Hello I am new to DO and I have MERN application with droplet and MongoDB. I am a bit worried about DOS attack would trigger a very large bill to my account. could anyone shed some lights on this? Is there any protection from DO for such DOS attack from financial point of view? As for DDOS, I saw that DO doesn’t have anything and Cloudflare is recommended.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hello @peterlee34567
DDoS attack should not affect your bandwidth allowance, and this is essentially inbound traffic. Inbound bandwidth to droplets never counts against your Spaces transfer allowance, according to the documentation here:
https://docs.digitalocean.com/products/billing/bandwidth/#droplets
Hope that this helps!
Hello @peterlee34567
DDoS attack should not affect your bandwidth allowance, and this is essentially inbound traffic. Inbound bandwidth to droplets never counts against your Spaces transfer allowance, according to the documentation here:
https://docs.digitalocean.com/products/billing/bandwidth/#droplets
Hope that this helps!
Hey @peterlee34567,
DDoS attacks
It’s worth noting that DigitalOcean provides some protection against DDoS attacks by default, using a combination of firewall rules, rate limiting, and network-level DDoS protection provided by their upstream providers. However, this protection may not be sufficient to handle very large or sustained DDoS attacks.
In terms of financial protection, DigitalOcean has a system in place to help protect customers from excessive bandwidth charges resulting from DDoS attacks. If your Droplet is the victim of a DDoS attack, DigitalOcean will automatically place a network ingress limit on your Droplet to help prevent additional charges. The ingress limit will block all incoming traffic except for that which is explicitly allowed by your firewall rules. This means that your website or application may be temporarily unavailable during the attack, but you won’t be charged for the excess bandwidth.
It’s important to note that this protection only applies to DDoS attacks, not to other types of attacks such as DoS attacks or application-layer attacks. Additionally, this protection only applies to the bandwidth charges associated with the attack; any charges related to the resources used by your Droplet (e.g. CPU or disk usage) will still apply.
For additional protection against DDoS attacks, you may want to consider using a third-party DDoS mitigation service like Cloudflare. Cloudflare provides advanced DDoS protection and can help mitigate attacks before they reach your DigitalOcean Droplet. They also offer additional security features like a web application firewall (WAF) and content delivery network (CDN) that can help improve the performance and security of your website or application.
DoS attacks
To protect against DoS attacks, you should consider implementing measures such as rate limiting and traffic shaping on your application, or using a third-party security service that specializes in DoS protection. Some web application firewalls (WAFs) also have features specifically designed to prevent DoS attacks.
As for Bandwitdh as mentioned if there is a lot of traffic over your network DigitalOcean would limit that however you need to put in place measures for that as well such as rate limiting and traffic shaping on your application, or using a third-party security service that specializes in DoS protection.
It’s worth noting that while DoS attacks can be disruptive and frustrating for users, they generally do not result in the same level of financial impact as DDoS attacks. This is because a DoS attack is usually carried out using a single device or network, and is therefore unlikely to generate excessive bandwidth charges.