Swedz
By:
Swedz

DDoS Protection

August 18, 2016 2.2k views
DigitalOcean Ubuntu 16.04

Hey all!

I'm aware there's already questions on this topic. But I have some specific questions about DigitalOcean's solution to DDoS.

I'm using DigitalOcean as a Proxy (BungeeCord) and for website hosting for my Minecraft network. I have experienced DDoS attacks before on DigitalOcean, and my Droplet gets disabled for 3 hours. Which is a long time to wait if I have a few people trying to play on my network, and they can't if this is active.

I am wondering if I were to install CloudFlare onto my Droplet, if that would prevent this from happening, and instead redirect the DDoS attacks? If not, how else could I do this, because it can be quite irritating when a DDoS attack can occur and your network be shut down for 3 hours when it would of initially only occurred for a short period of time.

Is it possible the deactivation of the droplet's networking could be disabled as soon as the DDoS stops?

Thanks a ton,
Swedz

2 Answers

Using a reverse proxy such as CloudFlare to protect Minecraft servers would most likely not work as it is meant for website traffic and not gaming services. In addition, you would need to get a new backend IP as reverse proxy protection can be easily bypassed if the attacker knows the backend IP before it is hidden by a reverse proxy.

It would be better to purchase a DDoS protected dedicated server or a DDoS protection services delivered over GRE tunnel. These will cost more, but will give you the solution you are looking for.

  • Okay, thanks :)

    "In addition, you would need to get a new backend IP as reverse proxy protection can be easily bypassed if the attacker knows the backend IP before it is hidden by a reverse proxy."

    What do you mean exactly by this? By backend IP meaning the IP the Proxy (BungeeCord) is connecting the players to?

A reverse proxy works by hiding your server IP and taking all the traffic first before passing it back to you. If an attacker knows your server IP, they can directly attack your server without having to first pass through the reverse proxy.

Have another answer? Share your knowledge.