I am keeping an eye on 2-3 web hosting companies that offer reseller accounts which I eventually want to go with. I am looking for problems, downtime, customer feedback and related stuff.

One company - I am not going to mention the name - seems to have bad luck with the datacenter they decided to go with - their servers are - according to the host - being attacked and this happenes quite a few times in the last 3 weeks. Result: the servers go down.

Ok, at my full-time job we are running several web sites with quite some traffic. How comes that we never get such heavy attacks that our servers go down? I assume that even if the web host has 200 sites on each server that many sites are low profile and with medium exposure - why would it get more attacked than a site of a Fortune 1000 company?

I get the bad feeling that either datacenters or web hosts are hiding behind this 'excuse' "We're being attacked!". Yes, attacks can happen but why would it happen to the same 'guy' that often and not hitting other ones?!

What is your experience and how do you feel in regards to this? In my eyes - if you want to attack servers on the Internet - wouldn't you choose some where the impact is visible and you cann see it on CNN and tell your friends about it?! Who really cares if Joe Blow's site disappears?

The Fish

Could be a few things..

1. They have an employee who runs a shell box from the datacenter, goes on irc, pisses ppl off, and they DOS his ip

2. They run an irc server or are a irc hub..

3. The owners have made enemies with lots of packet kiddies.

4. They lie.


And if they were really getting attacked, they could just get their provider to block the packets at the router level

Attacks do happen. Attacks don't have to be provocked -- after all, why would anyone have a rational reason to launch attacks on a network? People always say things like "This site was compromised, why would someone crack a lame server, and not go after banks and government sites?" Well, because smaller targets are easier and you have less risk of getting caught and you have greater odds of it working. You can filter/block at the router, sure, but when there's hundreds or thousands of IP's being spoofed, it's not a quick job to do. This could be true, or it could be an excuse, sure, but I've personally seen at least 5 large data centers come under attack in the last month (and it lasted for anywhere from a few days to a few weeks). It does happen, and there doesn't have to be a reason and there doesn't have to be any IRC aspects involved either.

very true, but IRC does have a lot of **** disturbers :)

And there are A LOT of attacks that originate from idiots from irc :)

I wish IRC didn't have such a bad reputation. I use IRC for legitimate purposes and only chat in small and private channels because the public ones are always full of idiots, so I never have problems with being packeted or anything. A few always have to ruin it for everyone. :(

I've said this before, if an ISP blames their troubles on being "hacked" without any additional information, I find it quite suspicious. It sounds to me more like incompetence caused the problem, and they'll blame it on the faceless hackers. Bacid reason # 4.

If they are truly having problems with hackers, then they should take action, and they should explain to their customers what action they are taking, and why.

http://www.webhostingtalk.com/showthread.php?s=&threadid=36869

http://www.webhostingtalk.com/showthread.php?s=&threadid=28564

Of course bacid's other reasons are all good ways to make you target to hacking. Some more are:

1. Hosting political sites.
2. Hosting religous sites.
3. Hosting hate sites (maybe this goes under political?)
4. Not performing security updates.
5. Hosting spammers.

One of the reason why low profile sites get hacked is because the kid running shoots his mouth of in yes "irc" and they get a DOS. This has happened to our servers once or twice. The biggest problem a host faces in a shared environment is the fact people use bad scripts and rather than testing them on their local computer, they test them on the server and poof...they crash the server.

one script that rings a bell is a banner exchange script made by someone called the clixnetwork...DO NOT EVER ALLOW THIS SCRIPT TO RUN, your server will be down in about 5 seconds because it consumes all memory and then all swap memory and everything comes to a grinding halt.