Expanded and Updated DDoS Protection Documentation

docs/ddos-protection-ovh.md

@@ -0,0 +1,60 @@
+---
+id: ddos-protection-ovh
+title: OVH DDoS Protection at ZAP Hosting
+description: "Find out how ZAP Hosting protects your servers with proactive, real time DDoS defense tailored to every service you run → Learn more now"
+sidebar_label: OVH
+---
+
+## Introduction
+
+DDoS (Distributed Denial of Service) attacks are malicious attempts to disrupt the normal traffic of a targeted server, service or network by overwhelming it with excessive inbound traffic. To ensure stable and uninterrupted operation for our customers, ZAP Hosting relies on dedicated DDoS protection systems tailored to each data center location.
+
+One of the protection platforms integrated into our global infrastructure is the OVH Anti-DDoS system. OVH provides a fully automated, network-level mitigation solution designed to absorb even very large scale attacks without impacting service stability. This section explains how the OVH protection works and which of our products benefit from it.
+
+
+
+## Where the Protection Is Utilized
+
+OVH DDoS Protection is in active use at our hosting locations in London (UK), Sydney (Australia) and Singapore (Asia). At these locations, the protection covers our gameserver and voiceserver product lines, ensuring stable operation even during heavy attack scenarios.
+
+## How the DDoS Protection Works
+
+OVH operates a global, always-on Anti-DDoS infrastructure. Incoming traffic is permanently monitored in real time and automatically redirected to the OVH scrubbing network when an attack is detected. The scrubbing system removes malicious packets while allowing clean traffic to pass through without interruption. This process ensures that legitimate players and voice users continue to connect normally, even during active attack mitigation.
+
+### Intelligent Network-Level Filtering
+OVH employs multi layer filtering technologies that analyze traffic patterns, packet signatures and connection behaviors. Malicious traffic is filtered based on volumetric anomalies, protocol inconsistencies or suspicious packet flows. Legitimate traffic is forwarded to the server with minimal latency impact.
+
+For gaming environments, OVH offers additional game specific filtering layers designed to protect UDP-based protocols and latency critical services. These filters include
+- Protection for popular game engines and UDP game traffic
+- Behavior-based detection for abnormal packet bursts
+- Signature-based filtering that identifies known attack patterns
+- Real time adaptation to ensure uninterrupted player connectivity
+
+Real time communication services such as TeamSpeak benefit from OVH’s low latency filtering approach. Mitigation occurs within the backbone itself which helps maintain voice quality, connection stability and low ping.
+
+<details>
+<summary>Game servers</summary>
+- ARK: Survival Evolved
+- Arma II / Arma III
+- Counter Strike 2
+- Multi Theft Auto San Andreas (MTA:SA)
+- Grand Theft Auto San Andreas Multiplayer (SA:MP)
+- FiveM (CFX.re GTA V Multiplayer)
+- Half-Life / Half-Life Deathmatch Classic / Team Fortress Classic / Counter Strike 1.6 / Day of Defeat
+- Half-Life 2 / Team Fortress 2 / Counter Strike: Source / Counter Strike: Global Offensive / Day of Defeat: Source / Left 4 Dead / Left 4 Dead 2 / Garry’s Mod
+- Minecraft Bedrock (with RakNet cookie support)
+- Minecraft Java (Query protocol protection)
+- Minecraft Pocket Edition
+- Minecraft Query
+- Mumble
+- Rust (with RakNet cookie support)
+- TeamSpeak 2
+- TeamSpeak 3
+- TrackMania / TrackMania 2 / ShootMania Storm
+- Valheim
+</details>
+
+<details>
+<summary>Voice servers</summary>
+- TeamSpeak
+</details>

