I self host all of my services but utilize a VPS as a gateway for access. Primarily to allow access to a media server and file storage for friends and family.
Recently I’ve been shut down by my VPS provider on multiple occasions because they claim my server was DDoS’d at 2gigabits/s. I don’t see any evidence of this in my logs.
Regardless, I set up Traefik proxy to geoblock any IPs outside of my country. Literally a few mins after doing so and confirming via VPN that it was working I got shut down and received an email that my network was severed temporarily due to a DDoS Blackhole event.
The questionable nature of their detection system aside, it’s got me wondering…does ip blocking actually help mitigate DDoS attacks?
The server still needs to process the incoming connection before it filters it, so I’m assuming the attack is still accomplishing it’s intent which is to overload the server. Can somebody more knowledgeable provide some insight?
I’ve had the IP for a couple of years so I can rule that out. The only thing different than usual is I recently added a backup server to the VPS network. I’ve been doing a remote backup from one server through the VPS to the backup server over the past week. It’s a 4TB backup averaging 4MBps.
My guess is that the VPS provider’s algorithm is bungling the bandwidth calculations, possibly refreshing the bandwidth amount incorrectly which to the black hole detector appears as a sudden spike in bandwidth rather than a steady flow.
I’m going to keep running the backup and compare how long after the backup starts that I get a black hole trigger. If it’s relatively consistent then that might be the problem.