Question

Does DigitalOcean have an Anti DDOS protection??

Posted December 23, 2016 41.5k views
SecurityDigitalOceanUbuntu 16.04

I am really concerned about this. I don’t plan to use Cloudflare as it forces me to use their free SSL cert which I don’t like, I have my own certs which I bought especially for my wordpress website and I also plan to use an EV cert in one day which Cloudflare doesn’t support in their free plan. Also I have a premium DNS service, so cloudflare is really out of my border. I am wondering what should I do if I am getting a DDOS attack? I read many horror stories how droplets are disabled for 3 hours without letting access, and how they are unable to handle flood. I am wondering Does DigitalOcean have an Anti DDOS protection at least in their end? can it at least handle small DDOS attack? I saw some people have stated, DigitalOcean isn’t for production and only for developers. Is that even true?
Thanks.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers

I solved this problem by installing vDDOS Proxy Protection software as a Reverse Proxy (simulating CloudFlare’s mechanism by combining many things like Nginx proxy + Testcookie + reCaptcha + Iptables + Cloudfalre API …)

I’m a current customer. Digital Ocean’s response to DDOS attacks is unacceptable. They will take your network offline and disable network traffic without sending you ANY notifications whatsoever. Then you will have to file support tickets and tell them what is wrong, just to have to wait over an hour for them to say “Oh yeah, you were right, you were DDOS’d and we took you offline, sorry about that”. Total nonsense. I’m definitely NEVER using Digital Ocean again and cannot recommend them at all. Not only did I not receive a notification of network traffic disabled, this cost thousands of dollars in losses.

At Datacenter level, DigitalOcean is well-protected. Even if DDoS attack happen to Datacenter, you should still be able to use site normally. There was an answer on Community about measures DigitalOcean takes for Datacenter so you can read them here.

About your server (Droplet)… you’re on your own here. However you can take some additional measures to make it more secure.

CloudFlare is probably best out-of-box solution but if it doesn’t suit your needs you can do some server tweaking.

Set up Firewall. Allow only ports you use. Disable ping requests via firewall to be more protected against that type of attacks.
When you get DDoS attack you can use firewall to block IP ranges.

Research about Load Balancing. That can help take load from one server to multiple and make your site harder to go down.

Also, you can take a look at advanced Logging system so you have better management over server.

For all abode DigitalOcean has great tutorials that can get you help starting.

Submit an Answer