Frequently Asked Questions
1. Can the High Defense service be tried, and are there any regulations or restrictions?
Trial is not supported.
2. How many layers of attacks can the High Defense withstand?
Attack of 3-7 layers.
3. Will I be charged if I purchase the High Defense service but do not receive any attacks?
Once you have purchased the High Defense service, we will start charging you from the time of purchase, regardless of whether you have accessed or been attacked.
4. There are several packages of High Defense service. How do I choose?
The packages of High Defense service are set according to the DDoS protection peak (Gbps), it’s suggested to choose the package with protection peak higher than the historical attack traffic peak.
5. What should I do if the attack traffic peak I encounter exceeds the protection peak of the High Defense service I purchased?
If the attack traffic peak exceeds the purchased protection peak, the corresponding High Defense IP will automatically trigger the blocking mechanism, generally it will be automatically unblocked after 30 minutes of blocking.
In order not to affect your business, you can improve the protection peak and enhance the protection effect by paying the price difference to upgrade the protection package. After the upgrade takes effect, if the blocked High Defense IP is not automatically unblocked, you can apply to us for early unblocking.
6. Can a domain name without filing be connected to High Defense?
No. High Defense service will check the filing of the connected domain name, if the domain name is not filed, there is a risk of blocking the High Defense IP.
7. Will the use of High Defense service affect the filing of the website?
No.
8. How long does it take for the website to take effect after accessing the High Defense service?
The time it takes for a website to take effect after accessing the High Defense service depends on the DNS resolution time. Generally, it takes 10-60 minutes to take effect under all correct configurations.
9. Can a website with a non-80 port be connected to the High Defense service?
Yes. In addition to supporting common ports 80 and 443, High Defense service also supports some custom ports. Mainland High Defense supports by default without port configuration, if there are any issues, please contact us.
10. Can services with non-HTTP protocols be connected to the High Defense service?
Mainland High Defense not only supports HTTP/HTTPS services, but also supports other TCP/UDP and other protocol services.
11. Will the connection to High Defense conflict with other software defenses or hardware defenses?
After connecting to the High Defense, it is necessary to allow the High Defense back-to-source IP in the corresponding software defenses or hardware defenses. (The corresponding back-to-source IP will be given on the interface of Mainland High Defense)
12. After using the High Defense service, why is the IP pinged out not the source station IP?
After the High Defense service is turned on, the IP shown when pinging the domain name will be the High Defense service IP, and the source station IP will be hidden, making it impossible for attackers to directly attack the source station IP. (Please note not to leak the source station IP or directly provide services)
13. How does Mainland High Defense obtain the user’s real IP address?
Mainland High Defense requires the toa module to obtain the real IP address, currently only supports part of 64-bit linux systems, other systems are temporarily unsupported.
64-bit linux systems can run “modprobe toa” to try loading the module, no other operations are required after success.
If the module is not found, you can manually compile and load it:
(1) Download the corresponding version of the source code package, currently only the source code packages of Centos 6.5 and Centos 7 are available for download:
(2) Compilation and Loading
yum install gcc
yum install kernel-headers
yum install kernel-devel
·#Above environment can be ignored if already installed
tar -zxvf toa_centos6.5_v1.tar.gz or tar -zxvf toa_centos7_v3.tar.gz
cd toa
make
mv toa.ko /lib/modules/`uname -r`/kernel/net/netfilter/ipvs/toa.ko
insmod /lib/modules/`uname -r`/kernel/net/netfilter/ipvs/toa.ko
14. After using the High Defense service, how do I use FTP/SSH/3389 remote desktop and other services?
You can directly use the source station IP to connect to FTP, SSH, and 3389 remote desktop.
15. After using the High Defense service, do I need to make changes on the High Defense configuration page if the source station IP is changed?
When changing the source station IP, you need to synchronize the changes on the corresponding High Defense Interface.
16. Why is it recommended to change the source station IP after using the High Defense service?
Because before accessing the High Defense, your source station IP may have been exposed, attackers can directly attack this IP, and the attack traffic will directly reach the source station.
Therefore, after using the High Defense service, it is recommended to change the source station IP, so that the new source station IP is hidden and protected by the High Defense service.
17. Can the protection be temporarily turned off?
Mainland High Defense does not support turning off protection on the page, you can turn off the protection by manually cut out the business from High Defense.
18. How to cut out the High Defense service?
Different businesses have different ways of cutting out. For example, site business can cut out by resolving the domain name to the source station IP, and other businesses can cut out the High Defense as long as they no longer use the High Defense IP for business access.