Results 1 to 13 of 13

Thread: DDOS Protection

  1. #1

    DDOS Protection

    Recently my e-commerce website has suffered multiple DDOS attacks. My hostgator account was suspended for 12 hours. Which is the best route to go for DDOS Protection? I think I understand there are two ways to go about it, proxying and hosting with a firewall.

    I need some sort of DDOS protection that can protect me against the advertised "10gbps-30gbps" booters that many malicious forums offer. I have looked around and I have seen the prices of 15Gps services and that is way out of my price range. I was also told that you can have a lower plan, 2gbps and it will filter out all recognized attacks so that it doesnt increase your allocation. I may sound like I'm crazy but I have been up for 8 hours battling and I am able to spend ~$2000/month on a great service IF it can fit my needs.

    I am still waiting for a response from hostgator (5 hours) on the information of the attacks so I can get a feel for what service I need.

    Which type of service should I use and what levels of protection do you think? Thank you for your time.

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    No real insight into your problem but DDoS protection is grossly expensive mainly due to the costs involved with the hardware, the bandwidth and more importantly the knowledgeable staff who can filter the attacks. It's unfortunate that in 2012 there isn't an easy solution to combating DDoS attacks and if someone wanted to 'hold you down' for the next year they can unless you have uber deep pockets...

    Just curious, how large is the attack, how many Gbps? Do you know how many PPS? I'm guessing it's not a 10+ Gbps attack... but until you have the numbers it's hard to speculate what service and level of protection would be required. Also, what kind of attack are you experiencing? SYN floods? UDP floods? HTTP floods?
    RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca

    www.HostingSecList.com - Security Notices for the Hosting Community.

  3. #3

    reply

    This is their response:
    Hello,

    That information resides at our data center and is unavailable for viewing by customers. I apologize for this inconvenience.

    Best regards,



    I have no idea which type of attacks I am experiencing. I only received this email and they shut me down which resulted in business lost :|

    Hello,

    This message is to advise you of a temporary block placed on your account. This account was found to be consuming an inordinate amount of processor time, to the point of degrading overall system performance. While we do limit each account to no more than 25% of a system's CPU in our terms of service, we do not actively disable accounts until they greatly exceed that number, which is what happened in this case.

    Requests to this scripts under this account may become degraded by limiting the abilty for scripts to run for a limited amount of time, or if the issue persists, we may be forced to restrict how fast processes can be spawned until the issue has been resolved.

    We recommend taking steps to reduce the overall CPU usage for the account, which may be as simple as generating a flat HTML page for popular content, or enabling caching that is available through many popular scripts, or disabling high CPU usage features such as searches or Ajax refreshes. Although we may not be able to help in all cases, we would be more than happy to assist if you are unable to determine any cause, or if you need help interpreting any of the information.

    CPU seconds used in the past hour: 5368.19999999979, 150% CPU

  4. #4
    Perhaps you can spend less if the main issue isn't exactly denial of service but bad configuration or poorly written scripts in combination with DOS.

    The host's response speaks of the http traffic but looks like a general message. I don't know if your host provides or not some extra service to pinpoint the issue, but it's something doable. From there you can decide what steps to follow.

  5. #5
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    Yeah this doesn't sound like a typical DoS attack - although it's entirely possible someone is flooding the site with HTTP traffic. I assume you're using a shared server? I would try with a VPS or even a dedicated server if you can afford it. It might just be a simple issue of your site outgrowing shared hosting which is very common.
    RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca

    www.HostingSecList.com - Security Notices for the Hosting Community.

  6. #6
    Join Date
    Dec 2002
    Location
    texas
    Posts
    1,333
    Hello,


    What is your ticket number on this? I'll be happy to have one of our senior guys give you a call to look into this further for you.

  7. #7
    The ticket number is: CGX-18069948



    I received this response when asking for information on the attack.

    Hello,
    That information resides at our data center and is unavailable for viewing by customers. I apologize for this inconvenience.
    Any help is appreciated. Thanks

  8. #8
    Join Date
    Dec 2002
    Location
    texas
    Posts
    1,333
    Hi Jordan,


    I asked out deputy CTO to take a look and he said he believes he could have mitigated this fairly easily and that we were to quick to pull the suspension trigger. I'm truly sorry!

    He went onto say the suspension was lifted and that your site looks to be pointed to be liquidweb. Assuming you want to give us another chance I'll be happy to team the two of you up so that if and when this happens again you have one of the best in the world working on it. If you'd like further help please shoot me an email to brent@hostgator.com thanks!

  9. #9
    Join Date
    Apr 2011
    Location
    Fairfax, California
    Posts
    1,226
    Have you tried something like CloudFlare?
    That is free, and should mitigate most attacks.

  10. #10
    Join Date
    Jan 2004
    Location
    New York, NY
    Posts
    1,241
    Quote Originally Posted by shovenose View Post
    Have you tried something like CloudFlare?
    That is free, and should mitigate most attacks.
    CloudFlare's own representative on this forum has suggested that CloudFlare can assist with small DDoS attacks but is not designed to mitigate larger attacks at this time. They will simply pass the attack and traffic on to your server. "Large" attacks were noted as being 1 - 2 Gbps... so it would seem in this case CloudFlare wouldn't be much help.
    Thanks,

    Brendan Diaz
    Connect: linkedin.com/in/brendandiaz

  11. #11
    Join Date
    Nov 2010
    Location
    San Francisco, CA
    Posts
    901

    Post Hi

    Quote Originally Posted by Brendan Diaz View Post
    CloudFlare's own representative on this forum has suggested that CloudFlare can assist with small DDoS attacks but is not designed to mitigate larger attacks at this time. They will simply pass the attack and traffic on to your server. "Large" attacks were noted as being 1 - 2 Gbps... so it would seem in this case CloudFlare wouldn't be much help.
    A lot has changed since then. We actually just released a new DDoS mitigation feature & an attack of that size is generally not a problem now. There are also some other things that CloudFlare users can do to further mitigate attacks using our service.
    CloudFlare Community Evangelist

  12. #12
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by damoncloudflare View Post
    A lot has changed since then. We actually just released a new DDoS mitigation feature & an attack of that size is generally not a problem now. There are also some other things that CloudFlare users can do to further mitigate attacks using our service.
    So an attack of ~1Gbps is considered fine in Cloudflares eyes now?

  13. #13
    Join Date
    Nov 2010
    Location
    San Francisco, CA
    Posts
    901

    Post Hi,

    Quote Originally Posted by cd/home View Post
    So an attack of ~1Gbps is considered fine in Cloudflares eyes now?

    *Probably* ok in most circumstances. Since we just released our DDoS mitigation tool, we're still testing it to see what it helps with and to actually provide some hard numbers about what will be ok. I know that's kind of vague right now..
    CloudFlare Community Evangelist

Similar Threads

  1. Replies: 0
    Last Post: 05-08-2011, 02:43 PM
  2. Replies: 0
    Last Post: 10-08-2010, 04:31 PM
  3. DDoS protection providers vs DDoS protection scripts
    By Mareshal in forum Dedicated Server
    Replies: 12
    Last Post: 10-10-2009, 09:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •