freistilbox now with free DDoS protection

Distributed Denial-of-Service (DDoS) attacks are a serious threat to the availability of websites and web applications. Malicious parties use these attacks to overload the bandwidth and capacity of a website’s hosting infrastructure with data packets. Most often, this traffic originates from lots of compromised computers, so-called bot nets. The result is that reaching the target website becomes very slow or even impossible. For all practical purposes, the website will be offline for the duration of the attack.

With bot nets being offered for lease commercially at extremely low prices, DDoS attacks have become more prevalent recently. They’ve almost become a fun sport.

Unfortunately, things aren’t as trivial on the receiving end. Since it does not originate from a single address but from an always changing set of machines, separating malicious traffic from valid requests requires sophisticated network technology and lots of bandwidth.

We’re happy to announce that Drupal and WordPress websites hosted on freistilbox are now protected by an Anti-DDoS system based on specialised hardware from Arbor und Juniper. This system mitigates attacks effectively in multiple stages:

  1. Automatic detection and classification of attacks — By measuring traffic volume and packet flow, first the type of attack is identified precisely. This allows the DDoS protection system to choose the most effective measures to mitigate the attack. For example, while a UDP flood with 500,000 packets per second is quite harmless, 500,000 TCP packets could cause problems. That’s why classification is an important first step.
  2. Traffic filtering based on known attack patterns — In this stage, common attack patterns are filtered efficiently by dropping packets early in an upstream filtering network. This mitigates attacks like DNS reflection, NTP reflection or UDP floods on port 80.
  3. Challenge/response authentication and dynamic traffic filtering — This stage mitigates attacks such as SYN floods, DNS floods and invalid packets.

This DDoS protection technology allows a flexible and reliable response to each type of attack as well as a high degree of automation. By refining the filter algorithms with each attack, the effectiveness of the DDoS protection system is improved continually. The new DDoS protection system is active all the time; in case an attack is detected, the filter kicks in within seconds and starts to mitigate the attack. Thanks to a dynamic adaptation algorithm, legitimate website traffic will normally not be affected by the protection system.

Keeping your website available and secure is our top priority. That’s why we make this DDoS protection available to all freistilbox customers free of charge. It’s just another element in our service mantra:

Work efficiently. Sleep peacefully.

Interested in what freistilbox offers you beyond high availability?

Get our white paper!

(Picture by Ian Clark under CreativeCommons)