This article contains important information and recommendations for protection against Distributed Denial of Service (DDoS) attacks.

A Distributed Denial of Service (DDoS) is an attack in which a target system is deliberately overloaded. To this end, cyber criminals send such a high number of requests to the target system using a very large network of distributed computers that it is completely overloaded and can no longer be reached. The target system can be a website, an application, or a network, for example.

Strategies of Cyber Criminals

The strategies used by cybercriminals can be divided into the following categories:

Bandwidth overload: In this strategy, the attack aims to overload the network interface of the target systems. These attacks are aimed directly at the network and the respective connection devices. The bandwidth is used up completely so that the target system can no longer be reached.

System resource overload: This attack strategy is aimed at overloading the available resources of target systems such as a web server. This strategy exploits the fact that the target system can only establish a limited number of connections. Cyber criminals send a very high number of invalid requests to the target system, so that the system resources are overloaded. Due to the overload, the system can no longer serve valid requests.

Application-level attacks: These attacks exploit specific vulnerabilities in an operating system or program to trigger software errors or system crashes. Examples of these attacks include a flood of HTTP requests on a login page or a WordPress pingback attack.

Pingbacks are set by WordPress when a blogger refers to external posts in their article. The blogger of the original post also receives an automatically generated reference to the link. In a WordPress pingback attack, this function is exploited to send a fake pingback request en masse to various WordPress blogs. The blogs then ask the target system to confirm receipt of the request and block it.

DDoS Protection from IONOS

At IONOS, we offer two types of DDoS protection:

Client-managed products

Products: Dedicated Server, Virtual Server Cloud, VPS, Cloud Server

Protection solution: Global Scrubbing Platform (GSP)

Focus: DDoS protection at the network and transport layer (OSI layer 3/4)

Protection against: Volumetric DDoS attacks, UDP, TCP attacks

Products managed by our customers, such as Dedicated Server, VPS and Cloud Server, are secured with the Global Scrubbing Platform (GSP). This advanced protection focuses on DDoS attacks at the network and transport level, including volumetric, UDP and TCP attacks.

Products managed by IONOS

Products: Shared Hosting, Managed WordPress, Managed Nextcloud

Protection solution: WebShield

Focus: DDoS protection at the application level

Protection against: Application layer overloads (e.g. HTTP/HTTPS)

Products managed by IONOS, such as shared hosting, Managed WordPress or Managed Nextcloud, offer DDoS protection at application level through WebShield. This protection focuses on the defense against application layer overloads, especially in data traffic via the HTTP and HTTPS protocols.

Improving Your DDoS Protection

Although IONOS offers robust automatic DDoS protection, we cannot guarantee 100% protection against all threats. To further improve the security of your server, you should observe and implement the following security recommendations:

Firewall configuration: Only open ports in your firewall that you really need and only enable them for required protocols in order to filter incoming and outgoing data traffic. In this way, you can reduce the risk of unauthorized access and prevent common DDoS attack vectors.

Software updates and security patches: Make sure that the operating system and the programs installed on the server are always up to date. Regular security patches and updates close security gaps that DDoS attackers can exploit.

As a rule, vulnerabilities that become known are closed again within a very short time with the help of published updates. However, this only works if you regularly check for security patches and updates for the operating system and installed programs and install them promptly.

If you use a Linux operating system, you can use specific scripts such as apt-listchanges or apticron to find out about new available software packages on a daily basis and download them.

Intrusion detection systems: Implement intrusion detection systems to detect and respond to DDoS attack attempts in real time. Well-known intrusion detection systems include Tripwire, Aide and Psad.

Protection at application level: For additional protection against application attacks such as HTTP floods, SSL renegotiation and Slowloris, measures such as IP reputation monitoring, CAPTCHAs, rate limiting and whitelisting are recommended.

Access restriction: To increase server security, you should only allow access to the server to those users who need to work with it.

Backup strategy: Develop a suitable backup strategy to mitigate the effects of DDoS attacks and quickly restore your server's data if necessary. You can find more information on this in the following article:

Protecting data and end devices with a suitable backup strategy

Content Delivery Network (CDN): Volumetric attacks aim to overload the network bandwidth. A CDN can absorb and distribute data traffic in the event of large-scale volumetric attacks.

If you have further questions or need help, please contact IONOS Customer Support.