Results 1 to 22 of 22
  1. #1

    We need reliable web hosting with DDOS protection

    Our web site has been the victim of large coordinated DDOS attacks which brought us down repeatedly for a week. The attacks have stopped for now but we remain vulnerable.

    The only thing that stopped our site from going down completely was when Cisco Guard was used. However, Cisco Guard also blocked a lot of legitimate traffic to the site.

    We want to change to a web hosting company that will offer us the following:

    1. Effective DDOS protection without blocking a lot of legitimate traffic.

    2. Real live 24/7 support.

    3. Our budget is $200 to $300 a month for a dedicated server.

    Can anyone please advise us on what to do? Thank you in advance for your help!
      0 Not allowed!

  2. #2
    Join Date
    Nov 2009
    Location
    Neenah, WI
    Posts
    392
    Quote Originally Posted by Stop DDOS View Post
    Our web site has been the victim of large coordinated DDOS attacks which brought us down repeatedly for a week. The attacks have stopped for now but we remain vulnerable.

    The only thing that stopped our site from going down completely was when Cisco Guard was used. However, Cisco Guard also blocked a lot of legitimate traffic to the site.

    We want to change to a web hosting company that will offer us the following:

    1. Effective DDOS protection without blocking a lot of legitimate traffic.

    2. Real live 24/7 support.

    3. Our budget is $200 to $300 a month for a dedicated server.

    Can anyone please advise us on what to do? Thank you in advance for your help!
    What kind of web site do you run? What kind of company is this?
      0 Not allowed!

  3. #3
    Quote Originally Posted by jamiedolan View Post
    What kind of web site do you run? What kind of company is this?
    Our web site is a grassroots political organization.
      0 Not allowed!

  4. #4
    Join Date
    Nov 2009
    Location
    Neenah, WI
    Posts
    392
    Quote Originally Posted by Stop DDOS View Post
    Our web site is a grassroots political organization.
    I've not used them personally, but http://www.serverorigin.com/ is one of the very largest capacity DDOS prevention companies I know of.

    They state they can protect up to 20 Gbps. That is a VERY large DDOS attack.

    They sell hosting but also sell a proxy sheild service where you can keep your current host and they provide a transparent front end.

    Their hosting fees appear reasonable and I think their proxy starts at about $200.

    Rackspace can potentially handle larger attacks but will be out of your price range. I've been a Rackspace client and can vouch for their service, high quality, $$$-$$$$$ ( You could afford their hosting but their true DDOS protection is much higher.

    http://www.rackspace.com/managed_hos...mitigation.php

    Other thing that might be an option is Amazon, S3 and S2 with their edge servers(cloud front). They have such a large distributed network that it is hard to take out. But I've heard it's been done, though they are very hush hush about attacks. I'm not an amazon client. Amazon is self managed and you need your own system admin to host there. Also transfer / use charges could be extremely high $$$ from a large DDOS.

    There are server managment companies you can contract with for a reasonable fee that would do 24x7 monitoring and support and maintain you service, I'm not positive though any work with Amazon.

    Good Luck.
    Last edited by jamiedolan; 02-13-2011 at 01:06 AM.
      0 Not allowed!

  5. #5
    Thank you for the recommendations.
      0 Not allowed!

  6. #6
    Join Date
    May 2010
    Location
    Toronto, Canada
    Posts
    461
    You might want to consider a DNS service with DDOS protection as well ,as that is also a common way sites are attacked.

    I've used EasyDNS in the past, they might be someone you want to look into. UltraDNS is also good, but they can be expensive especially if you incur a large number of queries. Amazon uses UltraDNS to some extent afaik.
    Stack Star | Shift8 Web
    ★ Managed VPS Hosting ★ Managed Wordpress Hosting ★ Managed Dedicated Hosting ★ Web Development ★ Web Design
    Managed Wordpress Hosting Web Design Toronto
      0 Not allowed!

  7. #7
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Quote Originally Posted by jamiedolan View Post
    I've been a Rackspace client and can vouch for their service, high quality, $$$-$$$$$ ( You could afford their hosting but their true DDOS protection is much higher.
    Right, so use ServerOrigin then. The pricing is very reasonable.
      0 Not allowed!

  8. #8
    Join Date
    Oct 2007
    Posts
    455
    Quote Originally Posted by kevinnivek View Post
    You might want to consider a DNS service with DDOS protection as well ,as that is also a common way sites are attacked.
    You can not use a DNS service for DDOS protection. They protect their DNS services.... but web traffic does not flow through a DNS service.... My UltraDNS rep tries to convince me it does all of the time.... it does not.
    UltraDNS is a service that has years and years of fighting DDOS attacks on their DNS services.... so they know how to do it.
    EasyDNS uses and teams up with Prolexic (anti-DDOS equals Prolexic).


