DEV Community

Cover image for I Survived a Massive DDoS Attack and Made My Server Bulletproof
Jimmy McBride
Jimmy McBride Subscriber

Posted on • Edited on • Originally published at jimmymcbride.dev

2 1 1 2 2

I Survived a Massive DDoS Attack and Made My Server Bulletproof

So, maybe you can relate... I can be a bit of a noob sometimes! I decided to migrate my website to 100% open-source and self-hosted tools, and I forgot one major step. I didn’t fully understand that step, so now I want to help you understand how not to get every hacker and their dog's bot spamming the open SSH port you forgot to hide behind a firewall. 😬

yikes

Firewalls! 🔥🔥🔥

Let’s talk about firewalls! There are 2 types of firewalls we need to know about: cloud firewalls and traditional firewalls.

  • Traditional Firewall: A traditional firewall is a security system installed directly on your server’s hardware. It sets up rules for who is allowed to connect to what port on your server. It’s a very useful tool for making sure only the right people have access to a given port. However...
  • Cloud Firewall: A cloud firewall is a network-level firewall. What’s significant about this is that it can stop traffic before it even reaches your server!

you shall not pass

So, while I did set up key-based authentication on my server, making it impossible for anyone to brute force their way in, the number of denied requests to that server consumed a lot of CPU and IO rate—enough to take my site down! Trying to figure out what was happening was almost impossible because the server was so slow! Even setting up the traditional firewall didn’t stop hackers from bombarding my SSH port! However, once I set up a cloud firewall through my provider (DigitalOcean, not a sponsor but open to the idea 😉😉), the bots couldn’t even reach my server’s SSH port at all. No need for obscurity! I can keep my SSH on port 22, and you can’t even touch it! 🚀

However, I can’t block website traffic to my blog, so I can still be DDoSed through those ports, but hey, a win’s a win!


Join The Community

If you like what you’ve read, love to code, and are a fan of Linux, open source, and building your own projects, you’d probably have a great time in my Discord community, The Developers Lounge! We’re a rapidly growing community with lots of great people with a diverse set of skills among us. I’m super active in here, and we have a ton of cool people just waiting to chat. So what are you waiting for? Hop on in!

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (1)

Collapse
 
bntstr profile image
Bntstr

Good stuff

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay