Hi all,

I've been noticing a lot of times now where my site is almost impossible to load or even to log into the FTP.

I was wondering if you also have noticed this?

Looks like it down completely now...

Both my site and the 4webspace site are up and fine from here. Do a traceroute. Every once in a while I'll find I'm unable to connect from home using my dialup ISP. A traceroute shows that alternet is down or slow or dropping packets. Dialing into another number at my ISP gives a traceroute that doesn't go through alternet that works just fine.

I notice that I couldn't telnet or ftp out to other sites from my raq

Looks like it is down again!

Indeed they are.

16 322 ms 488 ms 325 ms core1-s5-1.edm.tera-byte.com [207.107.204.162]
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.

I'm strongly thinking about going back to shared server again. I'm paying $100/month and can't even load my site half the time. I don't know what has happened to them but when I signed up, the first month they were fast as hell. But then they did some changes and after that it's been like this. ;(

Originally posted by zolbian
I'm strongly thinking about going back to shared server again. I'm paying $100/month and can't even load my site half the time. I don't know what has happened to them but when I signed up, the first month they were fast as hell. But then they did some changes and after that it's been like this. ;(



According to the 4webspace message board, they have been subject to a DDoS attack.

I find it stange that a DoS attack is concentrated on them 3 times a day on a routine basis.

Originally posted by syanet
I find it stange that a DoS attack is concentrated on them 3 times a day on a routine basis.

its not impossible.. there are a lot of script kiddies out there who have nothing better to do..

Part of the problem is people not patching their servers, resulting in them being hacked/exploited and later being used to launch denial of service attacks. The outage the other day was caused by more than a dozen hacked servers all simultaneously launching an attack (each one maxing out its burstable bandwidth) which caused degraded network performance until we were able to disconnect those servers from the network. Most of those have since been restored to factory condition and are back online.

As for syanet, there's nothing wrong with complaining about a service if you have something constructive to say. I have noticed, though, that your comments about 4WebSpace here as of late appear to be nothing more than an attempt to badmouth us at every turn.

What are you talking about, all syanet said was that it was down???

he was explainging what has been causing the slowness on the network lately.... seemed simple enough to me.

Plus syanet has made a thing lately of bad mouthing the service provided by 4webspace.com

Not that I have anything against the company, I was happy there for three months, but your taking all kinds of precautinary steps such as not letting users run their own DNS, taking servers off line in order to add firewalls, etc, and the downtime remains extremely high. It seems every other day your experiencing a a DoS attack. And I'm just simply stating it's odd how they all seem to be concentrated on TB.

Well maybe their users are extremely stupid (i'm one of them :) ).

I did however patch my server, and was still one of the infected raq's.
I suppose it was infected before i patched the server.

I must say i'm still happy with 4webspace, altough i suffer downtime on a regular (as far as i can see almost daily) basis. I still have the feeling they are working hard to solve it, and answer my stupid questions rightaway.

well, a ddos has nothing to do with patches... its more of an external threat rather then someone exploiting something in a server..

Originally posted by kunal
well, a ddos has nothing to do with patches... its more of an external threat rather then someone exploiting something in a server..

When you're the target of a DDOS attack... yes, there really isn't much you can do.

When you're the source of a DDOS attack (which is what CJB was saying)... there _are_ a few things that you can do. One, the network can have ingress (I think - always get confused between egress and ingress) filtering at their border routers to prevent spoofed packets from exiting the network. Such a atep would already reduce the desirability of compromising that network since attacks originating there can be quickly traced and dealt with. Two, if you were properly patched in the first place so that the crackers couldn't exploit your system and install their drones programs, then you wouldn't be the source of these attacks either.

I don't think there's really much to be done here. Terabyte have already taken the proactive step of encouraging customers to use terabyte's dns servers, and filtering dns traffic otherwise. I heard that ntp also receives similar treatment. Perhaps this filtering service should also be extended to services that are unlikely to be used by web servers (eg, lpd)?

Ultimately, security of the server is of course the responsibility of the server owner, and terabyte doesn't want to be overly restrictive... But as long as raqs attract owners who are relatively newer to system administration and security, it seems likely that this will continue.

At least terabyte have taken steps to deal with dns and ntp - both of which have had recent exploits. Rackshack (AFAIK) have not.

i thought some-one was attacking tera-byte....

Mike said :: "According to the 4webspace message board, they have been subject to a DDoS attack"

No, pyng had it right. 12 (I think) 4ws machines were compromised and used to launch a DDoS attack.

And of course pyng was also right that it's the server owner's responsibility to keep the machine secure and that the host should take steps to help them do that.

I'm not sure why people say that 4ws has a lot of downtime. I'm hosted there and aside from this incident I don't know of any recent downtime. Yes there have been problems with one or two of their backbone providers but you can hardly blame TB for that. There was also an incident recently where an individual server was not available on the network that seemed to be a legit complaint but no wide spread outages that I know of.

i stand corrected...

Originally posted by kunal
i thought some-one was attacking tera-byte....

Mike said :: "According to the 4webspace message board, they have been subject to a DDoS attack"

Yes, I did say that. I did not say whether the attack was from within or from without.

As someone else added later on, the attack appears to have been from within.

Sorry for the ambiguity in my original message.