'''Deflect.ca'''
Is a free(and will always be free) open source non-commerical system made for activists by activists. Sign up for a site is straight forward, simply visit [https://deflect.ca| Deflect].
Deflect is sensitive to the special requirements of its users and can upon request securely destroy all logs.
'''Project Shield'''
Is Google's offering in the DDoS mitigation space. Again it is backed by a large corporation with a great deal of resources at their disposal. For civil society websites its service is free. Project Shield is currently invite-only.
==Dedicated/VPS Hosting==
As above all websites can benefit from the special services of the above groups if they qualify for free protection. This is by far the simplest approach and places the work load with experienced professionals.
If, however, the user wishes to setup set up their own anti-DDoS system there are a number of open source tools that can help.
'''BotnetDBP'''
Is a suite of tools that evolves from the original fail2ban to offer a range of functionality. The core elements are a fast banning system, Banjax/Swabber, which is plugged into the Apache Traffic Server(ATS) proxy system. A machine learning tool, learn2ban, which is capable of identifying malicious botnet requesters based on pre-built models of attacks. And finally, Challenger, which offers the ability to respond to botnet, or suspected botnet, requests with either a Javascript Challenge challenge or a by serving a Captcha captcha page to determine the legitimacy of the request.
More information can be found [https://wiki.deflect.ca/wiki/BotnetDBP| here]
'''Open Source Deflect'''
Deflect itself can be deployed by individuals or groups to create their very own Deflect network. All is required is to follow the [https://wiki.deflect.ca/wiki/Deflect_DIY| Deflect DIY]
'''Fail2ban'''
Is a regex based banning tool that is extremely effective against DOS DoS and Brute brute force attacks. It is used in conjunction with IPTables to ban malicious requests that match its defined regexsregular expressions. It can be found [http://www.fail2ban.org/wiki/index.php/Main_Page| here]. fail2ban's default configuration enables it to block attackers attempting to brute force username and password combinations to the SSH service. If a server's SSH port is exposed to the open internet, then it is strongly advised that fail2ban or a similar tool be installed.
Against, Brute Force Password brute force password attacks fail2ban is an extremely useful tool. It can be set to ban IP Address that repeatedly attempt to access certain website pages, such as the login or admin pages.