Results 1 to 22 of 22
-
02-12-2011, 10:00 PM #1New Member
- Join Date
- Feb 2011
- Posts
- 3
We need reliable web hosting with DDOS protection
Our web site has been the victim of large coordinated DDOS attacks which brought us down repeatedly for a week. The attacks have stopped for now but we remain vulnerable.
The only thing that stopped our site from going down completely was when Cisco Guard was used. However, Cisco Guard also blocked a lot of legitimate traffic to the site.
We want to change to a web hosting company that will offer us the following:
1. Effective DDOS protection without blocking a lot of legitimate traffic.
2. Real live 24/7 support.
3. Our budget is $200 to $300 a month for a dedicated server.
Can anyone please advise us on what to do? Thank you in advance for your help!0
-
02-12-2011, 10:16 PM #2Aspiring Evangelist
- Join Date
- Nov 2009
- Location
- Neenah, WI
- Posts
- 392
0
-
02-13-2011, 12:14 AM #3New Member
- Join Date
- Feb 2011
- Posts
- 3
0
-
02-13-2011, 12:59 AM #4Aspiring Evangelist
- Join Date
- Nov 2009
- Location
- Neenah, WI
- Posts
- 392
I've not used them personally, but http://www.serverorigin.com/ is one of the very largest capacity DDOS prevention companies I know of.
They state they can protect up to 20 Gbps. That is a VERY large DDOS attack.
They sell hosting but also sell a proxy sheild service where you can keep your current host and they provide a transparent front end.
Their hosting fees appear reasonable and I think their proxy starts at about $200.
Rackspace can potentially handle larger attacks but will be out of your price range. I've been a Rackspace client and can vouch for their service, high quality, $$$-$$$$$ ( You could afford their hosting but their true DDOS protection is much higher.
http://www.rackspace.com/managed_hos...mitigation.php
Other thing that might be an option is Amazon, S3 and S2 with their edge servers(cloud front). They have such a large distributed network that it is hard to take out. But I've heard it's been done, though they are very hush hush about attacks. I'm not an amazon client. Amazon is self managed and you need your own system admin to host there. Also transfer / use charges could be extremely high $$$ from a large DDOS.
There are server managment companies you can contract with for a reasonable fee that would do 24x7 monitoring and support and maintain you service, I'm not positive though any work with Amazon.
Good Luck.Last edited by jamiedolan; 02-13-2011 at 01:06 AM.
0
-
02-13-2011, 01:05 AM #5New Member
- Join Date
- Feb 2011
- Posts
- 3
Thank you for the recommendations.
0
-
02-13-2011, 02:33 AM #6Web Hosting Evangelist
- Join Date
- May 2010
- Location
- Toronto, Canada
- Posts
- 461
You might want to consider a DNS service with DDOS protection as well ,as that is also a common way sites are attacked.
I've used EasyDNS in the past, they might be someone you want to look into. UltraDNS is also good, but they can be expensive especially if you incur a large number of queries. Amazon uses UltraDNS to some extent afaik.Stack Star | Shift8 Web
★ Managed VPS Hosting ★ Managed Wordpress Hosting ★ Managed Dedicated Hosting ★ Web Development ★ Web Design
█ Managed Wordpress Hosting █ Web Design Toronto0
-
02-13-2011, 04:14 AM #7CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
0
-
02-22-2011, 01:29 PM #8Web Hosting Evangelist
- Join Date
- Oct 2007
- Posts
- 455
You can not use a DNS service for DDOS protection. They protect their DNS services.... but web traffic does not flow through a DNS service.... My UltraDNS rep tries to convince me it does all of the time.... it does not.
UltraDNS is a service that has years and years of fighting DDOS attacks on their DNS services.... so they know how to do it.
EasyDNS uses and teams up with Prolexic (anti-DDOS equals Prolexic).
For an anti-ddos service you want to look at a company like Black Lotus, ServerOrigin, etc..0
-
02-22-2011, 08:54 PM #9WHT Addict
- Join Date
- May 2009
- Location
- Italy - Rome
- Posts
- 152
Frist you must analyse the type of DDoS.
Then you can create your own DDoS protection with less than 200$ month.
What you need?
- 1 Web Hosting (to host your site)
- Some server that work as proxy/firewall than forward only legitim traffic to web hosting.
I have managed one big attack with 1million connections with 9 simple Clouds server that cost is 0,01 cent/h.
Each server has 100Mbps connection.
To stop the attack DDoS on the web sites don't need more bps but need a server that can manage more pps (packets per second), can put offline a 100mbps using more than 20mbps, just flood the server of syn_sent packets and the port will be too busy to reply at any new packets, getting time out.
Have a Gigabit connection permit to use jumbo frames, 100mbps can't use MTU more than 1500 byte, so the packets can't be optimized and if i send 80.000 packets, you will accept all of it.
With 1Gbps, can sent the MTU to 9000 bytes, so each packet will be composed with 9000 bytes. Use more bps but less pps.
If use 10Gbps fiber, can set 14000 frame for each packet and reduce the pps saturation but increse bps, 10gbps is a lot.
