Just been on the chat channel and it appears there are wide scale DOS attacks going on against Rackshack.

Shame one of my servers is with them.

script kiddies, kill them all :D


Imran

http://rackshack.net/aboutus/networks.asp

I can see thee was network slow down for hours, as you said, probably due to DDOS attack. ... But, I do not see through what pipe did the incoming flood of packages come through. Are you sure that was a DDOS attack?

cheers,
:beer:

i've heard headsurfer said it was summat to do with internal traffic dunno much about it, seems wierd my secure sites work but none on normal web (port 80). Might that be the port they are attacking or something?

[edit: also just heard they've disabled port 80]

The OP comes really close to blaming RackShack for being attacked, this is ridiculous. This sort of thread is a waste of space and provides no good information. All large scale webhosts will have customers that piss someone off and set off DDOS attacks. While RackShack does have it's problems this is not one of them.

Oh yeah, and to jump on a bandwagon, this is WEBHOSTINGTALK, not RackShack talk. I think that this forum is listed as discussion of companies offering dedicated servers and not a network issues forum for RackShack

I think that this forum is listed as discussion of companies offering dedicated servers and not a network issues forum for RackShack

What am i doing? i'm discussing a company offering dedicated servers, sorry if i have a rackshack server, i didnt buy it to cause you offence. for gods sake

Originally posted by SidVicious
Oh yeah, and to jump on a bandwagon, this is WEBHOSTINGTALK, not RackShack talk. I think that this forum is listed as discussion of companies offering dedicated servers and not a network issues forum for RackShack You're right. This is WebHostingTalk.
Where we talk about web hosting. And things related to web hosting.

Those with servers at RackShack may very well want to know that they're (RS) is being hammered right now.

I am hesitant to say much of anything at this very second other than that we are working through the issue and things are back to pretty much normal this very second.

I'll be more willing to say more later.

Robert Marsh
Head Surfer Rackshack.net

As many other people have said, this is not the forum for it. You can go to support for RackShack and get the answers you need. This is not the place for it. You are discussing an attack on a specific webhost, there is no opinion, they are being attacked. The only thing this thread could lead to is RackShack essentially giving technical support, i.e. an explanation of the attack and this is not the place for it.

for one you dont have to look at every post on the board, so just miss out those ones that u find rackshack in the topic for, i did plainly put it in the topic and it seems sad you reply to
a) cause an arguement
b) get your post count up

In other words, SidVicious, we can talk about any place but RackShack? :eek:


Sure.


Makes sense to me. :rolleyes:

Originally posted by SidVicious
As many other people have said, this is not the forum for it. You can go to support for RackShack and get the answers you need. This is not the place for it. You are discussing an attack on a specific webhost, there is no opinion, they are being attacked. The only thing this thread could lead to is RackShack essentially giving technical support, i.e. an explanation of the attack and this is not the place for it.

This issue has been brought up in my 600th post (check the lounge for the $220 million big game thread ;))..

IMO, A customer of a company has every right to post news about a host, like news of an attack. Of course where this thread should be placed is the big question. I think that threads like these should be placed in the Main Forum (Web Hosting Forum), no matter if the host in question provides dedicated servers only or not.

The other big question: should the host have the right to comment about the issue in the thread?

IMO, yes. This of course can only be limited to an explanation of what is going on and a general explanation as to what they are doing to remedy the situation. This should be considered network news that would effect the opinions of any current/potential customers that may not be able to get to the host's website. Any tech support should be immediately deleted and both the customer and the host should be warned and asked to handle it off forums...

So headsurfer, here's your warning:D: Post an explanation as to what is going on and what are you doing to help the situation right now. Then you can move this thread to the general forums.

Akash: While I have silently disagreed with you in many of your other posts. I agree with you on this one. There is a place to discuss this, it is not this particular forum. I do however think that you warning headsurfer is completely laughable :dgrin:, your advice is good.

I am already tired of seeing all the griping about RackShack, most it as of late has been unfounded and seems to be directed at them because they bought WHT. But they are not the ones turning this into RackShack talk. I know that I am not helping the situation by continuing this thread, I just feel a need to speak my mind on this since so many other people have.

