Secure your websites from internet attacks

In a DDoS (distributed denial-of-service) attack, an attacker will send thousands of fake requests in an attempt to exceed the bandwidth, flood a server's resources, and overload the system. By doing this, valid requests can nly be processed very slowly or not at all. A massive amount of compromised computers (botnets) are often used to create a gigantic amount of data traffic. Hetzner Online uses its automated security tools to protect your web applications, websites, servers, and IT infrastructure from this threat. Our automated system recognizes almost all attack patterns in advance, allowing it to block the attacks and effectively thwart the vast majority of them. It uses the latest hardware appliances and sophisticated perimeter security technologies, providing you with first-rate protection against large-scale DDoS attacks. And all that free of charge.

The security solution: DDoS protection

Our system protects you and your data by utilizing Arbor and Juniper hardware.

Data transmission in normal operations

ddos protection normal

Data transmission in a DDoS-protected system during an attack

ddos protection attack

Automated recognition of attack patterns

In addition to recognizing an attack based on the amount of traffic or the number of packets, we at Hetzner Online will be able to clearly define the actual attack and then to specifically home in on and react to that particular type of attack. For example, a UDP flood with 500k pps is harmless for a server. A 500k SYN packet, however, could pose a problem. Our DDoS protection tools can detect precisely this type of difference.

Filtering traffic for known attack patterns

This method allows us to effectively filter out the most commonly known attacks by putting them through traffic scrubbing filters. The method is especially successful at scrubbing out the following types of attacks: DNS reflection, NTP reflection, and UDP floods on port 80.

Challenge-response authentication and dynamic traffic filtering

In this final layer, we filter out attacks in the form of SYN floods, DNS floods, and invalid packets. We are also able to flexibly adapt to other unique attacks and to reliably mitigate them. The above technologies support a high level of automation, which in turn will continue to be optimized step by step. We can improve the system by analyzing each attack and constantly adjusting our filters and responses.

How it affects customers

DDoS protection will not cause costs or prices to increase and will be available to all customers. Our system will detect DDoS attacks at all times, and its ability to recognize them will continually improve. Once an attack is recognized, the dynamic DDoS protection tools will immediately go into action and will filter out the attack. Your traffic will usually not be affected by the DDoS protection system due to its dynamic method of mitigating attacks.