DDoS Protection
In our Los Angeles, Miami, Secaucus, Kansas City, and Johor locations, we do not provide DDoS protection. We make no guarantees that we can keep your service online during a DDoS attack, and an attack may lead to a complete IP nullroute or complete service suspension depending on the size, frequency, and complexity. We will do our best to contact you if we notice that there is a problematic trend of DDoS toward your service, but this may not always be possible, especially in cases where DDoS is starting to impact our entire network.DDoS Protection Add-on
Price and Availability
For a price of $4 per DDoS-Protected IP, we can offer you an IP address that is protected by NeoProtect. This service is offered for any virtual servers in Los Angeles, Miami, Kansas City, or Johor. If you would like to add this, please open a support ticket. This addon is extremely important to have if you are anticipating DDoS at all. For services in Nuremberg, we include DDoS mitigation by Avoro/Dataforest at no additional charge (this may change in the future). Services protected by Avoro/Dataforest have access to similar filters as those that are protected by NeoProtect, and have access to configurable firewall filters.Ordering DDoS Protected IP
You can order a DDoS-Protected IP through our client area here. These are billed seperately, meaning that if you cancel your VPS, you will also need to submit a seperate cancellation request for the IP. DDoS-Protected IPs qualify under our 72-hour refund policy, and are eligible for pro-rata refunds if you cancel before the IP renewal date. In order to place an order for a DDoS-Protected IP, you will need to input the UUID of the VPS that you want to attach it to. To find the UUID, you can open a VPS in the billing portal and look under Server Information -> UUID.
The VPS that you want to attach the IP to must belong to the same account ordering the IP. In addition, you must order a DDoS-Protected IP in the location of the VPS. For example, if your VPS is in Kansas City, you must order a DDoS-Protected IP in Kansas City. Failure to meet these requirements will result in the order being placed on hold and refunded.
OS Configuration
Ubuntu
In most Linux servers using Ubuntu, you can configure a DDoS-Protected IP by doing:ip with your DDoS-Protected IP.
In the future, if you want to add additional IPs, you can modify /etc/netplan/99-ddos-protected-ip.yaml and add more lines with more addresses like so:
Debian
In Debian, you can configure a DDoS-Protected IP by doing:ip with your DDoS-Protected IP.
In the future, if you want to add additional IPs, you can modify /etc/network/interfaces.d/99-ddos-protected-ip and add more lines with more addresses like so:
Filters
Currently, we provide the following filters (this may change in the future):| Name | Protocol | Action | Filter | Tags |
|---|---|---|---|---|
| SCP: Secret Laboratory | UDP | FILTER | SCP: Secret Laboratory | Default |
| Arma | UDP | FILTER | Arma Reforger | Default |
| Palworld | UDP | FILTER | Palworld | Default |
| TeamSpeak 3 Query/Filetransfer | TCP | FILTER | TeamSpeak 3 Query/Filetransfer | Default |
| AltV UDP | UDP | FILTER | AltV UDP | Default |
| AltV TCP | TCP | FILTER | AltV TCP | Default |
| txAdmin | TCP | FILTER | txAdmin | Default |
| OpenVPN | UDP | FILTER | OpenVPN | Default |
| FiveM TCP Ultra Strict | TCP | FILTER | FiveM TCP Ultra Strict | Default |
| FiveM TCP Strict | TCP | FILTER | FiveM TCP Strict | Default |
| Plasmo Voice | UDP | FILTER | Plasmo Voice | Default |
| UDP Light Generic | UDP | FILTER | UDP Generic | Default |
| HTTP | TCP | FILTER | HTTP | Default |
| Minecraft Java | TCP | FILTER | Minecraft Java | Default |
| any TCP application | TCP | FILTER | Stateful TCP | Default |
| Source Engine / A2S | UDP | FILTER | Source Engine / A2S | Default |
| FiveM TCP | TCP | FILTER | FiveM TCP | Default |
| FiveM UDP | UDP | FILTER | FiveM UDP | Default |
| RakNet (Rust, MC Bedrock, Terraria, 7 Days to Die, …) | UDP | FILTER | RakNet (Rust, MCPE, Terraria, …) | Default |
| QUIC | UDP | FILTER | QUIC | Default |
| DayZ | UDP | FILTER | DayZ | Default |
| TLS | TCP | FILTER | TLS | Default |
| TeamSpeak 3 | UDP | FILTER | TeamSpeak 3 | Default |
| WireGuard | UDP | FILTER | WireGuard | Default |
| any UDP application | UDP | FILTER | UDP Generic | Default |
| Remote Desktop Protocol | TCP | FILTER | RDP | Default |
| FiveM UDP Strict | UDP | FILTER | FiveM UDP Strict | Default |
| SSH | TCP | FILTER | SSH2 | Default |
Configuration
When you buy the DDoS protection add-on in Los Angeles, Miami, Kansas City, or Johor, a second IP address will be added to your VPS control panel. This is the DDoS-protected IP address. Your original unprotected IP address will still be active. To use the protected IP, you will need to manually add it as a second IP address in your server’s network settings. If you prefer to use the DDoS-protected IP as your only or primary IP address, we can remove the original one. Just open a support ticket to let us know. You will gain access to a new tab within the VPS control panel called the DDoS Protection.
We recommend enabling “Allow Egress Traffic” and “Symmetric Filtering” if it is available in this tab.
Set the “Default Action” to Drop in order to block all traffic unless it matches a specific rule. This means that if you want to allow something (like a port or app), you must create a rule for it, otherwise, it will be blocked.
Make sure to create firewall rules for each of the applications that you are running on your VPS. For example, if you have SSH on port 22, make a firewall rule with: