Do you guys think a host would DDOS attack it's own servers on a low level... just enough to run up your bandwidth charges??

I wouldn't put anything past any host... however, they would have to be pretty scrupulous to do that.

Whoa!?

That does sound quite pathetic...But, I guess there are quite a bit of people who would stoop that low. Some of which post in wht.

I guess so, has this happened to you? They must be pretty desperate to try that though

Originally posted by aingaran
Whoa!?

That does sound quite pathetic...But, I guess there are quite a bit of people who would stoop that low. Some of which post in wht.

I certainly don't think there would be "quite a bit". It's a pretty stupid move if you ask me. Very few people would pay an outrageous overage charge and instead would cancel and move somewhere else. Why would a host essentially terminate their own customer when if simply keeping them happy would provide revenue to such host on a month to month basis?

At least that's my thinking. Then again, I wouldn't put it past a host or two that I know of.

I am really curious to know if this was asked out of personal experience, or if it was just a rhetorical question.

has this happened to you?

I can't be sure. I've finally noticed that I've been under a low level DDOS attack for a few weeks now. The hacker is simply downloading large files constantly from multiple IP's (machines I assume he has broken into).

The attacks seem to run on a 1 hour cycle making it look like regular traffic (which is why I didn't even notice it till about a week ago). This may be just coincidence or the hacker may not be very skilled.

When I got to thinking... a few weeks prior is about the time my host started hitting me up with overage charges (I had been there for 4+ years with no problems) . I ditched them and went to another host and then the attacks got worse.

I’ll probably never know for sure. But, as bandwidth prices continue to nose dive... hosts may resort to such tactics.

Why would a host essentially terminate their own customer when if simply keeping them happy would provide revenue to such host on a month to month basis?

That is ultimately what happened... I left for another host. If this was a stunt by my host it essentially backfired on them.

The only way it would have made sense is if they were counting on me being too lazy to move my stuff. I had 1/2 rack (not exactly something you just FTP to another host).

I posted this question mainly to see if anyone else had the same suspicions.

It would mainly apply to people that are co-locating and have too much equipment to hop around town with.

Wow, that's pretty bad. I don't think many people would do that, though.

Thats strange, why would a host attack there own servers. Hosting providers should not charge for attacks. (Unless there excessive). Thats how I see it!

You have been there for 4 yrs and it seems like everything was fine, why start mistrusting your host like that? Did the host give you any indication of an attitude change or that they could not be trusted?

It sounds like it's something that you should have fixed on your end. By putting some scripts in for downloading, monitoring the connection, throttling the download speeds.

And if the ex-host was really behind this, and you went to another host. Well, if he was bitter enough to do it before he is probably going to still be bitter enough to do it now and cause you overage charges at your new host.

I could see them doing it to other companies easily.

Strange behaviour as the time and effort surely cannot be covered by the mark up on bandwidth.

Quite Odd!

That is pretty low!

Did you happen to colocate in the basement of some Ebay kiddie-host?

That would explain a lot.

Personally I think it would be very unlikely for a host to ddos attack anyone.

First, if found out it would almost certainly end their business and or reputation.
Secondly, if the apparent attack is comming from a small group of IP# it would not be too hard to track

I wonder if the logs do not tell another story? - just a thought.

A true webhost would not charge you the bandwidth costs for beind DDOS'ed.

If it gets out of hand, they may drop you though. ;)

Originally posted by thefreeauto
A true webhost would not charge you the bandwidth costs for beind DDOS'ed.

If it gets out of hand, they may drop you though. ;)

Bandwidth is bandwidth, if a customer uses "x" gigs they pay for that, a "true host" would help out stopping the ddos and doing what they can to help but when the chips are down you pay per the gig and everyone has to be fed. There are a lot of ways to stop this, #1 don't offer large downloads :) #2 limit via throttling, #3 <insert other ways>.

That said we've had customers get slammed before and usually we offer them the choice of disabling the site for the rest of the month or letting the charges accrue, if it's caught in time. We've also cut the bill for them and in a few cases even wiped the slate clean, but that's on a case by case basis. The end result is you don't want to lose a customer over it, but you don't want to lose money either.

I think if a host started DDOSing their own servers to run up bandwidth charges, there are other issues that preclude that activity. It's a definite sign of downfall in a company, not to mention utter dishonesty and betrayal of paying clients.

But I think if a host started doing that, they're already losing the battle and they will go under very soon.

It was actually a very high-end facility. Very cold, excellent physical security, redundant everything, and microscopic downtime. However, being so highly advanced in combination with the economic and dot-com melt down may have been their undoing.

But, even before all that they had been in and out of bankruptcy and bought and sold several times over the course of only a few years. I was very happy there until recently – but I had also been so busy with my business I had not paid any attention to the current cost of bandwidth. They were charging about 4-10 times the amount of the going rate.

Granted they are a premium facility... but in comparison to my new host they still can’t justify a 4:1 ratio on cost.

After moving to my new host my site came under heavy attack (about 2MBbs over on average - that’s a lot for my site). At that time my suspicions turned to my old host but my security friend advised that it would be nearly impossible and basically a waste of time to try and implicate them.

Even if implicated – there are bound to be future attacks of other kinds. So my decision was to upgrade security rather then try to track down the current hacker or any future hackers. If they had breeched the server I would go after them but so far they are simply being a pest. I can still see the older attack scripts running into my firewall and turning up 404 errors when the files they try to DL are missing.

Out of courtesy I’m not even going to name the old host because this all without proof. BUT... VERY Suspicious... In over 4 years I have never had such an attack and there’s really no one that would have any motive. It might just be a hacker that is learning and practicing for a bigger target.

Ironically I may owe this hacker my thanks. I moved to a new host, got a machine basically 4 times as fast - and with 20 times... YES 20 times the bandwidth for $175 less then I was previously paying!!!