DDoS attacks and null-routing
What this is
What happens when a DDoS attack is aimed at your VPS, and what your options are.
How attacks are handled
- Smaller attacks: our network has some mitigation capacity built in, so modest attacks are often absorbed without you noticing.
- Large attacks: to protect the other customers sharing the network, we null-route the target IP. Traffic to that IP is dropped at the edge until the attack subsides. Your VPS itself keeps running, but it's unreachable on the null-routed IP for the duration.
- Null-routes are reviewed every 6 hours. If the attack has stopped, the null-route is lifted; if it's still going, the null-route stays in place and is checked again at the next review.
If you expect to be attacked regularly
Being attacked doesn't make you a rule-breaker, but a VPS on its own isn't the right tool for absorbing regular DDoS. If you expect to be a frequent target:
- Put the site behind a mitigation service. For websites, Cloudflare works well (the free tier is often enough): it hides your VPS's IP and soaks the attack before it reaches us.
- Keep your origin IP secret. Mitigation only helps while attackers don't know the IP behind it. If the IP has already leaked, ask us about changing it after you've set up protection.
Troubleshooting
- My VPS is unreachable and I think it's being attacked. Check the service status page first, then open a ticket. If the IP was null-routed, we can tell you and confirm when it was last reviewed.
- How long will the null-route last? Until the attack stops. Reviews happen every 6 hours, so the typical wait after an attack ends is at most a few hours.
Still need help?
You can open a support ticket. So we can help on the first reply, it's worth mentioning:
- the VPS hostname or IP,
- when the trouble started,
- whether you've had attacks against this service before.
Related questions
- "Do you have DDoS protection?"
- "My VPS is under a DDoS attack, what happens now?"
- "Why is my IP null-routed and how long does it last?"
- "My VPS is unreachable during an attack."
- "What should I do if my site gets attacked often?"