docs/ddos-protection-pletx.md

@@ -0,0 +1,94 @@
+---
+id: ddos-protection-pletx
+title: PletX DDoS Protection at ZAP Hosting
+description: "Find out how ZAP Hosting protects your servers with proactive, real time DDoS defense tailored to every service you run → Learn more now"
+sidebar_label: PletX
+---
+
+## Introduction
+
+DDoS (Distributed Denial of Service) attacks are malicious attempts to disrupt the normal traffic of a targeted server, service or network by overwhelming it with excessive inbound traffic. To ensure stable and uninterrupted operation for our customers, ZAP Hosting relies on dedicated DDoS protection systems tailored to each data center location.
+
+One of the key technologies used within our infrastructure is PletX, a highly adaptive protection platform that filters and mitigates attacks in real time. This document explains how PletX operates, which services benefit from it and why it provides a significant advantage for performance critical hosting environments.
+
+
+
+## Where the Protection Is Utilized
+
+PletX is already fully deployed at our FFM/Eygelshoven location, where it protects all hosted products including gameservers, VPS, dedicated servers, TeamSpeak servers, TS3 and Discord bots as well as webspace services. This ensures comprehensive and consistent protection across the entire product range at this site.
+
+We are currently preparing the rollout for our US locations in Ashburn, Dallas and Los Angeles, where PletX will also be available very soon.
+
+## How the DDoS Protection Works
+
+PletX protection at our locations is always active and fully synchronized with our network. All incoming traffic is routed through the PletX filtering system before it reaches our infrastructure. This ensures that malicious traffic is eliminated as early as possible and never reaches your server.
+
+### Automatic Protocol Detection
+
+PletX continuously analyzes incoming traffic and identifies protocol specific signatures as soon as real traffic appears on a port. When players connect to a FiveM server on its game port, for example 30120, 
+
+It detects the characteristic packet structure and automatically applies the appropriate FiveM rule. The same applies to other services; if a Minecraft server receives traffic on port 25565, the system recognizes the Minecraft handshake and creates a matching rule accordingly.
+
+When a user connects to a VPS or dedicated server via SSH on port 22, PletX recognizes the SSH handshake and activates an SSH rule. For Windows based systems, RDP traffic on port 3389 is detected and an RDP specific rule is created.
+
+If WireGuard or OpenVPN is used on a custom port, PletX identifies the first valid exchange and applies the correct VPN rule.
+
+In all cases, once PletX has identified the protocol, only legitimate traffic for that protocol is permitted while unrelated traffic is filtered before it reaches the server.
+
+### Supported Protection Profiles
+
+PletX supports a wide range of common service and game protocols. This includes popular games such as FiveM, Minecraft, titles using the Steam Source Engine, Metin 2 based services, RakNet driven games, SAMP, Growtopia and extensions like PlasmoVoice. Voice applications such as TeamSpeak are also recognized automatically.
+
+In addition to gaming related traffic, PletX identifies remote access protocols like SSH and RDP as well as secure networking protocols including WireGuard and OpenVPN.
+
+<details>
+  <summary>Game servers</summary>
+- FiveM
+- Minecraft
+- Various Games supporting Steam Source Engine
+- Metin 2 Auth & Channel
+- Novalife
+- RakNet based games
+- SAMP
+- Growtopia
+- PlasmoVoice
+- and more..
+</details>
+
+<details>
+  <summary>Voice servers</summary>
+
+- TeamSpeak
+- PlasmoVoice
+</details>
+
+<details>
+  <summary>Remote Access</summary>
+- SSH
+- RDP
+</details>
+
+<details>
+  <summary>VPN and Secure Networking</summary>
+
+- WireGuard
+- OpenVPN
+</details>
+
+Any protocol not recognized by PletX is treated as unknown, which may occasionally result in false positives or unexpected behavior.
+
+## Web Traffic and Unsupported Services
+
+PletX does not currently filter HTTP or HTTPS traffic. Web applications or unsupported protocols may therefore experience occasional false positives. If you are affected by this, please proceed as follows:
+
+1. Open a support ticket at ZAP-Hosting
+2. We analyze the traffic
+3. PletX can deploy custom adjustments and fixes upon request
+
+This approach is particularly intended for uncommon or specialized services. For web based projects we recommend continuing to use Cloudflare. Ideally this includes Cloudflare Proxy or CDN for websites and Cloudflare Tunnel for FiveM/RedM TxAdmin or other web dashboards.
+
+## Temporary Protection Disable
+
+A temporary protection disable feature will be available soon. This upcoming option allows customers to fully turn off DDoS protection for specific servers when needed. It is particularly useful for environments without meaningful DDoS risk, high-volume systems such as telemetry or monitoring platforms and applications that generate unusual traffic patterns which may trigger false positives.
+
+The feature gives advanced users full control over their network behavior while game and application hosting customers continue to benefit from automatic and reliable protection.

docs/ddos-protection.md

@@ -2,7 +2,7 @@
 id: ddos-protection
 title: ZAP-Hosting DDoS Protection
 description: "Discover how ZAP-Hosting ensures uninterrupted service with tailored, real-time DDoS protection solutions for global data centers → Learn more now"
-sidebar_label: DDoS Protection
+sidebar_label: Allgemein
 ---
 
 ## Introduction
@@ -48,9 +48,6 @@ While all providers offer strong baseline protection, there are differences in s
 <div style={{ textAlign: 'center', fontSize: '0.7em', color: '#666' }}>
   ✓ = Feature is fully supported &nbsp;|&nbsp; X = Feature not available &nbsp;|&nbsp; * = Feature not available or only partially available depending on configuration
 </div>
+## Learn More About Our DDoS Protection Solutions
 
-
-
-
-
-
+For detailed information about the specific protection systems used at each location, you can refer to our dedicated guides. The [PletX DDoS Protection](ddos-protection-pletx.md) documentation explains the filtering logic used in our German and upcoming US regions, while the [OVH DDoS Protection](ddos-protection-pletx.md) documentation covers the protection used in our UK, Asia and Australia locations.

