Denial-of-service attacks (DoS) are the easiest to detect. The purpose of this type of attack is to stop the service. Unfortunately, one device is enough for the attacker to make access to the website completely inaccessible (e.g. - Slowloris attack).
When a DoS attack occurs: the system slows down, server load increases, web pages fail to load, and the server can become completely unresponsive. While DoS attacks are more evident on HTTP(S), attackers also target other protocols, including FTP, SSH, IMAP, POP3, and SMTP.
Cloud Coden continuously monitors the number of connections to your server. If an excessively large number of simultaneous connections is detected, HostLife automatically adds the IP address to the blacklist for 60 seconds to ensure blocking all communication from the attacking IP.
Subsequently, the IP address is moved to the graylist, allowing authorized users to remove it if there is legitimate login activity. Cloud Coden’s DoS Detection also works alongside our AntiFlood module. When repeated attempts to disrupt the service occur, the IP address will be placed on the blacklist for a longer duration.
The default setting (80 active connections simultaneously) ensures a low false positive rate and effectively prevents DoS attacks. This threshold can be configured per port, as well as for inbound and outbound communications.
The virtual service and grey menu provide the perfect balance between the low false positive rate and maximum protection.
In addition to blocking HTTPS attacks, Cloud Codin blocks FTP, POP3, IMAP and any other DoS attack based on TCP protocol.
Cloud Coden DoS detection module not only prevents internal attack attempts, but also outgoing DoS attempts.
By default, IP addresses above 80 active connections are blocked at the same time. This limit can be configured for each port.
When an IP address exceeds 80 active connections simultaneously, it will be automatically added to the blacklist. After 60 seconds, the IP address will be placed in the graylist, allowing authorized users to remove it. You can configure the ban for each port and for both inbound and outbound communications.
DDoS attacks with network-layer complexity (such as SYN flooding, ICMP floods, and UDP floods) are designed to overwhelm network devices, making it challenging for servers to directly block such attacks. However, Cloud Coden indirectly provides protection against DDoS attacks. By continuously updating our global list of malicious IP addresses, Cloud Coden has already blocked most botnet networks. Typically, the same IP addresses associated with botnets are used to launch DDoS attacks, and our system automatically blocks their requests.
DoS attacks target multiple protocols, including HTTP, FTP, POP3, IMAP, and any other attacks based on the TCP protocol. By default, the following ports are monitored: 80 (HTTP), 25 (SMTP), 53 (DNS), and 22 (SSH). You can also customize the ports in the configuration.
When an IP address exceeds 80 active connections simultaneously, it is immediately placed in the blacklist for 60 seconds to ensure blocking all active communications. This timeframe can be configured as needed. After 60 seconds, the IP address is moved to our graylist, allowing valid visitors to remove it. Valid visitors can delete the IP address using Cloud Coden’s Browser Integrity Check or CAPTCHA service.