Unlike most, ours doesn't search for known attacks. It blocks everything by default and only releases legitimate traffic. New attacks don't get through, false positives are nearly zero, and you watch it all on the live panel.
Servers exposed to the internet receive attack attempts all the time — automated probes hunting for vulnerabilities, or targeted attacks against an e-commerce on Black Friday, against a growing SaaS, against an API that moves money. But it's the gaming sector where the problem is most visible: for those running a serious server, DDoS isn't "if it happens", it's "when it happens".
Attacks come at critical moments: decisive rounds, playoffs, league finals, streamer broadcasts. Without protection that actually works, the result is downtime exactly when it matters.
SaaS, e-commerce, APIs and public portals suffer application-layer attacks that go unnoticed by generic, volume-based protections.
Today, any server with a public IP is a potential target — and attack tools are more accessible than ever. The myth that DDoS is only a big-company problem has fallen apart.
Traditional DDoS protection runs on the blacklist model: it knows the patterns of attacks that have already happened in the world, and blocks traffic when it recognizes those patterns. Anything that isn't a "known attacker" is considered legitimate traffic and passes through.
Since the filter has to know the attack in order to block it, new vectors reach the server before they're identified.
Every time a new technique appears, the signature catalog has to be updated. If the update is slow, your protection is vulnerable in the meantime.
Because the filter analyzes patterns, it eventually identifies legitimate players or users as attacks — and blocks them. Server protected, but nobody can connect.
Some protections 'turn on' when they detect an attack, and take seconds to minutes to start filtering. Those seconds are enough to take the server down.
Instead of blocking "known attacks", we block everything by default. We build the filters by reverse-engineering the protocols we protect — studying the real traffic of each application and mapping exactly what the connection of a legitimate user or player looks like. When the protection recognizes the legitimate traffic pattern, it lets it through. Everything else stays blocked.
Since we block anything that isn't legitimate traffic, new attack vectors (even ones not yet cataloged by the market) are blocked automatically. We don't need to discover the attack to start blocking it.
The traffic pattern of a legitimate user is stable and well-mapped. Real users get through. Anything that isn't, doesn't. None of that drama where protection blocks real customers by mistake.
It's not protection that turns on when it detects an attack. It's protection that's always on, filtering 100% of the traffic 100% of the time. No exposure window.
Filtering doesn't impact response time. Unlike protections that add hops to the route, ours is invisible to the end user.
As new attack vectors emerge or new protocols need to be supported, we update the filters. The protection is monitored and continuously improved.
Filter design varies depending on the type of traffic that needs to be protected. Each application has its own patterns, and generic protection doesn't work for all of them.
Filters built by reverse-engineering the protocols of FiveM, MTA, SAMP, Tibia and CS2. Each protocol has unique packet patterns, and the filter precisely distinguishes a legitimate player's traffic from attack traffic. Works from casual servers to the largest networks in Brazil.
Protection against L7 attacks that compromise web applications — slow loris, HTTP flood, attacks against specific API endpoints, form abuse. The filter analyzes the behavior of a legitimate session and blocks anomalous patterns.
For cases like Tibia/OTServ — where the attack can come simultaneously against the game server (ports 7171/7172) and the web portal (voting, downloads, status) — we apply the same protection on both fronts. No need to hire Cloudflare separately for the website.
Every Hostini customer has access to the real-time traffic monitoring panel. Every packet that comes in, every attack that gets filtered, every action the protection takes — all visible, at any moment. It's not a report that arrives by email once a week. It's live.
Full view of the traffic reaching your server in this exact second.
Every attack your infrastructure has suffered, with type, volume and duration. Visible for auditing, analysis and peace of mind.
Packets per second, bandwidth consumed, open connections, unique IPs — every metric a technical team needs.
Set up alerts via email or WhatsApp for events: attacks above a certain volume, anomalous spikes, and so on.
Servers that can't go down. Protection that doesn't fail when it matters.
One of the biggest references in Brazilian roleplay. A customer since 2019, in an industry where DDoS is constant.
Reached 6,000 concurrent players with Hostini. Infrastructure tested at real scale, at a moment of maximum exposure to attacks.
The largest MTA server in Brazil. Migrated to Hostini in 2024 looking for stability — including against DDoS attacks.
Unlike the market, where DDoS protection is sold as an expensive add-on, here it's included in every plan — VPS, dedicated and game servers. No extra cost, no separate activation, no fine print.
Dedicated resources, Ryzen hardware, always-on DDoS protection.
Exclusive physical machine, DDoS protection with live panel, 24h support.
Specific filters for FiveM, MTA, SAMP, Tibia, CS2 and more. From casual to 6,000-player operations.