Question

Securing Server and Redundancy

Hello all,

I currently have a site running on ubuntu 18.04 (droplet) and I’ve been having some issues lately. My site was down a for a couple days which appeared to be a XML-RPC attack. It seems very easy to send denial of service attacks to the service to render the services useless. The site and service is new with no income, so I don’t exactly have a large disposable income to invest at the moment on high end solutions, so I’m looking for more cost efficient methods. I have a couple of questions.

  1. How can I better protect the server from future denial of service attacks, or any other attack for that matter?

  2. What is the best way to offer reliability and failover protection? I’m thinking about mirroring the server on to a different droplets, location independent and possibly load balance the traffic or set up some sort of active/passive setup, in case the primary server goes down, the traffic redirects to the secondary. I have to investigate this in more depth, I assume I will require more than one DNS record, and I’m not sure how the loadbalancing with in digital ocean works. Does anyone have any advice on a failover design solution?

Thanks!

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

This comment has been deleted

Hey!

There are quite a few strategies to deal with DDoS attacks. But if you want to do it for free, there are a few steps you can take:

  1. Use CloudFlare - it’s a service that routes your website traffic through their infrastructure first, filters all requests with malicious intents and then proxies all legit users back to your website. It doubles as a static content CDN as well.

  2. Block all unneeded traffic to your droplet via a firewall. UDP you don’t need at all… If it’s a web site - then all you need is TCP ports 80 and 443 (And TCP port 22 for ssh). Everything else can go down in the gutter.

  3. Are you using a CMS of some sort? If so, make sure it’s up to date.

  4. If your website communicates with other services that are yours, make them communicate over a private network, so your APIs don’t get exposed to potential attacks.

Sadly, can’t get more specific than that. If you need help with this, you can PM me.

Cheers!