Understanding DDoS protection at UnderHost
How UnderHost mitigates DDoS attacks, what protection is included by location, how attacks affect your service, and what to do during an active attack.
UnderHost NOC
Network Operations
On this page
DDoS (Distributed Denial of Service) attacks are one of the most common threats to web hosting infrastructure. UnderHost includes DDoS mitigation at the network level across its hosting locations. This guide explains what's covered and what to do if your service is under attack.
What is a DDoS attack?
A DDoS attack floods your server or network with traffic from thousands of sources simultaneously, exhausting bandwidth or server resources until legitimate requests can't be processed. Attacks range from small volumetric floods (measured in Gbps) to complex application-layer attacks targeting specific URLs or ports.
| Attack type | Target | Example |
|---|---|---|
| Volumetric | Network bandwidth | UDP flood, ICMP flood |
| Protocol | Server resources | SYN flood, fragmented packets |
| Application (L7) | Web application | HTTP flood, slowloris |
Included DDoS protection
All UnderHost hosting plans include baseline DDoS mitigation at the network layer. The scope of protection varies by location and plan type:
| Service type | Protection level |
|---|---|
| Shared Hosting | Network-level mitigation included at the data center level |
| Offshore Hosting | Network-level mitigation; higher thresholds at offshore locations |
| Cloud VPS | Network-level mitigation; advanced protection available on request |
| Dedicated Servers | Data center mitigation; some locations include enhanced volumetric filtering-check your server page for specifics |
Network-level protection handles typical volumetric attacks. Exceptionally large or sustained attacks may still cause temporary degradation. If your service regularly receives targeted attacks, consider adding Cloudflare in front of your hosting or requesting enhanced mitigation options from our team.
During an active attack
If your site or server appears slow or unreachable and you suspect a DDoS:
-
Check the UnderHost status page
Go to underhost.com/network-status.php. If an incident is already listed, our NOC is aware and working on mitigation.
-
Open a priority ticket
If no incident is listed, open a support ticket describing what you're seeing: error messages, when it started, and any traffic spike information from your logs. Our team will investigate and confirm whether an attack is in progress.
-
Enable Cloudflare proxy (if not already active)
Enabling Cloudflare's proxy (orange cloud) hides your server IP and routes traffic through Cloudflare's scrubbing centers. This can mitigate L7 (application layer) attacks that bypass network-level filtering.
Attackers must know your server's IP to target it directly. If your DNS records (especially mail and other subdomains) expose your real IP, that protection is bypassed. Keep your server IP private when possible.
Cloudflare for extra protection
Cloudflare's free tier provides meaningful additional DDoS mitigation for web traffic:
- Route your domain through Cloudflare by updating nameservers to Cloudflare's.
- Enable the proxy (orange cloud icon) on A and CNAME records to hide your server IP.
- Under Security → DDoS, set protection to High during an active attack.
- Enable Under Attack Mode (Security → Settings) to challenge all visitors with a JavaScript check-this stops most automated flood traffic.
Note: Cloudflare's free tier is excellent for HTTP/HTTPS traffic but doesn't protect non-web services (game servers, mail, etc.). For those, our network-level protection or enhanced plans are required.
FAQ
Under DDoS attack?
Contact our NOC team immediately for emergency mitigation and support.
