Deflect is created and maintained by eQualitie, a Canadian not-for-profit technology group. We are a small but dedicated team with a focus to provide dependable, performant and ethical technology solutions for protecting and promoting freedom of expression and association online. Deflect has been in continuous operation since 2011, serving 80 million unique readers every year.
eQualitie’s mission is to promote and defend fundamental freedoms, human rights, and the free flow of information online. Our goal is to create accessible technology and improve the skill set needed for defending human rights and freedoms in the digital age. With 25 staff and 5 board members operating from 10 different countries, eQualitie excels in delivering results on high impact technology projects and capacity building initiatives. Check out our website!
First and foremost, Deflect can protect your website from various denial of service attacks. Our defense-in-depth approach has ensured 10 years of successful operations and we proudly maintain a 99.99% network up-time. Read more about other types of types of attacks that Deflect can protect you from.
All traffic bound for your website will go through Deflect’s distributed caching infrastructure first. It is our job to serve all legitimate requests and to protect your server from illegitimate requests and malicious hits. We have capacity to manage tens of thousands of requests per second and can deal with any size attack. Trust us, we’ve been tested through the years! Read more about our solutions here.
An even better level of protection is to host your WordPress website with us on the managed eQpress platform.
We think so, yes. Deflect is not only helpful for your web security needs. Our global caching infrastructure will mean that your readers receive content quicker than before, also improving the website’s SEO. With Deflect, you will have real-time visitor statistics, free TLS certificates (https://) and enterprise level support to answer all of your questions. In addition, your commercial contribution allows us to protect many human rights and independent media organizations around the world. Take a look at some of them.
Yes you can! Although the normal registration process may change depending on what exactly the attackers are targetting and how your current hosting set-up is responding to it. Get in touch with us if you have any questions.
Yes you can. All you need to join Deflect is a registered domain name. After that we can point to your dev environment or you can build your website in situ.
Deflect won’t affect your ad revenue. We cache only the content hosted on the origin website (not external content, that will be served by Google Ads for example). Your readers web browsers will be able to retrieve unique ads, analytics hit links, or other content from these third-party services.
No, in fact it should make pages load faster for your readers. That’s the beauty of caching servers – they quickly reply with static content. Also, by absorbing the majority of traffic destined for your website, we reduce the strain on your server and allow it to process specific requests quicker. This is the case on a day-to-day basis, not just during a DDoS attack.
Yes we do! You can bring your own certificates to Deflect or have us generate new certificates for your website with Let’s Encrypt. You can chose whether to force secure connections over TLS (https://) or to allow both insecure and secure connections – in the control panel. For further information, see the page on TLS/HTTPS encryption.
Operationally speaking, we do not disclose our relationship with clients, without their explicit permission. This is part of our privacy guarantee to you. Technically speaking, Deflect protection is not immediately visible. An experienced user (or attacker) can find out by looking closely at the web page headers. But that won’t help them to attack you!
When anyone tries to access your website editorial login page (e.g. /wp-admin) they will see the Deflect password protection page. Also, whenever our machine learning has initiated automatic mitigation measures, or when extra protection has been triggered either by you or our network operations, a challenge GIF will appear before your website loads.
In theory, yes they can. However, if you follow our recommendations for a secure setup during Deflect registration and immediately thereafter, it will be difficult for attackers to target your website directly. Here are three important steps you can take to reduce the likelihood of this scenario:
- Change your server IP address after switching to Deflect
If an attacker knows your real IP address, they can target it directly, bypassing Deflect’s protection. Often these addresses can be found in historical DNS records. Other times, you may expose the server’s address by running mail services on the same machine or by pointing various sub-domains to it. DNS records are public and you should take care not to run any other services on the primary IP address than your website. Once your website is behind Deflect, only we should know the real location of your hosting server. We automatically hide these records from DNS, exposing our network edges instead
- Disable pingbacks and trackbacks on your website
These services exist to automatically reply when a website has linked to yours. Whenever someone publishes an article (or pretends to) your ping back service will reply directly to them revealing your website’s real IP address. You can disable these services manually. Here’s a guide for how to do this on WordPress websites.
- Even if an attacker does not know your real IP address, they can POST to it directly. These types of requests are not cached and it is Deflect’s job to pass them to your origin server. POST can include form submissions, mailing list sign ups or search queries. Your web server should be able to handle most POST requests and Deflect’s mitigation system will notice and prevent malicious use of POST. However consider whether your readers really need the search function on your website – as that is the most resource intensive query for your webserver to process.
Because it’s part of eQualitie’s values. Also, Deflect has been built using open source software. We would like to honor that commitment and also contribute back to the community – opening our source code to the public. We share the fruits of our labour in the hope that others can learn from it, build on top of our code and continue this commitment to mutually beneficial software development. A security infrastructure should be built on good code and software development principles, not secrets. If we don’t have anything to hide, we are not vulnerable to the exposure of that secret. The onus of good coding is on us, and in practice, this usually makes the attacker’s mission more difficult.
We treat all support requests with priority. Sometimes, a complicated network incident or a series of other support requests may make it difficult to process your request immediately. Our goal is for every request to be answered within six hours.
Our team is distributed around different time zones. Someone is always online to process your request. This is why we always recommend that you use the Deflect Support system for creating incident or support tickets.