting into the server via SSH may not actually be possible or feasible. If that is the case, you will need assistance from whoever hosts the server and/or their peering provider to filter out DDoS traffic closer to the source, long before it reaches your server and overloads your network connection.

Unfortunately, there is no iptables ... -j RETROACTIVELY_DROP_FROM_WIRE target… :frowning: