DoS attacks

Denial of Service (DoS) attacks are the easiest to detect. The purpose of this type of attack is to stop the service. Unfortunately, one attacker’s device is enough to make the website completely inaccessible (eg – Slowloris attack).

When a DoS attack occurs: the system slows down, server loads increase, websites don’t load, and the server can crash completely. While DoS is more visible on HTTP(S), hackers target other protocols as well, including FTP, SSH, IMAP, POP3, and SMTP.


High Compress on the server

High memory usage

Low service and unreachable server

The power of DoS Reveal in Hayat Host

Hayat Host constantly monitors the number of connections on your server. If too many simultaneous connections are detected, LifeHost will automatically add the IP address to the blacklist for 60 seconds to make sure all connections are blocked from the attacking IP.

Then, the IP address will be grayed out, so that authorized users can delete the IP address if it’s a real login. Hyyat DoS Detection also works in conjunction with our AntiFlood unit. When there are repeated attempts to stop the service, the IP address will be blacklisted for a longer period of time.

The virtual operation (80 connections active at the same time) ensures a low false positive rate and effectively prevents DoS attacks. This limit can be configured on each port, as well as for incoming and outgoing connections.

The Hyyat CAPTCHA page is also protected against DoS attacks and requires minimal resources to run the CAPTCHA service.

How do we differ in other Dos detection solutions?


Low false positive price

The default service and gray list provide the perfect balance between low false positive rate and maximum protection.

هجمات DoS

Protection over many protocols

In addition to blocking HTTPS attacks, LifeHost blocks FTP, POP3, IMAP, and any other TCP-based DoS attack.

هجمات DoS


The Hyyat DoS detection module blocks not only internal attack attempts, but also outgoing DoS attempts.

هجمات DoS

custom bags

By default, IP addresses above 80 active connections are blocked at the same time. This limit can be configured for each port.


Network layer DDoS (SYN Flood, ICMP Stream, UDP Stream) is designed to infect network hardware and this server-side attack cannot be blocked. However, Life Host provides indirect protection against DDoS. By constantly updating our global list of malicious IP addresses, most botnets are already blocked by Lifehost. Usually the same IP addresses as botnets are used to launch DDoS attacks, so our system will automatically block their requests.

When an 80 IP address exceeds an active connection at the same time, the attacker’s IP address will automatically be blacklisted. After 60 seconds, the IP address will be grayed out, so that authorized users can delete it. You can configure blocking for each port and for incoming and outgoing connections as well.

Lifehost blocks DoS attacks on several protocols: HTTP, FTP, POP3, IMAP and any other TCP-based DoS. By default, the following ports are monitored: 80 (HTTP), 25 (SMTP), 53 (DNS), and 22 (SSH). You can also customize the ports in the module configuration.

The attacker’s IP address is instantly blacklisted for 60 seconds to ensure that all active connections are blocked. (This time frame can be configured as needed.) After 60 seconds, the IP address is added to our gray list so that valid visitors are not blocked; They can delete the IP address using Hyyat Browser Integrity Check or CAPTCHA

All rights reserved to Hayat Host 2023