Deflect FAQ

From Deflect Public wiki
(Redirected from FAQ)
Jump to: navigation, search

es  | فارسی  | fr

FAQ About

Who are you?

  • Deflect is created and maintained by the Canadian not-for-profit tech collective We are a small, dedicated collection of Techtivists focused on protecting human rights defenders and independent journalists. is based in Montreal, though individually we are spread across the globe.
  • The Deflect team is comprised of professional developers, cryptographers, system admins, system engineers and tech consultants. Between us we have decades of experience across a wide range of disciplines and computer languages and have worked on public, private, commercial and academic projects. Our full bios can be found here

What else does do?

Quite a lot! Check out our website. We develop open source security tools, provide digital security training and conduct technical audits.

Why was Deflect created?

  • The fundamental reason for Deflect's creation came about because of this necessity: there is an urgent need for this service amongst individuals and groups who are under threat of cyberattacks yet are unable to afford commercial mitigation services.
  • Most DDoS attacks are rudimentary and can be mitigated by good technology. Many website administrators doing good work in potentially hazardous circumstances simply don’t have the time or resources to allocate for a dedicated technical team.

FAQ Overview

Can you protect my website?

  • Yes. We can protect your website from being overwhelmed by too much traffic, whether that traffic is malicious in origin or is the result of great popularity.
  • We also hide the origin server address of your website, which helps protect against other types of attack, such as password hacking. If a hacker can't find your host, they can't launch an attack.
  • Deflect is specifically designed for DDoS-mitigation. It is not a catch-all web security suite nor a web hosting provider.

Does my website need Deflect?

  • Probably. You do not need to be under constant attack to need Deflect, just to have a reasonable suspicion that your site may be targeted by hackers and DDoS attacks.
  • Some of the sites under our protection are subject to near-continuous DDoS attacks, while others may go months without any suspicious traffic.
  • It is possible to wait for an attack and switch over then (see Can I switch to Deflect during a DDoS attack?) but it is much more effective to switch in advance.

Can I use Deflect while my website is under construction?

Yes. In fact, we recommend it.

The earlier you protect your website behind Deflect, the fewer people will know its IP address, and this will reduce the chances of an attack reaching your server.

Register your website as early as possible on Deflect. You will still be fully able to access any web administration panel through Deflect, or connect directly to the IP address of your server should the need arise.

How much does it cost?

  • The Deflect service is free to any website or network of websites that represent human rights organizations, activists, dissident bloggers or independent media. There is no contract and you may use the service when you please.
  • Thankfully it costs us a remarkably small amount to maintain our network of edges.

I'm already paying for hosting, do I really need this?

  • Very likely. We provide our service on top of your hosting for free. It can reduce the cost of your hosting by greatly reducing the amount of traffic your host server has to deal with.
  • There are some dedicated hosts that advertise their DDoS preparedness but it can be an expensive and restrictive business.
  • If your website runs on WordPress, we can also offer you free and secure hosting with eQPress. Learn more about this option.

Do I need to move my website to your servers?

  • No. Deflect is a DDoS mitigation infrastructure, not a website host. To join Deflect you simply need to change your DNS records. Your website remains on its original hosting provider. We can advise you on more reasonably priced and reliable providers if you are unhappy with your current host.
  • If you need free secure hosting and your website is based on WordPress, we can offer you this option with eQPress.

Can attackers go around Deflect to DDoS my website?

If attackers know your webserver's IP address, they can.

Deflect protects you from this by hiding the IP address of the server where your site is hosted. Once behind Deflect, your website's name will resolve, with DNS, to Deflect's IP addresses. Only Deflect then knows what the real IP address of your website's server is, while public visitors will only see Deflect's IP addresses associated to your website.

Once you are behind Deflect, there are two ways attackers can locate your web server:

  • Through other services that aren't behind Deflect, like an email server. It's important to make sure other services have their own IP addresses.
  • Historical DNS records. We can advise you on whether your web server IP can be found on the internet, and how to get a new one - if you need it.

If I have a problem or a question how quickly will you respond?

