[Question] Preventing DDoS - eviltoast

I self host all of my services but utilize a VPS as a gateway for access. Primarily to allow access to a media server and file storage for friends and family.

Recently I’ve been shut down by my VPS provider on multiple occasions because they claim my server was DDoS’d at 2gigabits/s. I don’t see any evidence of this in my logs.

Regardless, I set up Traefik proxy to geoblock any IPs outside of my country. Literally a few mins after doing so and confirming via VPN that it was working I got shut down and received an email that my network was severed temporarily due to a DDoS Blackhole event.

The questionable nature of their detection system aside, it’s got me wondering…does ip blocking actually help mitigate DDoS attacks?

The server still needs to process the incoming connection before it filters it, so I’m assuming the attack is still accomplishing it’s intent which is to overload the server. Can somebody more knowledgeable provide some insight?

    • brownmustardminion@lemmy.mlOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I imagine that’s essentially what I’ve accomplished with Traefik already. The question I have is if Geoblocking does much to mitigate a DDoS. I know for sure it’s at least useful to block third world scammers and bots from running hacking scripts against my server.

      • Gecko@fosstodon.org
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        @brownmustardminion DDoS usually involves attacks from multiple geographical locations simultaneously. You will eliminate a large threat surface by restricting which countries are allowed for incoming. Of course this won’t prevent targeted attacks from hackers who know you and want revenge and can setup bots in a single location but these are rare. Most attempts are by script kiddies.