For context, while exploring the load testing tool Siege running on a VPS, I was able to bring down multiple sites running on shared hosting, and some running on small VPS by setting a high enough concurrent number of users. This is not a DDoS, but it goes to show how easy it is to cause damage. Note: I only brought down sites that I own, or those of friends with their permission.

What tools are useful in fighting DDoS attacks and script kiddies? Mention free and paid options.

What are the options to limit damage in case of an attack? How do you limit bandwidth usage charges?

There was a previous discussion on this topic 6 years ago https://news.ycombinator.com/item?id=1986728