2 Hours of NO DDoS protection and going.. server down since then.

Do not even consider.

- VPN adds a lot of latency as any connection towards your server would first have to go through the VPN server
- PureVPN is consumer targeted VPN service and not suitable for dedicated servers due zero SLA promises (Meaning it can go down anytime).
- PureVPN is is known to be slow
- They have all ports closed and you will be sharing a given ip-address with other end users.
- Its just retarded idea when you already have a working anti-ddos and a dedicated server.
- They are able to see all data flowing to your server.
- And finally the guy you are replying is a known spammer who puts that message in every thread and finally gives you some affiliation link which makes him money when he recruits a new customer. He will just say "yes, yes" to any question you ask.

As said before, it's likely application level (L7) attack or some sort of SYN flood (L4).

If it's application level attack, you have to fix the problem yourself in the software you are using.
If it's SYN flood, OVH anti-ddos fixes most of that for you, but you need to take steps to make sure the server recourses are not being clogged. This would include kernel hardening against syn floods ip-table rules (preferably non-tracked and PREROUTING)
This is rather good article which helped me to overcome SYN flood with E3-SAT-1 model: https://javapipe.com/iptables-ddos-protection You have a powerful CPU, you have plenty of possibilites to solve stuff using iptables when majority of the attack is blocked on network level by OVH.

Finally you can tcpdump of the attack and submit it via ticket to the support so they can tune the network for you, or better paste it so we can help you. The filesize of such tcpdump should be multiple megabytes.

Unless the attack is UDP flood (L4) on random ports 40 Gbps+ at constant rate, the included anti-ddos should easily be able to handle it. Something else is taking up your server resources during an attack. this can be badly configured iptables as well.

OVH known for the hardware and it's anti-ddos. You shouldn't need to buy any external services from other websites.

How about the server's stability and uptime with the vpn?

Yes i am using it since 2 years.

Sounds interesting. Have you used it? Can it be used with proxmox?

You can contact to PureVPN for DDOS protection.
Reference: https://www.purevpn.com/ddos.php

Because the attack stopped.

Again, their AntiDDOS is only against network level attacks. They detected a network level attack on your server, put it under mitigation, and, when they no longer detected any network level attack, they took your server out of mitigation. At all times they are working against network level attacks, so what you get on the emails is right. However, they can not detect app level attacks against your server; that's your responsibility.

Then why exactly when the server came back alive I received sys message "We are no longer able to detect any attack on IP address ,Your infrastructure has now been withdrawn from our mitigation system" ?

OVH DDoS Protection only protects against certain layers/types of attacks as stated, so more than likely that this attack was one which the filtering doesn't mitigate unfortunately.

OVH DDOS protection is only network level protection. If your server is under attack, it's most likely that it's also receiving some kind of app-level attack; that may be taking considerable bandwidth, cpu, and ram, and that could cause the server being unresponsive or with high packet loss.

After 4 hours of no access to the server or any IP it seems like the attacker stopped, but SYS say :

Dear Customer,


We are no longer able to detect any attack on IP address 46.105.76.xx


Your infrastructure has now been withdrawn from our mitigation system.

---------------


Is this how OVH DDoS protection works ? You lose all server access while you receive DDoS attack ? I don't think that's normal.

I have one IP within one server under DDoS since 2 hours, I got this message from sys 2 hours ago:

------------------------------------------------

Dear Customer,

We have just detected an attack on IP address 46.105.76.XX.

In order to protect your infrastructure, we vacuumed up your traffic onto our mitigation infrastructure.

The entire attack will thus be filtered by our infrastructure, and only legitimate traffic will reach your servers.


At the end of the attack, your infrastructure will be immediately withdrawn from the mitigation.

----------------------------------------------------

Since I got this message nothing has been done, no DDoS protection, the main server IP is down too. I have contacted sys support and no reply, nothing. I have SSH access to the node rarely at random. I have received 4-5 notifications "defect on your server ns380562" and 5 minutes later "Our monitoring system does not detect any more defects on your server ns380562"

No one is taking care of this since 2 hours. This is outrageous.

Anyone from support enable the advertised DDoS protection PLEASE !!