    For an anti-ddos service you want to look at a company like Black Lotus, ServerOrigin, etc..
      0 Not allowed!

  9. #9
    Join Date
    May 2009
    Location
    Italy - Rome
    Posts
    152
    Frist you must analyse the type of DDoS.
    Then you can create your own DDoS protection with less than 200$ month.

    What you need?

    - 1 Web Hosting (to host your site)
    - Some server that work as proxy/firewall than forward only legitim traffic to web hosting.

    I have managed one big attack with 1million connections with 9 simple Clouds server that cost is 0,01 cent/h.
    Each server has 100Mbps connection.

    To stop the attack DDoS on the web sites don't need more bps but need a server that can manage more pps (packets per second), can put offline a 100mbps using more than 20mbps, just flood the server of syn_sent packets and the port will be too busy to reply at any new packets, getting time out.

    Have a Gigabit connection permit to use jumbo frames, 100mbps can't use MTU more than 1500 byte, so the packets can't be optimized and if i send 80.000 packets, you will accept all of it.
    With 1Gbps, can sent the MTU to 9000 bytes, so each packet will be composed with 9000 bytes. Use more bps but less pps.

    If use 10Gbps fiber, can set 14000 frame for each packet and reduce the pps saturation but increse bps, 10gbps is a lot.

    Well, all this can be changed dynamically for each type of DDoS. So i suggest to not buy a serveice that protect you but to learn how to pretect yourself.

    Cheap and dynamic solution is to use cloud computing, pay by hour and use only when under attack. More IP attack, more server cloud you will need.

    Professional solution is to buy one or more server with 10Gbps connection and configure it as firewall that change the MTU and some other setting when under attack.

    Read this documents

    http://www.ethernetalliance.org/file...s%20v0%201.pdf

    http://en.wikipedia.org/wiki/Maximum_transmission_unit

    This is to manage the attack of synflood. The problem of DDoS HTTP Get / can be easy block by nginx and good configuration with limits and cache.

    There are some layer of DDoS, if you want to learn about. I'm here.
      0 Not allowed!

  10. #10
    Join Date
    Jun 2006
    Location
    NYC / Memphis, TN
    Posts
    1,454
    ** In reply to Raffo above**

    This all sounds great in theory but if you're receiving any attack upwards of 100-200K PPS (DDoS traffic) the server will fold unless it's all blocked. If you're firewalling 200K PPS that's one thing but trying to route/filter it is another.

    - The cost of a 10Gbps connection is likely more expensive than the average attack would cost with professional filtering.
    - Most servers with a 10Gbps NIC cannot push anywhere near that number. In a DDoS scenario with high PPS or low-and-slow then 10Gbps/1Gbps/100Mbps won't reliably increase your chances of withstanding the attack.
    - Most cloud providers will not only frown but suspend any system receiving in excess of 60-100K PPS if it doesn't crash first.

    This solution sounds neat but it's a thrown together web with high risk of failure points in any location where a provider doesn't want to receive that kind of traffic. It also provides no SLA, no support, and no real guarantee you don't spend hundreds of dollars to still have a site that's down.

    If the attack is of any real size or if your revenue stream depends on the site, then searching out real mitigation is always a better scenario.

    I don't say this because I work for a mitigation company, I say this because if there is a method of reliably filtering DDoS cheaper than most of us do, many would already do it.

    I know this has potential to work on specific types of floods, however now days, it isn't the PPS/Mbps rates that get you. The attacks are becoming harder to track and more sophisticated than simply tossing up enough proxies to withstand the load.
    Last edited by PeakVPN-KH; 02-23-2011 at 12:43 AM.
    PeakVPN.Com | Complete Privacy VPN | Cloud Hosting | Guaranteed Security | 1Gbps-10Gbps Unmetered
    PeakVPN | 31 VPN Servers | 17-Years Experience | Emergency 24/7 Support
    Visit us @ PeakVPN.Com (Coming SOON) | ASN: 3915
      0 Not allowed!

  11. #11
    Join Date
    May 2009
    Location
    Italy - Rome
    Posts
    152
    Hi ServerOrigin,

    10gbps can be expensive, it cost 360€/month with 40TB limit on download from OVH, i have test it the full network wih 2 10Gbps and total transfer rate was 6Gbps (I/O limit).

