Results 1 to 13 of 13
Thread: DDOS Protection
-
04-26-2012, 12:03 PM #1New Member
- Join Date
- Apr 2012
- Posts
- 3
DDOS Protection
Recently my e-commerce website has suffered multiple DDOS attacks. My hostgator account was suspended for 12 hours. Which is the best route to go for DDOS Protection? I think I understand there are two ways to go about it, proxying and hosting with a firewall.
I need some sort of DDOS protection that can protect me against the advertised "10gbps-30gbps" booters that many malicious forums offer. I have looked around and I have seen the prices of 15Gps services and that is way out of my price range. I was also told that you can have a lower plan, 2gbps and it will filter out all recognized attacks so that it doesnt increase your allocation. I may sound like I'm crazy but I have been up for 8 hours battling and I am able to spend ~$2000/month on a great service IF it can fit my needs.
I am still waiting for a response from hostgator (5 hours) on the information of the attacks so I can get a feel for what service I need.
Which type of service should I use and what levels of protection do you think? Thank you for your time.
-
04-26-2012, 12:52 PM #2Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
No real insight into your problem but DDoS protection is grossly expensive mainly due to the costs involved with the hardware, the bandwidth and more importantly the knowledgeable staff who can filter the attacks. It's unfortunate that in 2012 there isn't an easy solution to combating DDoS attacks and if someone wanted to 'hold you down' for the next year they can unless you have uber deep pockets...
Just curious, how large is the attack, how many Gbps? Do you know how many PPS? I'm guessing it's not a 10+ Gbps attack... but until you have the numbers it's hard to speculate what service and level of protection would be required. Also, what kind of attack are you experiencing? SYN floods? UDP floods? HTTP floods?RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca
www.HostingSecList.com - Security Notices for the Hosting Community.
-
04-26-2012, 01:02 PM #3New Member
- Join Date
- Apr 2012
- Posts
- 3
reply
This is their response:
Hello,
That information resides at our data center and is unavailable for viewing by customers. I apologize for this inconvenience.
Best regards,
I have no idea which type of attacks I am experiencing. I only received this email and they shut me down which resulted in business lost :|
Hello,
This message is to advise you of a temporary block placed on your account. This account was found to be consuming an inordinate amount of processor time, to the point of degrading overall system performance. While we do limit each account to no more than 25% of a system's CPU in our terms of service, we do not actively disable accounts until they greatly exceed that number, which is what happened in this case.
Requests to this scripts under this account may become degraded by limiting the abilty for scripts to run for a limited amount of time, or if the issue persists, we may be forced to restrict how fast processes can be spawned until the issue has been resolved.
We recommend taking steps to reduce the overall CPU usage for the account, which may be as simple as generating a flat HTML page for popular content, or enabling caching that is available through many popular scripts, or disabling high CPU usage features such as searches or Ajax refreshes. Although we may not be able to help in all cases, we would be more than happy to assist if you are unable to determine any cause, or if you need help interpreting any of the information.
CPU seconds used in the past hour: 5368.19999999979, 150% CPU
-
04-26-2012, 01:11 PM #4WHT Addict
- Join Date
- Mar 2012
- Posts
- 139
Perhaps you can spend less if the main issue isn't exactly denial of service but bad configuration or poorly written scripts in combination with DOS.
The host's response speaks of the http traffic but looks like a general message. I don't know if your host provides or not some extra service to pinpoint the issue, but it's something doable. From there you can decide what steps to follow.
-
04-26-2012, 01:17 PM #5Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
Yeah this doesn't sound like a typical DoS attack - although it's entirely possible someone is flooding the site with HTTP traffic. I assume you're using a shared server? I would try with a VPS or even a dedicated server if you can afford it. It might just be a simple issue of your site outgrowing shared hosting which is very common.
RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca
www.HostingSecList.com - Security Notices for the Hosting Community.
-
04-26-2012, 03:31 PM #6Temporarily Out of Service
- Join Date
- Dec 2002
- Location
- texas
- Posts
- 1,333
Hello,
What is your ticket number on this? I'll be happy to have one of our senior guys give you a call to look into this further for you.
-
04-26-2012, 03:58 PM #7New Member
- Join Date
- Apr 2012
- Posts
- 3
The ticket number is: CGX-18069948
I received this response when asking for information on the attack.
Hello,
That information resides at our data center and is unavailable for viewing by customers. I apologize for this inconvenience.
-
04-26-2012, 05:15 PM #8Temporarily Out of Service
- Join Date
- Dec 2002
- Location
- texas
- Posts
- 1,333
Hi Jordan,
I asked out deputy CTO to take a look and he said he believes he could have mitigated this fairly easily and that we were to quick to pull the suspension trigger. I'm truly sorry!
He went onto say the suspension was lifted and that your site looks to be pointed to be liquidweb. Assuming you want to give us another chance I'll be happy to team the two of you up so that if and when this happens again you have one of the best in the world working on it. If you'd like further help please shoot me an email to brent@hostgator.com thanks!
-
04-26-2012, 05:58 PM #9Disabled
- Join Date
- Apr 2011
- Location
- Fairfax, California
- Posts
- 1,226
Have you tried something like CloudFlare?
That is free, and should mitigate most attacks.
-
04-26-2012, 07:24 PM #10Workaholic
- Join Date
- Jan 2004
- Location
- New York, NY
- Posts
- 1,241
CloudFlare's own representative on this forum has suggested that CloudFlare can assist with small DDoS attacks but is not designed to mitigate larger attacks at this time. They will simply pass the attack and traffic on to your server. "Large" attacks were noted as being 1 - 2 Gbps... so it would seem in this case CloudFlare wouldn't be much help.
-
04-27-2012, 03:02 PM #11Web Hosting Master
- Join Date
- Nov 2010
- Location
- San Francisco, CA
- Posts
- 901
-
04-27-2012, 07:59 PM #12Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
-
04-30-2012, 02:25 PM #13Web Hosting Master
- Join Date
- Nov 2010
- Location
- San Francisco, CA
- Posts
- 901
Similar Threads
-
DDoS Protection: ethProxy DDoS Protection - 99.99% SLA / Enterprise-Grade | Unmetered
By PeakVPN-KH in forum Other Hosting OffersReplies: 0Last Post: 05-08-2011, 02:43 PM -
DDoS Protection / Proxy DDoS Protection - Any Server, Anywhere, In Minutes! ethProxy
By PeakVPN-KH in forum Other Hosting OffersReplies: 0Last Post: 10-08-2010, 04:31 PM -
DDoS protection providers vs DDoS protection scripts
By Mareshal in forum Dedicated ServerReplies: 12Last Post: 10-10-2009, 09:46 PM