Question about DDOS attack

PEARSONIFIED

Sorry guys for spam, but is this method working fine? Found an old article on easyengine website.

Is it enabled by default when using WordOps (or anything similar)? Or in WordOps case DDOS protection is achievable by combining fail2ban + nginx bad bot blocker together, right? A bit confused here.

https://rtcamp.com/tutorials/nginx/fail2ban/

JuanMaia

PEARSONIFIED

yes friend you can install fail2ban using wordops.
it is effective against DDOS attack.
can install using command:
wo stack install --fail2ban

webservices

If some one DDoS your site, you should turn on Cloudflare DDoS protection.
fail2ban can't stop DDoS or very limited, it usually stop brute force attack anyway as I know

jond1

100% agreed, put everything behind Cloudflare. Much more secure than leaving it exposed.

I use Cloudflare Access as well, to secure wp-login.php which then allows only valid access to even view the login page.

PEARSONIFIED

The reason why I was asking about this is because I saw this post on EasyEngine's website which claims that they stopped the attack using fail2ban + nginx Limit Req module:

Recently one of our client server was subjected to DDOS attack. We use Nginx’s Limit Req Module and fail2ban together to thwart this attack.

I'm using Cloudflare as well.

corus9

once your ip is exposed there is no benefit of enabling cloudflare protection afterwards, best thing you should do is go with the server provider who offers ddos protected servers, enable fail2ban , change all ssh ports from default , disable password login only sshkey login.

webservices

Your server like your House, fail2ban like the Gate.
When too many people want enter the house they will stop at the Gate, but too too many many people at your Gate, the valid people (visit) also can't enter the house. Also the Gate/Fail2ban need the resource from your server to run.

That's why fail2ban can't stop DDoS.

Cloudflare can stop/filter invalid visit/people from their VERY BIG system/gate so valid visit/people can come to your Gate and enter to your House.

That's the way Cloudflare and Anti DDoS system works.

That's my understand