Our DDoS filtering protects from floods over 3500 Gbps — that's 3.5 Tbits/sec and 700+ million packets/sec of always-on mitigation, powered by Path.net. Add a protected IP to any active VPS and stay online through the attack: no lag, no nullroutes, in every location we operate.
Distributed Denial of Service attacks flood your server with sustained traffic from thousands of compromised machines across the planet, so there's no easy way to mitigate them by blocking a network or a country. BuyVM does the hard part for you — filtering is on 24/7/365, scrubbing malicious traffic before it ever reaches your VPS.
From brute-force volumetric attacks to slow application-layer abuse, our filtering covers the full spectrum. Some protection methods may require a support ticket to be enabled.
Volumetric attacks · TCP floods · UDP floods · UDP fragmentation · SYN, spoofed SYN and SYN-ACK floods · XORDDOS. The brute-force traffic that nullroutes unprotected IPs — absorbed across 3500 Gbps+ of capacity.
Reflective attacks · NTP amplification · DNS amplification · Chargen responses · SSDP / UPNP responses · SNMP responses. Spoofed requests that bounce huge replies at your server are scrubbed before they land.
HTTP GET/POST floods · Slow HTTP requests (Slowloris, RUDY, etc) · Resource exhaustion · HOIC and LOIC. The sneaky stuff designed to tie up your web stack rather than saturate your pipe.
Invalid port numbers · private IP address attacks · and the long tail of malformed packet tricks. If it's designed to knock you offline, our filtering is built to catch it.
A BuyVM customer running a popular Minecraft community took a direct hit — and never noticed the downtime, because there wasn't any.
We got hit with an attack reaching nearly 200 Gbit — the attackers peaked at 57.6 million packets per second. Because we subscribe to BuyVM's DDoS Protection, our community stayed online during the entire attack. No lag, and not a single nullroute. Honestly, our players had no idea anything was happening.
$3 a month and my IP just doesn't go down anymore. The filtering is always on, so there's nothing to switch on when an attack starts — it's already working.
No DNS changes, no third-party scrubbing service, no added latency. I add a protected IP in Stallion and bind it — that's the whole setup.
There are many approaches to mitigating DDoS attacks, and most of them are eye-wateringly expensive. Here's how always-on BuyVM filtering stacks up against the common alternatives.
| DDoS solution | What you get | The catch | Per month |
|---|---|---|---|
No protection | Nothing | Server offline until the attack stops — hours, days, even weeks. Unprotected IPs get nullrouted. Lost sales and visitors. | $0/mo |
3rd-party protection | Cloud scrubbing | Can take days to set up. Requires DNS changes that take time to propagate. Adds load time and latency. | $1,000+/mo |
Dedicated hardware | On-prem appliance | Significant cash investment, possible network upgrades, trained DDoS staff, plus ongoing maintenance and licensing. | $10,000+/mo |
★ BuyVM powered by Path.net | Always-on filtering | Peace of mind and maximum uptime even during attacks — so you can concentrate on more important things. | $3/mo |
Costs for third-party and hardware solutions are indicative industry figures, 2026. BuyVM filtering is a pooled resource shared by all protected customers in each location.
When a slice sells out, discover plans on our sister company Cloudzy: instant deployment across 13 global regions, AMD EPYC + NVMe, no egress fees, and a 14-day money-back guarantee.
Protected IPs are issued the moment you order, and filtering is on the instant they bind. Add one to any active VPS for $3/mo — and let Path.net catch the flood while you concentrate on more important things.