Use Cloudflare if possible. They have very good DDOS protection and you are not charged for the network bandwidth.
Expose only necessary ports to external internet using iptables or nftables
I noticed in your tech stack that your are using Ubuntu 18.10. I would suggest one of the LTS releases as the other releases are supported for a year at max. Since you have just started out, this should not be a big ticket item.
You can experiment with fail2ban for blocking suspicious IP ranges
Finally, if the DDOS targeted your web endpoint, measures like ReCaptcha can help. (Although they can be counter-productive and ask genuine users to fill out the images)
Sadly Git cannot be integrated with Cloudflare because they block all SSH request, but Git need SSH! So we are planning to build our own CDN to do something that this will not happen again!
This article from Github regarding load balancing looks interesting. I am not sure if they do it for SSH as well and at what scale it becomes a necessity.
Also, want to add that this is a very well-written post-mortem report.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi Yoginth,
I have a few suggestions:
iptables
ornftables
fail2ban
for blocking suspicious IP rangesThanks! We will add this to our roadmap in infrastructure side!
Sadly Git cannot be integrated with Cloudflare because they block all SSH request, but Git need SSH! So we are planning to build our own CDN to do something that this will not happen again!
This article from Github regarding load balancing looks interesting. I am not sure if they do it for SSH as well and at what scale it becomes a necessity.
Also, want to add that this is a very well-written post-mortem report.