i18n/ar/docusaurus-plugin-content-docs/current/ddos-protection-ovh.md

@@ -0,0 +1,58 @@
+---
+id: ddos-protection-ovh
+title: حماية DDoS من OVH في ZAP Hosting
+description: "اكتشف كيف تحمي ZAP Hosting سيرفرك مع دفاع DDoS استباقي وواقعي مصمم خصيصًا لكل خدمة تستخدمها → تعرّف أكثر الآن"
+sidebar_label: OVH
+---
+
+## المقدمة
+
+هجمات DDoS (الحرمان الموزع من الخدمة) هي محاولات خبيثة لتعطيل حركة المرور العادية لسيرفر، خدمة أو شبكة مستهدفة عن طريق إغراقها بحركة مرور واردة مفرطة. لضمان تشغيل مستقر وغير منقطع لعملائنا، تعتمد ZAP Hosting على أنظمة حماية DDoS مخصصة لكل موقع مركز بيانات.
+
+واحدة من منصات الحماية المدمجة في بنيتنا التحتية العالمية هي نظام OVH Anti-DDoS. تقدم OVH حل تخفيف تلقائي كامل على مستوى الشبكة مصمم لامتصاص الهجمات حتى الكبيرة جدًا دون التأثير على استقرار الخدمة. يشرح هذا القسم كيف تعمل حماية OVH وأي من منتجاتنا تستفيد منها.
+
+## أين تُستخدم الحماية
+
+تُستخدم حماية DDoS من OVH بنشاط في مواقع الاستضافة لدينا في لندن (المملكة المتحدة)، سيدني (أستراليا) وسنغافورة (آسيا). في هذه المواقع، تغطي الحماية خطوط منتجات سيرفر الألعاب والسيرفرات الصوتية، مما يضمن تشغيلًا مستقرًا حتى أثناء سيناريوهات الهجوم الثقيلة.
+
+## كيف تعمل حماية DDoS
+
+تشغل OVH بنية تحتية عالمية مضادة لهجمات DDoS تعمل دائمًا. يتم مراقبة حركة المرور الواردة بشكل دائم وواقعي ويتم إعادة توجيهها تلقائيًا إلى شبكة التنقية الخاصة بـ OVH عند اكتشاف هجوم. يقوم نظام التنقية بإزالة الحزم الخبيثة مع السماح بمرور حركة المرور النظيفة دون انقطاع. تضمن هذه العملية استمرار اتصال اللاعبين والمستخدمين الصوتيين الشرعيين بشكل طبيعي حتى أثناء التخفيف من الهجوم النشط.
+
+### تصفية ذكية على مستوى الشبكة
+تستخدم OVH تقنيات تصفية متعددة الطبقات تحلل أنماط الحركة، توقيعات الحزم وسلوكيات الاتصال. يتم تصفية الحركة الخبيثة بناءً على الشذوذ الحجمي، تناقضات البروتوكول أو تدفقات الحزم المشبوهة. يتم توجيه الحركة الشرعية إلى السيرفر مع تأثير زمني ضئيل.
+
+لبيئات الألعاب، تقدم OVH طبقات تصفية إضافية مخصصة للألعاب مصممة لحماية بروتوكولات UDP والخدمات الحساسة للزمن. تشمل هذه الفلاتر:
+- حماية لمحركات الألعاب الشهيرة وحركة ألعاب UDP
+- كشف سلوكيات غير طبيعية لانفجارات الحزم
+- تصفية تعتمد على التوقيعات التي تحدد أنماط الهجوم المعروفة
+- تكيّف في الوقت الحقيقي لضمان اتصال اللاعبين بدون انقطاع
+
+تستفيد خدمات الاتصال الصوتي في الوقت الحقيقي مثل TeamSpeak من نهج التصفية منخفضة زمن الاستجابة الخاص بـ OVH. يحدث التخفيف داخل العمود الفقري نفسه مما يساعد في الحفاظ على جودة الصوت، استقرار الاتصال وPing منخفض.
+
+<details>
+<summary>سيرفرات الألعاب</summary>
+- ARK: Survival Evolved
+- Arma II / Arma III
+- Counter Strike 2
+- Multi Theft Auto San Andreas (MTA:SA)
+- Grand Theft Auto San Andreas Multiplayer (SA:MP)
+- FiveM (CFX.re GTA V Multiplayer)
+- Half-Life / Half-Life Deathmatch Classic / Team Fortress Classic / Counter Strike 1.6 / Day of Defeat
+- Half-Life 2 / Team Fortress 2 / Counter Strike: Source / Counter Strike: Global Offensive / Day of Defeat: Source / Left 4 Dead / Left 4 Dead 2 / Garry’s Mod
+- Minecraft Bedrock (مع دعم كوكي RakNet)
+- Minecraft Java (حماية بروتوكول Query)
+- Minecraft Pocket Edition
+- Minecraft Query
+- Mumble
+- Rust (مع دعم كوكي RakNet)
+- TeamSpeak 2
+- TeamSpeak 3
+- TrackMania / TrackMania 2 / ShootMania Storm
+- Valheim
+</details>
+
+<details>
+<summary>السيرفرات الصوتية</summary>
+- TeamSpeak
+</details>