Question

Securing Server and Redundancy

Posted December 22, 2019 681 views
SecurityUbuntu 18.04

Hello all,

I currently have a site running on ubuntu 18.04 (droplet) and I’ve been having some issues lately. My site was down a for a couple days which appeared to be a XML-RPC attack. It seems very easy to send denial of service attacks to the service to render the services useless. The site and service is new with no income, so I don’t exactly have a large disposable income to invest at the moment on high end solutions, so I’m looking for more cost efficient methods. I have a couple of questions.

  1. How can I better protect the server from future denial of service attacks, or any other attack for that matter?

  2. What is the best way to offer reliability and failover protection? I’m thinking about mirroring the server on to a different droplets, location independent and possibly load balance the traffic or set up some sort of active/passive setup, in case the primary server goes down, the traffic redirects to the secondary. I have to investigate this in more depth, I assume I will require more than one DNS record, and I’m not sure how the loadbalancing with in digital ocean works. Does anyone have any advice on a failover design solution?

Thanks!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hey!

There are quite a few strategies to deal with DDoS attacks. But if you want to do it for free, there are a few steps you can take:

1) Use CloudFlare - it’s a service that routes your website traffic through their infrastructure first, filters all requests with malicious intents and then proxies all legit users back to your website. It doubles as a static content CDN as well.

2) Block all unneeded traffic to your droplet via a firewall. UDP you don’t need at all.. If it’s a web site - then all you need is TCP ports 80 and 443 (And TCP port 22 for ssh). Everything else can go down in the gutter.

3) Are you using a CMS of some sort? If so, make sure it’s up to date.

4) If your website communicates with other services that are yours, make them communicate over a private network, so your APIs don’t get exposed to potential attacks.

Sadly, can’t get more specific than that. If you need help with this, you can PM me.

Cheers!

  • Hi there,

    Appreciate the response!

    I actually use CloudFare currently. It seems like the attacker knew what the server IP was bc the attack was direct to my server, bypassing CloudFlare.
    Good idea, I will do that.
    I am also using Wordpress on the same server, I’ve added a firewall plugin and disabled XML-RPC, along with updated all my plugins and WP.
    Unfortunately, that wouldn’t be an option but good tip.
    I noticed cloudflare also offers a load balancer, along with Digital Ocean. Any experience with either? I think these are good options for redundancy.

    Dan

Submit an Answer