Why would my post count matter to me? I really could care less about the title under my name, it makes no difference to me. No matter what it says, if my advice is good and opinions are defendable it doesn't matter one little bit.

what i don't understand is how a total of '3,500' servers (what they say in the computer mags) are being hosted, & if it is a dos attack, why wouldn't you have filtering, and other pre-cautions? i don't understand how that should be even thinkable yet possible. i know you can't stop everything, but it shouldn't be at the point where people are complaining that much.

Originally posted by LogicBrendan
what i don't understand is how a total of '3,500' servers (what they say in the computer mags) are being hosted, & if it is a dos attack, why wouldn't you have filtering, and other pre-cautions? i don't understand how that should be even thinkable yet possible. i know you can't stop everything, but it shouldn't be at the point where people are complaining that much.

lol
i asked rackshack icq support "Did you guys get dos'ed today?

they said

"that's what i hear"

anyway.

i asked rackshack, if we were to order a server, and if we got dos'ed, would you guys have any firewall protection? they answered with no.

If you look at their network graphs, it paints a different picture that a DOS attack. http://www.rackshack.net/aboutus/networks.asp

Maybe it's just me :)

Originally posted by SidVicious
Akash: While I have silently disagreed with you in many of your other posts. I agree with you on this one. There is a place to discuss this, it is not this particular forum. I do however think that you warning headsurfer is completely laughable :dgrin:, your advice is good.

I am already tired of seeing all the griping about RackShack, most it as of late has been unfounded and seems to be directed at them because they bought WHT. But they are not the ones turning this into RackShack talk. I know that I am not helping the situation by continuing this thread, I just feel a need to speak my mind on this since so many other people have.

Why would my post count matter to me? I really could care less about the title under my name, it makes no difference to me. No matter what it says, if my advice is good and opinions are defendable it doesn't matter one little bit.

Please PM me your comments about my other posts, I'd love to hear them ;). Or contact me via aim: akashd84.

I wasn't really serious with my headsurfer warning (hence the :D), but I did mean what I said right above it.

There is much that I'd like to share on exactly what it was, however I've been asked to be pretty vague.

The attack was a form of a DOS attack but with a signature that has been hard to detect, capture, and trace.

A normal, everyday DOS attack would be caught in our intrusion detection system, identified, and blocked. Total time measured in minutes.

This was a little different when it happened and harder to detect. We have made a few minor network changes today adding in a couple of additional layers that will make it easier to identify and capture it should it happen again.

Quite honestly, what happened today we had not seen before and we've had a LOT of stuff thrown at us over the last 6 months.

The graphs look the way they do due to the measure that we took once we were being hit by blocking "blocks" of network segments and routers in an effort to identify what was happening and then gradually bringing those segments back online.

I hope this clears up a little of the confusion surrounding the afternoon's events.

Robert Marsh
Head Surfer

what ARE some of the issues Rackshack face(and other server companies for that matter).

Excuse my ignorance, but what does a DOS attack do to the clients of Rackshack? I was planning on moving my site to a Rackshack dedicated server Monday, but this is scaring me a bit. Does this bring down the server, steal information from the server, or something else? Is this common? Is there any other companies I should considering using that would be in the $100-150 per month range that could offer similar high-speed connection with a high bandwidth allowance (400 GB +)?

I have researched this quite a bit and felt that Rackshack was the best value, but this attack sound pretty significant.

Thank a lot.
Jeff

A DOS attack is a Denial of Service attack and it's main goals is just that. What usually happens when a large host is attacked to any significant degree is that large numbers of people send large numbers of packets to use up the hosts current connections to the net. The usual result is that legitimate communication is brought down or slowed greatly. In RS's case it was slowed down greatly.

DOS attacks vary in size and sophistication... Large victims include Yahoo and many others...

No information on your server would become compromised because of a DOS attack. The worst you will suffer is a slowdown or no connection (it's not easy to keep 3 gig-e's down for a long time).

