I have always wondered why some providers do not allow certain services to run on dedicated servers, i mean i can understand illegal material and limitations on shared servers.
But when it comes to a dedicated server then WHY?, I mean you pay for the bandwidth you use and you pay extra if you go over, if your server gets attacked then it is YOUR server and nobody elses, if it crashes, its YOUR server and nobody elses problem.
Its just something that has confused me for quite a while.

Originally posted by xtstrike
I have always wondered why some providers do not allow certain services to run on dedicated servers, i mean i can understand illegal material and limitations on shared servers.
But when it comes to a dedicated server then WHY?, I mean you pay for the bandwidth you use and you pay extra if you go over, if your server gets attacked then it is YOUR server and nobody elses, if it crashes, its YOUR server and nobody elses problem.
Its just something that has confused me for quite a while.

Some programs can create a risk or problem for the entire network though... Some can open an entire network up to being the victim of a DoS attack and it only takes on server on the network to open up such an opportunity. Those are usually the only type of things providers have problems with even dedicated servers running, even if it's not an illegal program or illegal content.

I can imagine this being a problem, but anything with an IP address is open to a DoS attack regardless of the service running.
If somebody did attack then the provider should have a powerful enough network to cope with the attack, and if the attack became un-manageable then simply disconnecting the troublesome computer frmo the network would solve the problem.

WOOHOO - MY 100th Post !, im now officially a WHT Addict :-)

Congrats on the 100th post xstrike :).

You are correct, anything with an IP address may be targeted for an attack. But, think of the Internet as a dark alley, anyone who walks down that alley may get jumped, but if you walk down the alley flashing a roll of $100 bills and talking about how much you love your new Rolex you are increasing your chances :D. There are certain programs that just invite attack...for instance just about anything to do with IRC is bound to p*ss someone, somewhere, off and make them try to take down the server.

It doesn't matter how big you are, you can still be brought to your knees by a DOS attack (look at Yahoo and EBay last year). And disconnecting the server will not necessarily help the situation. The router and the switch/switches that deliver traffic to that server still have to process the traffic, and if they are overwhelmed that whole network segment will become unreachable.

Of course, you could put in more powerful switches and routers (redundant Extreme Black Diamonds and Juniper M160s would be nice) but the infrastructure costs would be so high that a host could not offer sub $50 shared accounts and sub $300 dedicated hosting accounts.

Yeah, id agree the level of services running on your box increases the chance of attack.

(its ok, our IRC network is more a group of friends where we rarely if ever (once every 6 months) experience anybody causing trouble, when they do we have hybrid in place and it kills them after a minimal flooding session (10 seconds), lol)

I would normally expect any host to have redundant routers in place regardless of the cost of service they are offering, without it they would suffer unacceptable downtime and unhappy users, i firmly believe a network should be stress tested before selling services to members of the public, bcause as we know already Class Action Lawsuits are a very very bad thing for a company to have hanging over them.

Maybe that amazing router you talk would be a good investment to getting future custom?

Most hosts do have a redundant routers in place. But the Juniper M160s are $1.5 Million each. So, that's $3 Million in routers. The Black Diamonds, assuming you are going to put in Gig E Cards, 10/100 ports and a management card are going to run between $100,00 and $500,000 (for only about 256 customers). So you are talking another $400,000-$2,000,000 in infrastructure costs. Again, you can't do that and offer a sub $300 dedicated server.

OH MY *very bad language omitted*

$1.5 million to send a few bits of information from A-B ??

You have to be joking?

Have you got a URL for any of this hardware? I have to see it to believe it :eek:

Originally posted by xtstrike
OH MY *very bad language omitted*

$1.5 million to send a few bits of information from A-B ??

You have to be joking?

Have you got a URL for any of this hardware? I have to see it to believe it :eek:

Nope, before starting Version12 I helped build the kind of world-class data centers you are talking about, so I am very familiar with the pricing :D:

http://www.juniper.net/products/dsheet/100012.html

and

http://www.extremenetworks.com/products/datasheets/bd.asp

(of course I still prefer the Cisco 6509 to the Black Diamonds, but what can I say, I'm a Cisco zombie ;)).

Originally posted by xtstrike
Yeah, id agree the level of services running on your box increases the chance of attack.

(its ok, our IRC network is more a group of friends where we rarely if ever (once every 6 months) experience anybody causing trouble, when they do we have hybrid in place and it kills them after a minimal flooding session (10 seconds), lol)


Well see that's the issue (we run an irc server on a catalog.com server, BTW)... someone comes in floods your irc server and you ban them. Then they get pissed and decide to try to hack or DDOS you. So by providing that service you'll just automatically raising the stakes of getting your server and their network in general into trouble. That's why most don't let you run it.

Yeah, I can definitely see where you are comming from there Dexter.

Luckily our IRC network is only a small community, if people get there its 99.99% of the time because a friend told them about it!, lol

with the larger networks like DALNet etc... that must be a major hazard.

xtstrike, do you want to run an eggie or put up an IRC server? If you want to run eggies you can get a shell account for $5/month and sleep without any worries at night. ;)

But if you want to run an IRC server, then I know I personally wouldn't be happy with the thought of someone doing that on the network I'm hosted with. From my experience you should never mix hosting with IRC. Either do webhosting or shell providing.

My $0.02..

nah, i would never dream of running an eggdrop from the server, I have done that before with a previous system and know the consequences all too well :(

I suppose I am taking a risk running the IRC server from the machine too, but luckily the risk is very very incredibly low with the people that use it.

If the network started to grow to an extent where it became uncontrollable (100+ users) I would definitely think if dedicating a second machine to that purpose.

