IONOS DDoS Defense Mechanism

The strategies used by cybercriminals can be divided into the following categories:

Bandwidth overload: In this strategy, the attack aims to overload the network interface of the target systems. These attacks are aimed directly at the network and the respective connection devices. The bandwidth is used up completely so that the target system can no longer be reached.

System resource overload: This attack strategy is aimed at overloading the available resources of target systems such as a web server. This strategy exploits the fact that the target system can only establish a limited number of connections. Cyber criminals send a very high number of invalid requests to the target system, so that the system resources are overloaded. Due to the overload, the system can no longer serve valid requests.

Application-level attacks: These attacks exploit specific vulnerabilities in an operating system or program to trigger software errors or system crashes. Examples of these attacks include a flood of HTTP requests on a login page or a WordPress pingback attack.

Pingbacks are set by WordPress when a blogger refers to external posts in their article. The blogger of the original post also receives an automatically generated reference to the link. In a WordPress pingback attack, this function is exploited to send a fake pingback request en masse to various WordPress blogs. The blogs then ask the target system to confirm receipt of the request and block it.

Although IONOS offers robust automatic DDoS protection, we cannot guarantee 100% protection against all threats. To further improve the security of your server, you should observe and implement the following security recommendations:

Firewall configuration: Only open ports in your firewall that you really need and only enable them for required protocols in order to filter incoming and outgoing data traffic. In this way, you can reduce the risk of unauthorized access and prevent common DDoS attack vectors.

Software updates and security patches: Make sure that the operating system and the programs installed on the server are always up to date. Regular security patches and updates close security gaps that DDoS attackers can exploit.

As a rule, vulnerabilities that become known are closed again within a very short time with the help of published updates. However, this only works if you regularly check for security patches and updates for the operating system and installed programs and install them promptly.

If you use a Linux operating system, you can use specific scripts such as apt-listchanges or apticron to find out about new available software packages on a daily basis and download them.

Intrusion detection systems: Implement intrusion detection systems to detect and respond to DDoS attack attempts in real time. Well-known intrusion detection systems include Tripwire, Aide and Psad.

Protection at application level: For additional protection against application attacks such as HTTP floods, SSL renegotiation and Slowloris, measures such as IP reputation monitoring, CAPTCHAs, rate limiting and whitelisting are recommended.

Access restriction: To increase server security, you should only allow access to the server to those users who need to work with it.

Backup strategy: Develop a suitable backup strategy to mitigate the effects of DDoS attacks and quickly restore your server's data if necessary. You can find more information on this in the following article:

Protecting data and end devices with a suitable backup strategy

Content Delivery Network (CDN): Volumetric attacks aim to overload the network bandwidth. A CDN can absorb and distribute data traffic in the event of large-scale volumetric attacks.

If you have further questions or need help, please contact IONOS Customer Support.