    200-300 Kpps can manage with 1Gbps.

    My last mitigation was with 9 server mCloud from OVH and each one was able to receive no more than 80 kpps with 1500 MTU, in total i manage 720 kpps and 10 mbps for each server cloud.
    It was cost less than 10€ and i was used for all time the attack was run: 1 week.

    Of course, Anti-DDoS network are done by more Cisco Firewall with much technologies of Packets Filtering, but this is very expensive to make it own. Consider, a Cisco ASA 5520 are not well than 1Gbps server because it's rate are 450mbps.

    I'm for understand all the mechanism and find a solution for that. Now just compare the method with $$$ and proceed for the right way.
      0 Not allowed!

  12. #12
    Join Date
    Oct 2007
    Posts
    455
    Quote Originally Posted by raffo View Post
    Frist you must analyse the type of DDoS.
    Then you can create your own DDoS protection with less than 200$ month.
    Be interesting to see where you are getting bandwidth this cheap.



    Quote Originally Posted by raffo View Post
    I have managed one big attack with 1million connections with 9 simple Clouds server that cost is 0,01 cent/h.
    Each server has 100Mbps connection.
    What sort of protocol are you using? You are aware that 1 million connections is almost 1 Gbps with nothing more than the header (basically the smallest packets available). So you are saying that you fought a 1 Gbps attack on 9 cloud servers that only had 100 Mbps connections???? That's an amazing way to distribute the traffic so equally. Wonder what your cloud provider was able to use to distribute it so equally.

    But to MAX each of these cloud instances at their full 100 Mbps and to only pay 0.01 cents per hour!?!?!?! That is the most amazing thing that I have ever heard of. Can you say who you used?


    All of the rest of your data seems great. I just can't believe at the cost you are able to do this with......
      0 Not allowed!

  13. #13
    Take a look at Awknet. I have a Awknet protected IRC server and it handles attacks well
      0 Not allowed!

  14. #14
    Join Date
    Nov 2009
    Location
    Neenah, WI
    Posts
    392
    Quote Originally Posted by BuffaloBill View Post
    What sort of protocol are you using? You are aware that 1 million connections is almost 1 Gbps with nothing more than the header (basically the smallest packets available). So you are saying that you fought a 1 Gbps attack on 9 cloud servers that only had 100 Mbps connections???? That's an amazing way to distribute the traffic so equally.
    They must have this:

    http://www.cisco.com/en/US/products/hw/routers/ps368/index.html


    With this installed:

    http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/index.html




    I bet Server Origin actually uses a similar setup. Do you have any idea how much those cost?
      0 Not allowed!

  15. #15
    Join Date
    Jan 2011
    Location
    India
    Posts
    1,453
    I found out 2 below mentioned as per your requirment:
    dragonara, and
    gigabitdc
      0 Not allowed!

  16. #16
    Join Date
    May 2009
    Location
    Italy - Rome
    Posts
    152
    Quote Originally Posted by BuffaloBill View Post
    Be interesting to see where you are getting bandwidth this cheap.





    What sort of protocol are you using? You are aware that 1 million connections is almost 1 Gbps with nothing more than the header (basically the smallest packets available). So you are saying that you fought a 1 Gbps attack on 9 cloud servers that only had 100 Mbps connections???? That's an amazing way to distribute the traffic so equally. Wonder what your cloud provider was able to use to distribute it so equally.

    But to MAX each of these cloud instances at their full 100 Mbps and to only pay 0.01 cents per hour!?!?!?! That is the most amazing thing that I have ever heard of. Can you say who you used?


    All of the rest of your data seems great. I just can't believe at the cost you are able to do this with......
    Then 10Gbps can have at 360€ month
    http://www.ovh.co.uk/products/hg_2010_bestof.xml (look the setup fee hehe)

    And the Cloud that i used is this:
    http://www.ovh.co.uk/cloud/

    Can be interesting yo use this big resource to make anti-ddos server
    http://www.ovh.com/fr/private_cloud/reseau/index.xml

    In my mC i used FreeBSD with syn cache, pf and nginx.
    Protocol are TCP/IP and connections incoming was tcp on port 80.
    The attack was DDoS HTTP GET /, when i blocked the IPs it's stop the DDoS on HTTP site but there are always synflood TCP abuse.

    The only problem is that i don't used any Load Balanced. I just used DNS Round Robin, traffic was not equally distribute to all 9 mC.
    This 9 server was in additional to stop just the attack.

    The Domain was so 2 server + 9 mC = 11 ip resolve
    That's not good way.. but was solve the problem
      0 Not allowed!