The poor management of a dedicated server by a client, not only can make the server a target of a DDoS or DoS attack, but can open security holes to use that server's resources to participate in a DDoS attack. I've seen this happen before. A security hole is left open, a script kiddie exploits it, gains access, then uses the ISP's bandwidth to launch a DDoS attack on another network. This might be a little off from your orginal post but I do think it still holds merit.

You also have to understand, investing several thousand (if not hundreds of thousands) in redudant routers, and a network that is 200% larger than you truly need is impossible. Most hosts are charging $25 or less for accounts. You can't possibly justify that kind of spending for the low cost hosting that cilents demand. In all reality there isn't much that can be done to guard against DDoS/DoS attacks, even building a strong network can simply be limited. It's not that far fetched for a DDoS to come from thousands of sources, or more, and I don't know of any network that can stand up to that.

Dedicated server providers have to be extremly careful with their servers, ensuring their clients keep upto date with the latest security patches and updates, as well as limit services that might attract attention. Even certian types of content can make a server a target. The scary part is these DoS "tools" are readily available and any script kiddie that gets mad can download them and launch an attack.

Originally posted by WTFHosting

Even certian types of content can make a server a target. The scary part is these DoS "tools" are readily available and any script kiddie that gets mad can download them and launch an attack.

Or as I like to call them, $%#@! pieces of $#%^ that have nothing better to do with their pointless, clueless lives than try to destroy people's business and get a good laugh over it with their loser piece of #@$% $%^)& #$%$% @#%^& $#$#@ @#$%^&$ @#$#$%^ friends.

Uhhh...sorry my turrets must be acting up again :D.

Originally posted by xtstrike
Yeah, I can definitely see where you are comming from there Dexter.

Luckily our IRC network is only a small community, if people get there its 99.99% of the time because a friend told them about it!, lol

with the larger networks like DALNet etc... that must be a major hazard.

yea so's ours... maybe a dozen regulars and another 2 dozen that pop in from time to time. but we get our alotment of anoying folks... had a few that try to hack our system but were never successful... dumb script kiddies! :angry:

hmm... thats quite strange Dexter, may i ask what topics are talked about on your IRC network?
It may be that attracting attention.

OK, People, try not to vent your anger too much in this BB, I mean, if everyone vented their anger on the BB over skript kiddies we might inadvertently trigger a DDoS attack on WHT with our own messages!!, lol

well the main talk is tech related... computers, games, etc... but you get the usual ramblins and such...

also one of our clients (an austrailian band) has a channel setup where their fans talk, mostly teenagers drooling over how hot the lead singer ben is :) ...

we've only been hit 3-4 times i belive... See I'm a forum mod over at the maximum pc magazine forum so on a few occasions i've banned people and then they find out that i have this irc server so they come over to bitch and cuase a ruccus. So they get banned from the chat too. Most are wannabes that have watch the movie "hackers" a few too many times... :blush:

xtstrike -- I run a LOT of very sophisticated software on my dedicated servers!

What EXACTLY won't they allow you to run!?

StephenRS, its not related to any particular host, its just certain hosts in general when you read ther terms and conditions.

I mean i can understand spam and illegal content, but certain other things hosts ban like "streaming audio" it just seems strange to me!

xtstrike -- streaming puts requirements on a network that an ISP may not want to deal with. Delays in LAN traffic and routers can often interrupt the stream.

I used to design/test/manage the streaming servers for a major pro sports team (hint, I'm in Seattle) -- and it takes a lot of special planning -- we often had unique ports of the switch, at minimum made sure of full duplex instead of half, and often experimented with one route for incoming and another for outgoing...

To save $ and time, a given ISP may just not want to deal with this quality need...

It does make some sense to me why some of the ISP's would split that out...

We are talking TRUE STREAMING, not just putting a data file and downloading it... but an actual streaming server that manages the pacing of content delivery...

Originally posted by xtstrike
OH MY *very bad language omitted*

$1.5 million to send a few bits of information from A-B ??

You have to be joking?

Have you got a URL for any of this hardware? I have to see it to believe it :eek:

That's correct xstrike, carrier grade equipment is very expensive-just to move a few bits from A to B. Our backbone network contains 6 #@!! carrier-grade routers. And we are just a small company-but we've got BIG network architecture.

Look at it from our side, you see your server as being a separate entity from our network, but we see that as becoming a part of our network-connected to every other server and router, etc., and protecting that network and keeping it running at peak efficiency is crucial to us.

When it comes to banning certain types of sites or activities on networks, it is because a sudden surge in activity on one part of a network, can impact everyone else's performance.

If that porn site gets listed on the hun and every guy on the planet and his brother goes there to download the free preview pics, that can hog up so much bandwidth (which the site owner will be paying for) that the other sites and servers end up getting too little and becoming unavailable, or just having too much latency.

If they aren't using load balancing, a sudden surge in activity on one part of the network can cause problems throughout.

Hacker attacks are common (too common) and unless providers really know how to keep those packet-sniffing script kiddies out, they run a risk by having certain types of sites that they are more likely to try and hack, on their networks.

Hey what is a DoS attack? I use sprint broadband -- satelite,a nd normaly i can download on a good night at 4 Mbits/sec. One night i was hanging out in a game of total annihilation, and somone pinged my router so mch it actualy BROKE the router. Is this the same thing?

Most commonly, a Dos (Denial of Service) attack is when someone decides to flood a site with so much traffic that no one else can get through, effectively taking that site down. They may use zombies, or smurf, it's a particularly nasty little trick. The broader definition is any malicious activity that prevents legitimate users of a resource from accessing that resource. This may be a site, or bandwidth, or even overloading server resources.

Here is some more detailed info about DoS attacks: http://www.cert.org/tech_tips/denial_of_service.html