Jeff, it can bring down the server and possibly the entire network the server is on, or slow it down at least. There are many different kinds of DOS attacks and I tried to find something that would explain it better than I could:

http://whatis.techtarget.com/definition/0,289893,sid9_gci213591,00.html
Not entirely sure they do a great job, (easy enough and short enough)

This covers less but sums it up better: http://webopedia.lycos.com/TERM/D/DoS_attack.html

lol - My friend just sent me this from rackshack's irc channel. May be all talk, but I thought it was interesting.


<FREAK88> <FREAK88> hey
<FREAK88> <headsurfer> i am tired of teh bs
<FREAK88> <FREAK88> i offerd u guys a deal to make the doses stop
<FREAK88> <FREAK88> but nobody wants to listen
<FREAK88> <headsurfer> no chance
<FREAK88> <headsurfer> no way
<FREAK88> <FREAK88> so your saying keep the dosses coming?
<FREAK88> <headsurfer> we don;t seem to have a problem now
<FREAK88> <headsurfer> do we?
<FREAK88> <FREAK88> not now
<FREAK88> <headsurfer> ok then
<FREAK88> <headsurfer> there is no way we are giving u a server for free
<FREAK88> <FREAK88> it can start up again at the snap of my fingers
<FREAK88> <headsurfer> bring it on
<FREAK88> <FREAK88> o0o0o0o
<FREAK88> <FREAK88> thats gona make a great topic in #linux@dalnet

Thanks a lot for the help you, guys. One other question, that is a bit unrelated to this discussion, so I apologize. I am considering a few of Rackshack's different server setups. The one I am leaning towards is the P4 with the 600 GB monthly allowance. One concern that I have is that I have heard rumors of these systems overheating. Can you provide any guidance on which setup may be optimal for a high speed with a high amount of usage. I will be running only 1-2 domains on the site, but will be using the majority of the bandwidth allowance. I am most concerned with maintaining high speed, and with as little downtime as possible (probably what most people want! :))

Any assistance will be greatly appreciated.

Thanks.

i am relatively new to the whole idea of leasing a server or any otehr such hosting concepts. I am however intrested in learing. teachers though seem to be in short supply. at least ones patient enough to walk a newbie through things.

I am reading here to see what i can learn. i had recently considered Rackshack for services. Being nieve i know i am open to potential scams, fakes and other BS. that is why i asked what problems Rackshack and other companies are really facing.

i know rackshack owns this site and i am not looking for someone to bash them without good reason. i need simply and honest feed back on what to look for and what to aviod and why.

when i mentioned rackshack to a few people i was met with some negative feedback. why? what real issues exisit?

i can also be found on aim JCR788 if someone wants to be sincere with their advice but i do not need bs from people. Thanks Kitti

Originally posted by headsurfer
There is much that I'd like to share on exactly what it was, however I've been asked to be pretty vague.

The attack was a form of a DOS attack but with a signature that has been hard to detect, capture, and trace.

A normal, everyday DOS attack would be caught in our intrusion detection system, identified, and blocked. Total time measured in minutes.

This was a little different when it happened and harder to detect. We have made a few minor network changes today adding in a couple of additional layers that will make it easier to identify and capture it should it happen again.

Quite honestly, what happened today we had not seen before and we've had a LOT of stuff thrown at us over the last 6 months.

The graphs look the way they do due to the measure that we took once we were being hit by blocking "blocks" of network segments and routers in an effort to identify what was happening and then gradually bringing those segments back online.

I hope this clears up a little of the confusion surrounding the afternoon's events.

Robert Marsh
Head Surfer



Would it have been appropriate to share this with us at the RS forum also? As I said over there... Perhaps there is a good reason not to have shared this via the RS forum yet.

Originally posted by MadSkilage
lol - My friend just sent me this from rackshack's irc channel. May be all talk, but I thought it was interesting.



So basically, the LAMER / script kiddie who was dos'ing rackshack is your friend...
That, or atleast you know who they are :)

get a life. Both of you

Originally posted by MadSkilage
lol - My friend just sent me this from rackshack's irc channel. May be all talk, but I thought it was interesting.



