DDoS protection with 1&1
12 months
$0.99/month1then $7.99/month
Book the 1&1 webhosting & DDoS protection package now
  • Multi-level DDoS protection: Traffic is filtered through various levels—efficiently preventing DDoS
  • Continual surveillance: Spoofing and bogon filters are in constant operation to reduce the traffic of fake IPs, resulting in the prevention of attacks
  • Dedicated safety rules: We safeguard our webservers from the latest threats and vulnerabilities with specially defined mod_security filter settings

Full performance scalability!




Perfect for dynamic web projects

Ideal for one or several big projects

Ideal for resource intensive web projects or online shops

12 months
$0.99/month1then $7.99/month
12 months
$4.99/month2then $9.99/month
12 months
$8.99/month3then $14.99/month
    • Top performance with up to 2.5 GB RAM, 1.25 GB always guaranteed

    • allows approx. 300 processes per minute

    • Equivalent to about 100 visitors per minute

    • Scalable up to Level 5 as needed with up to 19 GB RAM (approx. 1,500 processes per minute) for just $1.99/month per level

      Learn More

    • Free for the first 12 months (.com, .net, .org, .info, .biz, .website, .club, .me, .ca)

    • Top performance with up to 6 GB RAM, 3 GB always guaranteed

    • allows approx. 600 processes per minute

    • Equivalent to about 200 visitors per minute

    • Scalable up to Level 5 as needed with up to 19 GB RAM (approx. 1,500 processes per minute) for just $1.99/month per level

      Learn More

    • Free for the first 12 months (.com, .net, .org, .info, .biz, .website, .club, .me, .ca)

    • Top performance with up to 9 GB RAM, 4.5 GB always guaranteed

    • allows approx. 900 processes per minute

    • Equivalent to about 300 visitors per minute

    • Scalable up to Level 5 as needed with up to 19 GB RAM (approx. 1,500 processes per minute) for just $1.99/month per level

      Learn More

    • Free for the first 12 months (.com, .net, .org, .info, .biz, .website, .club, .me, .ca)

Hide more featuresShow more features
FAQS—see what other people asked about:

DDoS protection

  • What is DDoS or DoS?

    "DoS" stands for "denial of service". This IT term refers to a situation whereby a service is no longer available when it is expected to function as normal. As a general rule, DoS refers to the overloading of a service infrastructure. On the one hand this can happen accidentally, and on the other it can be the result of a targeted attack on a server. As a result, the respective services of a website, which are operated via the server, are no longer available.

    So what is a DDoS attack? A DoS attack refers to an attack on a server from a single system; if multiple attackers are present from a number of systems, then the situation is referred to as DDoS—"distributed denial of service". During a DDoS attack, an abnormally high amount of requests are sent to the host's system, causing it to break down as the system is unable to process this amount of traffic. The processing of normal requests is in turn slowed down or even blocked completely. Notable examples of this kind of attack include SYN Flooding or a Smurf attack. In other DDoS variants the attacker uses a bug in the server software in order to trigger a crash—examples include the "Teardrop attack" and the "Ping of death".
  • How and why does a DDoS attack start?

    The motives behind a DDoS attack can be varied and difficult to decipher: From online activism to cybercrime to personal motives, there are many possible reasons. The fact remains, however, that DDoS actions are relatively simple to execute and often lead to success if the target server is not well protected. Operators of small websites or new services are often ill-equipped to handle the enormous increase in traffic and therefore are unable to prevent a DDoS attack from causing problems. A denial of service can also happen when no targeted criminal attack takes place; for example, if a website address is published during a live stream, on TV or on the radio and a sudden influx of users visit the site.

    DDoS attacks orchestrated by hackers are the most dangerous—operating as part of a botnet, they infect private computers with viruses, Trojans or worms. A botnet receives instructions to implement a DDoS attack on a specific service or server. The number of connections per IP address cannot be reduced since all botnet requests originate from different IP addresses. Large botnets incorporate up to half a million computer systems.
  • What anti-DDoS prevention measures does 1&1 have in place for its systems?

    With the right measures in place it is possible to defend and stop a DDoS attack. Our systems are continuously monitored; in addition to this we ensure that special measures are constantly in place, such as a spoofing filter or network ingress and egress filter, as well as bogon filtering. Other systems can be connected depending on requirements. This results in multi-level DDoS mitigation and protection, which is included in all webhosting tariffs with Linux, as well as in our managed WordPress package with a NGINX server.

    Spoofing filter / network ingress and egress filtering
    Using a simple and automatic filter in the router, 1&1 ensures that no IP packets from a network connection claiming to originate from its own data center are received. In addition, a filter makes sure that IP packets from the internal server network or data center are only allowed to use sender addresses from their own networks. So, for example, if someone attempts to send packets with forged sender addresses, then at least one must be a 1&1 address in order for the packets to arrive. The server from which the data packet originates can be quickly detected within the network when the traffic level is dangerously high. Because such functions do not exist everywhere, the origin of DDoS attacks are often only rough estimates.

    Bogon filtering
    This measure enables certain IP ranges, so-called bogon packets, or falsified packets, to be filtered out. Some IP ranges are actually not routed or, in the case of IPv6, no IP range is assigned. The corresponding list is to be maintained manually, because changes can arise over indefinite periods of time—sometimes a few times a year; usually every few years.
  • Are DDoS attacks illegal?

    The legal status of DDoS attacks is hotly contested, in both the United States and the rest of the world. One side claims that current punishments are too severe, and compare DDoS attacks to peaceful protests. The other side states that the offense is criminal by virtue of the damage and disruption it causes. In the United States distributed denial of service attacks come under federal statutes, meaning anyone who commits a DDoS attack is liable to face criminal and civil complaints. According to "fraud and related activity in connection with computers" 18 U.S.C. § 1030(a)(5)(A), any person who "knowingly causes the transmission of a program, information code, or command, and as a result of such conduct, intentionally causes damages without authorization to a protected computer" could potentially face up to 20 years in prison. In less severe or low-profile cases, the perpetrator can face a fine.