  • We treat support request and notices of incident with the highest priority in our daily work. Sometimes, serious incidents or a series of other support requests may make it difficult to process a request immediately. Our goal is to take not more than three hours to respond to a request.
  • We are a non-profit group of committed techtivists living in different time zones, so chances are good that someone will be online to investigate your request more quickly than that.
  • It’s in our interests to provide a fast and efficient service because if one client is being DDoSed, it affects our whole infrastructure.

Who has control of my website?

  • You do. We simply help deliver the content but we make no changes to it. You could say we control the backup, since switching your DNS to our servers means there is an automatic backup of your site every time you get a visitor.

Does my website qualify for protection?

We evaluate websites by two key criteria:

  • Is your work not-for-profit and concerned with independent media and/or defending human rights?
  • Do you have reason to believe your website may be subject to a DDoS attack because of the work you undertake? Or have you already been targeted?

Read more on the Eligibility page.

Is there a contract?

Does it affect my ad revenue?

Deflect won't affect your ad revenue or traffic statistics from systems that use external content, which is how most systems like Google Ads and Analytics work. Web pages can include additional content from your site (the origin), or external sites. We cache only content hosted on the origin site. If you run ads from Google or most other ad services, or use an analytics tracker, browsers will uniquely retrieve ads, analytics hit links, or other content from external sites.

What is Deflect?

  • Deflect is a reverse caching service for websites vulnerable to Distributed Denial of Service (DDoS) attacks. Though the websites don't change their IP addresses, Deflect ensures their home servers don't have to deal with a sudden influx of artificial visitors or 'bots' trying to drag the sites offline. Instead, these requests all get redirected to Deflect, a network of servers built specifically to handle them.
  • Meanwhile, legitimate traffic to the websites still gets full access to all published content. Unlike commercial mitigation services, we do not charge and we will not change the Terms of Service. There is no contract nor minimum length of time in which to stay on the network.

Can I switch to Deflect during a DDoS attack?

  • You can switch over to the Deflect network any time, but it makes more sense to do so in advance of an attack. If you wait until your site is under attack, we can still help you but the DNS may take up to 24 hours to propagate. Meanwhile, the bots that have your IP address will continue to bombard your website with requests, so our caching won't be effective right away. As they say, prevention is better than cure, so switching your website in advance may save a lot of headache and downtime in the future. In general, we need to evaluate your site before switching, and this can take time, but if it's an emergency, then of course please get in touch and we will do what we can.

Does it make my website slower?

  • No, in fact it should make pages appear faster for your readers. That's the beauty of caching servers - they quickly reply with the page's content. By absorbing the majority of traffic destined for your website, we reduce the strain on your server. This is the case on a day-to-day basis, not just during a DDoS attack

How do I change to Deflect?

  1. Check if you qualify for protection according to our eligibility criteria and all other requirements are fulfilled.
  2. Go to and follow these instructions.
  3. Change your DNS records to point to Deflect.

All things being equal, that's all it takes.

We also recommend websites to change their IP address after switching to Deflect, because if there are no DNS records pointing directly to your server, your new IP will never be revealed and its true location can be hidden from the Internet and from potential attackers.

FAQ Technical

How can I run my own Deflect network?

Detailed instructions on how to run a Deflect network can be found in the Deflect DIY section.

Do you support SSL?

  • Yes. You can ask us to create SSL certificates for you or use your own certificates. For further information, see the page on TLS/SSL Support.

Will people know my site is being protected?

  • Deflect protection is not immediately visible to the untrained eye.
  • An experienced web user (or attacker) can find out by looking closely at the code delivered with the web page.
  • Also, when someone tries to log into your website's editorial, they will be Deflected!

Why is Deflect Open Source?

  • Deflect has been built using some of the best open source software and principles. We would like to abide and contribute to the open source community - making the source code and system documentation publicly available and free. We believe the Internet should remain a forum for free speech, independent thought and social change. In sharing what we know, we want people to learn from it, replicate it for themselves and eventually we will learn from them. We also believe that a security infrastructure should be built on good principles, not secrets. If we don't have anything to hide, we are not vulnerable to the exposure of this secret. This makes the attacker's job even harder.

Where are your servers?

  • Our VPSs are spread across three continents in secure locations.

Can I get the code?

You can get the Deflect code right here.

To translate these pages, please visit Category:FAQ