Power up with new SaaS Add-Ons from the DigitalOcean Marketplace

Question

DDoS counter policy & measures

  • Posted April 13, 2013

Hi! I wonder what your policy is with regard to incoming DDoS network attacks?

  • Will you try to filter the traffic based on heuristics, or just null route the affected dest IP(s)?
  • What happens to my network traffic bill when somebody launches a DNS amplication attack against my VPS?

Cheers!

Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Kamal NasserFebruary 27, 2014

We do not bill for inbound bandwidth so that shouldn’t be an issue.

Gerben JacobsFebruary 26, 2014

I’m also curious about the end effects of a possible DDOS attack…

Kamal NasserMay 4, 2013

If your droplet experiences a DDoS that might affect the hypervisor it is on (and ultimately other clients), the droplet will be shutdown and you will be notified.

cacivioJuly 20, 2017

Apologize I went back to attack before I finished doing my backup are two ip I want to block them in the firewall but I do not find where 185.188.204.27 - - [19/Jul/2017:20:09:35 -0400] “POST /xmlrpc.php HTTP/1.0” 499 0 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)” 185.188.204.27 - - [19/Jul/2017:20:09:36 -0400] “POST /xmlrpc.php HTTP/1.0” 499 0 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)” 185.188.204.25 - - [19/Jul/2017:20:09:36 -0400] “POST /xmlrpc.php HTTP/1.0” 499 0 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)” 185.188.204.27 - - [19/Jul/2017:20:09:37 -0400] “POST /xmlrpc.php HTTP/1.0” 499 0 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)” 185.188.204.25 - - [19/Jul/2017:20:09:37 -0400] “POST /xmlrpc.php HTTP/1.0” 499 0 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)” 185.188.204.25 - - [19/Jul/2017:20:09:38 -0400] “POST /xmlrpc.php HTTP/1.0” 499 0 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)” 185.188.204.27 - - [19/Jul/2017:20:09:38 -0400] “POST /xmlrpc.php HTTP/1.0” 499 0 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)” 185.188.204.27 - - [19/Jul/2017:20:09:39 -0400] “POST /xmlrpc.php HTTP/1.0” 499 0 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)” 185.188.204.25 - - [19/Jul/2017:20:09:39 -0400] “POST /xmlrpc.php HTTP/1.0” 499 0 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)” 185.188.204.27 - - [19/Jul/2017:20:09:40 -0400] “POST /xmlrpc.php HTTP/1.0” 499 0 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)” 185.188.204.25 - - [19/Jul/2017:20:09:40 -0400] “POST /xmlrpc.php HTTP/1.0” 499 0 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)”

tim1July 30, 2013

I’m interested in the network traffic bill question as well : will you bill all the traffic that was generated through the DDoS (in & out), part of it, the part that occured until you take down the droplet, the part that occured until the IP got nullrouted, or …? <br> <br>We’re interested in using digital ocean more in the future @ work for our client, but one of the requirement is crisp clear planning of the cost. If a single (unpredicatble) DDoS attack results in a high traffic bill ($100+) then this no viable option for us. Therefor the question.