Lol, some guy from dalnet? Dalnet even has packet kiddies? I thought they were all confused treckers (if you read dalnets history) that couldn't handle EFNET as a big bad place where you couldn't register a channel, so broke off and started their own irc network. Thats pretty pathetic. I hope headsurfr is taking appropriate actions against these script kiddies if they do such BS in the open.

Originally posted by clocker1996


So basically, the LAMER / script kiddie who was dos'ing rackshack is your friend...
That, or atleast you know who they are :)

get a life. Both of you

:rolleyes: nope...my friend was on rackshack irc to get some support (or at least attempt to :( ) And how did u come to the conclusion that I know every person that I see on IRC? That'd be real smart to let my friend DOS rackshack when I have a box there.

my server was attacked while on rackshack. did they care? no. did they want me to pay to get it restored? yes. overall am i happy with rackshack? no.

Originally posted by optix
my server was attacked while on rackshack. did they care? no. did they want me to pay to get it restored? yes. overall am i happy with rackshack? no.

Haha, thats a new one optix, every week you have a different complaint about rackshack, that was unmentioned in the previous week.

But seriously, WHY SHOULD RACKSHACK CARE?! Did rackshack promise to give you firewalls? Filters? I doubt it, so why should they care if your server got attacked. They're the ones that suffer a loss whenever a customers server gets attacked, on a whole, not just to that customer. It's the customer that attracts the DoS 99% of the time, or someone on his server, not just some random packet kiddie that goes "ohh, i know, i'll attack 233.124.123.12 today!". If your server was with RackShack and got DoS'ed, you're lucky they didn't charge you for the traffic that resulted incoming from that, complaining that "they dont care" just doesen't make sense. They didn't create this problem, the problem is not with them, it's with you and whatever your server did to attract this.

A little question regarding what you said. If I have a server at RS then rackshack gets DOSes and my server happened to be in the ranges of IPs that were attacked. Will I get charged for the bandwidth? Or will those attacks accumulate toward my monthly bandwidth if it hasn't over?

I don't think you will get charged for something like that... As related to DOS attacks so far we have seen RS take action against customers that have engaged in DOS attacks (not the victims) and other illegal activities.

They are nice enough to NOT charge for bandwidth overage (assuming it's not huge) anyway.

Porcupine, of course Rackshack is evil or just don't care about their customers in hopes of losing them.

Your logic is OVERLY flawed, they have a great reason for caring... A promise about having firewalls and filters is a (from a companies perspective) way to secure their network and increase their client base. It's not a reason to care about clients but a way of showing it.

There main reason for caring is to prevent DOS attacks from threatning their network which is a very important part of their business. Another sub reason although very important is to increase their client base.

RS has announced that they are getting more sophisticated equipment to help with DOS attacks for the apparently more "sophisticated" DOS attacks they have recently been a victim of.

err if there was a DoS attack I sure didn't feel it..... What was that about blocking port 80? Mine wasn't blocked.........

Neither did I, but apparently there was.... I pinged once and noticed that half my packets didn't make the trip to rs... Overall it functioned throughout...

web_rs, most companies would be eager to weed out the bad clients that attracted DoS's. It's not flawed logic, it's fact, people who regularly attract DoS's eat a large amount of resources, put the company in connectivity risk, and generally are doing something illegal (for the mostpart) or something wrong (not including teasing packet kiddies). The logic makes perfect sense if you think about it from a different POV, the provider looses money on those types of clients, and they're usually not the kind you'd want on your network, nor would your other clients.

I see where your coming from now...

Hi,

Take a look at this
http://www.rackshack.net/aboutus/networks.asp

I don't know if anybody agrees with me. Outgoings on all 3 1000 mbps lines are somewhat reaching their maximums. The DS3 and OC3 lines, I don't think are in used for hosting. But it seems to me RS is reaching to their bandwidth limit. If they keep selling could this be OVERSOLD?

Look at the left side where it says "x MB" :). Each line has 1000. Most of the graphs only displays 300 or so. They're fine.