Well, all this can be changed dynamically for each type of DDoS. So i suggest to not buy a serveice that protect you but to learn how to pretect yourself.
Cheap and dynamic solution is to use cloud computing, pay by hour and use only when under attack. More IP attack, more server cloud you will need.
Professional solution is to buy one or more server with 10Gbps connection and configure it as firewall that change the MTU and some other setting when under attack.
Read this documents
http://www.ethernetalliance.org/file...s%20v0%201.pdf
http://en.wikipedia.org/wiki/Maximum_transmission_unit
This is to manage the attack of synflood. The problem of DDoS HTTP Get / can be easy block by nginx and good configuration with limits and cache.
There are some layer of DDoS, if you want to learn about. I'm here.0
-
02-23-2011, 12:40 AM #10Web Hosting Master
- Join Date
- Jun 2006
- Location
- NYC / Memphis, TN
- Posts
- 1,454
** In reply to Raffo above**
This all sounds great in theory but if you're receiving any attack upwards of 100-200K PPS (DDoS traffic) the server will fold unless it's all blocked. If you're firewalling 200K PPS that's one thing but trying to route/filter it is another.
- The cost of a 10Gbps connection is likely more expensive than the average attack would cost with professional filtering.
- Most servers with a 10Gbps NIC cannot push anywhere near that number. In a DDoS scenario with high PPS or low-and-slow then 10Gbps/1Gbps/100Mbps won't reliably increase your chances of withstanding the attack.
- Most cloud providers will not only frown but suspend any system receiving in excess of 60-100K PPS if it doesn't crash first.
This solution sounds neat but it's a thrown together web with high risk of failure points in any location where a provider doesn't want to receive that kind of traffic. It also provides no SLA, no support, and no real guarantee you don't spend hundreds of dollars to still have a site that's down.
If the attack is of any real size or if your revenue stream depends on the site, then searching out real mitigation is always a better scenario.
I don't say this because I work for a mitigation company, I say this because if there is a method of reliably filtering DDoS cheaper than most of us do, many would already do it.
I know this has potential to work on specific types of floods, however now days, it isn't the PPS/Mbps rates that get you. The attacks are becoming harder to track and more sophisticated than simply tossing up enough proxies to withstand the load.Last edited by PeakVPN-KH; 02-23-2011 at 12:43 AM.
≈ PeakVPN.Com | Complete Privacy VPN | Cloud Hosting | Guaranteed Security | 1Gbps-10Gbps Unmetered
≈ PeakVPN | 31 VPN Servers | 17-Years Experience | Emergency 24/7 Support
≈ Visit us @ PeakVPN.Com (Coming SOON) | ASN: 39150
-
02-23-2011, 07:36 AM #11WHT Addict
- Join Date
- May 2009
- Location
- Italy - Rome
- Posts
- 152
Hi ServerOrigin,
10gbps can be expensive, it cost 360€/month with 40TB limit on download from OVH, i have test it the full network wih 2 10Gbps and total transfer rate was 6Gbps (I/O limit).
200-300 Kpps can manage with 1Gbps.
My last mitigation was with 9 server mCloud from OVH and each one was able to receive no more than 80 kpps with 1500 MTU, in total i manage 720 kpps and 10 mbps for each server cloud.
It was cost less than 10€ and i was used for all time the attack was run: 1 week.
Of course, Anti-DDoS network are done by more Cisco Firewall with much technologies of Packets Filtering, but this is very expensive to make it own. Consider, a Cisco ASA 5520 are not well than 1Gbps server because it's rate are 450mbps.
I'm for understand all the mechanism and find a solution for that. Now just compare the method with $$$ and proceed for the right way.0
-
02-23-2011, 02:48 PM #12Web Hosting Evangelist
- Join Date
- Oct 2007
- Posts
- 455
Be interesting to see where you are getting bandwidth this cheap.
What sort of protocol are you using? You are aware that 1 million connections is almost 1 Gbps with nothing more than the header (basically the smallest packets available). So you are saying that you fought a 1 Gbps attack on 9 cloud servers that only had 100 Mbps connections???? That's an amazing way to distribute the traffic so equally. Wonder what your cloud provider was able to use to distribute it so equally.
But to MAX each of these cloud instances at their full 100 Mbps and to only pay 0.01 cents per hour!?!?!?! That is the most amazing thing that I have ever heard of. Can you say who you used?
All of the rest of your data seems great. I just can't believe at the cost you are able to do this with......0
-
02-23-2011, 02:52 PM #13Disabled
- Join Date
- Jan 2011
- Posts
- 321
Take a look at Awknet. I have a Awknet protected IRC server and it handles attacks well
0
-
02-23-2011, 03:04 PM #14Aspiring Evangelist
- Join Date
- Nov 2009
- Location
- Neenah, WI
- Posts
- 392
They must have this:
http://www.cisco.com/en/US/products/hw/routers/ps368/index.html
With this installed:
http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/index.html
I bet Server Origin actually uses a similar setup. Do you have any idea how much those cost?0
-
02-23-2011, 03:23 PM #15Disabled
- Join Date
- Jan 2011
- Location
- India
- Posts
- 1,453
I found out 2 below mentioned as per your requirment:
dragonara, and
gigabitdc0
-
02-23-2011, 03:26 PM #16WHT Addict
- Join Date
- May 2009
- Location
- Italy - Rome
- Posts
- 152
Then 10Gbps can have at 360€ month
http://www.ovh.co.uk/products/hg_2010_bestof.xml (look the setup fee hehe)
And the Cloud that i used is this:
http://www.ovh.co.uk/cloud/
Can be interesting yo use this big resource to make anti-ddos server
http://www.ovh.com/fr/private_cloud/reseau/index.xml
In my mC i used FreeBSD with syn cache, pf and nginx.