  17. #17
    Join Date
    Oct 2007
    Posts
    455
    Quote Originally Posted by raffo View Post
    Then 10Gbps can have at 360€ month
    http://www.ovh.co.uk/products/hg_2010_bestof.xml (look the setup fee hehe)
    Ok.... so it is a temp solution.
    You see that clause they have in there?
    ---
    **: Traffic is unlimited. If you exceed 40 TB / month, the connection will be limited to 10 Mbps. 10 Gbps connection will be restored once additional TB of traffic have been purchased (after what you have exceeded has been taken away). £14.90 ex. VAT per TB (Minimum purchase 2TB).
    ---

    40TB is really only 120 Mbps if calculated over the month. You can get that really quickly on a 10 Gbps attack. I have seen charts of attacks that hit 40 TB in the first few hours (obviously more than 10 Gbps attack).

    Quote Originally Posted by raffo View Post
    The only problem is that i don't used any Load Balanced. I just used DNS Round Robin, traffic was not equally distribute to all 9 mC.
    This 9 server was in additional to stop just the attack.
    Honestly.... I'm with you in all of this until now. Attacks normally do not follow the round robin nature of DNS (or any that I have seen). They will attack one IP, bring it down, then go to the next.... increasing in bot size along the way until all IPs are down. Unless this was a DDOS run by newbies...
    A well planned DDOS they would target one or two IPs and knock down 10% to 20% of your users. Then not even touch your third IP until they brought down the first two and kept them down.

    I have seen them much more complicated so they are not mitigated by simple round robin DNS. A normal botnet operator would want to bring down at least 10% of your traffic than 0%.
      0 Not allowed!

  18. #18
    Join Date
    May 2009
    Location
    Italy - Rome
    Posts
    152
    40TB/month for outcoming traffic, Unlimited bw for incoming. Synflood are incoming packets only.

    I was stop thes attack easy because they attack only the domain of the site, not by IP.

    Of course is too bad round robin because if attack ip by ip can take down any all servers. But is cheap solution and it's first try when under attack. If they attack each IP, then need to think another method, for example, buy a IP Load Balancer.. This way can prevent to attack all the nodes because all traffic of all server pass in one IP.

    I'm for the cheap solution because i work with site that are not much attacked, they are under attack only 2-3 time by month and each attack don't take more than 1 week and it's always the same attack (HTTP GET / Flood).

    OVH are a good company for this, if buy more dedicate server (not cloud) can use a free IP Load Balancing, i already used with 3 server but i can't use this server for DDoS mitigation because are the main servers for SQL, PHP and Files.. But if i will buy 2 server of 10Gbps each, i will use load balancing for free.

    Do you have see the Private Cloud link of OVH? they give a lot of connections... it's on beta testing now.
    http://www.ovh.com/fr/private_cloud/..._technique.xml

    Well, a DDoS can be stop with a CDN and each node it's done by much server in load balancing. That's way s expensive but it's good.
    RAFFAELE
    Last edited by raffo; 02-23-2011 at 04:40 PM.
      0 Not allowed!

  19. #19
    Join Date
    Oct 2007
    Posts
    455
    raffo,

    Thanks for the followup. Very informative. Thank you.
      0 Not allowed!

  20. #20
    Join Date
    May 2004
    Posts
    354
    Quote Originally Posted by humawebdesign View Post
    I found out 2 below mentioned as per your requirment:
    dragonara, and
    gigabitdc
    I believe both are the same company
      0 Not allowed!

  21. #21
    Join Date
    May 2009
    Location
    Italy - Rome
    Posts
    152
    Quote Originally Posted by BuffaloBill View Post
    raffo,

    Thanks for the followup. Very informative. Thank you.
    you're welcome, i'm here to share my few knowledge and my experience.
      0 Not allowed!

  22. #22
    Join Date
    Sep 2008
    Location
    United Kingdom
    Posts
    45
    Are you talking about boxun/peacehall ?
    I'm so sorry to hear that.
    But spend 200-300 USD monthly is not enough to deal with such powerful DDoS attack.
    I suggest you can block all IPs from China, but people can also access your website via VPN.
      0 Not allowed!

Similar Threads

  1. Replies: 23
    Last Post: 11-11-2010, 02:27 PM
  2. Any reliable DDos Protection on East Coast?
    By justdosit in forum Dedicated Server
    Replies: 57
    Last Post: 06-11-2010, 12:33 AM
  3. Replies: 0
    Last Post: 04-18-2009, 12:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •