I know of a website that had some downtime because it was on an IP which was the target of an extremely large distributed denial of service attack (5gbit+). How can website owners defend themselves against DDOS attacks?
There's many services. One that may work for smaller attacks is [CloudFlare, for bigger attacks, provides such as [url=http://www.blacklotus.net]Blacklotus](http://www.cloudflare.com) specialize in DDoS filtering.
Thanks for those links snickn, will have a good look at CloudFlare. BlackLotus looks great, but as you say it is probably for much larger attacks on higher profile sites.
Update - I've signed up to CloudFlare, using their free service to start with. Hopefully this will help. Thanks again snickn.
Try turning on I'm Under Attack if you're having an attack using CloudFlare.
The best solution for distributed attacks is a hardware firewall, but that requires extra equipment and it can be expensive.
Thanks Damon, good to meet you here on SP.
Thanks for the suggestion kduv, that's not an option for the moment, but something to consider as the sites grow.
A hardware firewall is not expensive, take any old computer doesn't need to be super powerful, a netbook type of computer would be enough, it only needs two ethernet ports. Install one of the many free firewall solutions, SmoothWall for example.
But if your server is hosted in a datacenter, then at the very least you'll have to pay co-location fees, then you'll want to have spare parts on hand in case of any hardware failure, etc. If you're hosting your own server out of your garage or something, sure that can be a quick and effective way to implement one.
Fair point. Then again, the old m0n0wall sitting next to me is running on a 15 year old desktop. Actually more efficent -- slower old stuff runs cooler, no need for active cooling and a ~140 watt power supply. Waiting on the power supply to die in a blaze of glory, but you can run most of those firewall distros off a floppy/cd or usb storage so you don't need to keep a hard drive spinning.
Consult with your hosting provider (if your site is hosted with some company) they must have industry standard protection available.