Protocol are TCP/IP and connections incoming was tcp on port 80.
The attack was DDoS HTTP GET /, when i blocked the IPs it's stop the DDoS on HTTP site but there are always synflood TCP abuse.
The only problem is that i don't used any Load Balanced. I just used DNS Round Robin, traffic was not equally distribute to all 9 mC.
This 9 server was in additional to stop just the attack.
The Domain was so 2 server + 9 mC = 11 ip resolve
That's not good way.. but was solve the problem0
-
02-23-2011, 04:02 PM #17Web Hosting Evangelist
- Join Date
- Oct 2007
- Posts
- 455
Ok.... so it is a temp solution.
You see that clause they have in there?
---
**: Traffic is unlimited. If you exceed 40 TB / month, the connection will be limited to 10 Mbps. 10 Gbps connection will be restored once additional TB of traffic have been purchased (after what you have exceeded has been taken away). £14.90 ex. VAT per TB (Minimum purchase 2TB).
---
40TB is really only 120 Mbps if calculated over the month. You can get that really quickly on a 10 Gbps attack. I have seen charts of attacks that hit 40 TB in the first few hours (obviously more than 10 Gbps attack).
Honestly.... I'm with you in all of this until now. Attacks normally do not follow the round robin nature of DNS (or any that I have seen). They will attack one IP, bring it down, then go to the next.... increasing in bot size along the way until all IPs are down. Unless this was a DDOS run by newbies...
A well planned DDOS they would target one or two IPs and knock down 10% to 20% of your users. Then not even touch your third IP until they brought down the first two and kept them down.
I have seen them much more complicated so they are not mitigated by simple round robin DNS. A normal botnet operator would want to bring down at least 10% of your traffic than 0%.0
-
02-23-2011, 04:35 PM #18WHT Addict
- Join Date
- May 2009
- Location
- Italy - Rome
- Posts
- 152
40TB/month for outcoming traffic, Unlimited bw for incoming. Synflood are incoming packets only.
I was stop thes attack easy because they attack only the domain of the site, not by IP.
Of course is too bad round robin because if attack ip by ip can take down any all servers. But is cheap solution and it's first try when under attack. If they attack each IP, then need to think another method, for example, buy a IP Load Balancer.. This way can prevent to attack all the nodes because all traffic of all server pass in one IP.
I'm for the cheap solution because i work with site that are not much attacked, they are under attack only 2-3 time by month and each attack don't take more than 1 week and it's always the same attack (HTTP GET / Flood).
OVH are a good company for this, if buy more dedicate server (not cloud) can use a free IP Load Balancing, i already used with 3 server but i can't use this server for DDoS mitigation because are the main servers for SQL, PHP and Files.. But if i will buy 2 server of 10Gbps each, i will use load balancing for free.
Do you have see the Private Cloud link of OVH? they give a lot of connections... it's on beta testing now.
http://www.ovh.com/fr/private_cloud/..._technique.xml
Well, a DDoS can be stop with a CDN and each node it's done by much server in load balancing. That's way s expensive but it's good.
RAFFAELELast edited by raffo; 02-23-2011 at 04:40 PM.
0
-
02-23-2011, 06:31 PM #19Web Hosting Evangelist
- Join Date
- Oct 2007
- Posts
- 455
raffo,
Thanks for the followup. Very informative. Thank you.0
-
02-23-2011, 07:26 PM #20Aspiring Evangelist
- Join Date
- May 2004
- Posts
- 354
0
-
02-23-2011, 08:06 PM #21WHT Addict
- Join Date
- May 2009
- Location
- Italy - Rome
- Posts
- 152
0
-
03-14-2011, 03:42 PM #22Junior Guru Wannabe
- Join Date
- Sep 2008
- Location
- United Kingdom
- Posts
- 45
Are you talking about boxun/peacehall ?
I'm so sorry to hear that.
But spend 200-300 USD monthly is not enough to deal with such powerful DDoS attack.
I suggest you can block all IPs from China, but people can also access your website via VPN.0
Similar Threads
-
need help: trying to find a web hosting service with DDOS protection
By Kevin2000 in forum Web HostingReplies: 23Last Post: 11-11-2010, 02:27 PM -
Any reliable DDos Protection on East Coast?
By justdosit in forum Dedicated ServerReplies: 57Last Post: 06-11-2010, 12:33 AM -
Offshore Web Hosting | 24/7 Tech Support | Reliable & Affordable + DDOS Protection
By LargeServer in forum Shared Hosting OffersReplies: 0Last Post: 04-18-2009, 12:56 PM