I recently bought a VPS from contabo , i have a very simple companies website hosted on it ( an informational websites ) however i got an email from Contabo today saying that they suspended the server because of a major ddos attack on my server , am confused ( i dont even know what is ddos ) and my business is offline losing money please help me what to do on their below email
""We are contacting you because, right now, your server at Contabo is the target of an extremely large network attack. This attack does not only create problems for the availability of your server but also for many other servers owned by other customers. For us, as a service provider, it is essential to guarantee the stability of our entire network.
Unfortunately, it is impossible to resolve this problem by regular means. You are always our most important partner. We will do anything possible to protect your server from attacks. This attack, however, is no trivial, 'little' DoS attack. DoS attacks are automatically blocked on our router, and our customers usually do not even take notice of them. This attack is a massive one, which requires a lot of resources. Such large attacks cannot be launched by everyone. Depending on the intricacy of the attack and the resources of the attacker, it sometimes is impossible to block such dDoS attacks with current technology. In this case, there is only one last resort: Not to block the attacking IP addresses (of which there might be myriad) but to block the attacked IP address. As already mentioned, this is the last thing we would ever do, but the stability of our network for other customers must be maintained by all means, and our hands are tied in this matter: We had to take action, and had to suspend access to your server.
If you have any information on the attacking party or why this attack is taking place, we would like you to describe in detail what you know, so that we can better coordinate our efforts. Please let us know how such attacks could be avoided in the future. We value our business relationship very much, but we need to work together in order to stop such attacks from reoccurring.
Please note that coping with this problem has taken a lot of effort. Serious damage has been caused by the network interruptions, a lot of our customers have been affected. Our technical support team is concentrated on getting the affected network sections up and running again. Our support team has to handle a massive number of complaints. Our entire team is forced to focus on this issue instead of continuing with regular work. All this has been caused by your server.
Taking all the above mentioned facts into consideration, we would normally have to ask for full compensation of the damage you caused. We will, exceptionally, refrain from doing so this time. Please understand that this is an exemption which can only be granted once.
We would like to point out that we will not tolerate such or similarly drastic incidents in the future. If a server of you ever causes comparable problems again, we will ask for full compensation. An immediate termination of the contract could be the consequence as well.
We will continue to monitor the network closely and wait for any information you might send to us. Once the attack is over, and you have explicitly confirmed that you are aware of the aforementioned possible consequences, we can unsuspend your server.
Please let us know if there is any other way in which we can assist you.
I would suggest switching all your passwords to the VPS and potentially hiring some third-party to assist you in hardening your security.
This wouldn't help - by the time a VPS host notices the attack it's likely causing issues (or is likely to cause issues) for other customers. At that point there's nothing you can do on the VPS itself.
A DDoS stands for Distributed Denial of Service, where many bot-controlled hosts will send network packets at your single server. There are primary two classes: 1) Layer 3/4 network attacks, and 2) Layer 7 application (e.g. http) attacks. The network attacks generally are a brute force attempt at overwhelming your network, hence why Contabo has decided to null-route your IP. This sinks all network packets at the periphery of the internet before it reaches their real network.
If this is seemingly random, you could try to just wait it out after letting Contabo know. Usually most providers stick it on a 24-hr timer although I'm not sure what Contabo's specific policy is regarding this matter.
If you think you know the culprit, have been contacted for ransom, or have competitors that might target you, then you're looking at getting yourself some DDoS protection. You can either get a DDoS proxy which will acts as a remote filter forwarding only clean requests to your server. Or you can get a DDoS protected server which colocates the server nearer to the filter to cutdown on any roundtrip times.
But first, contact Contabo and let them know if there's any possible motive behind this. They'll be in a better situation to suggest alternatives for you. Come back here if you have more questions.
When your provider says they cannot do anything other than null-routing your IP address, there is nothing more you can do with their services to prevent current DDOS. What is your best choice is to route your traffic through a third party DDOS protected network ( mostly a good solution when port 80 ( HTTP ) is targeted ). For that you can ask more information from your provider like, targeted IP(s), targeted service, rate of attack so that you can look around for a suitable service. There are a couple of providers around here who offer DDOS mitigation services.Otherwise move your VPS to another provider with DDOS protection. Still your choices will be based on the service which is targeted and the rate of attack. When hiring an anti-DDOS service, make sure it is powerful / resource armed enough to prevent the current attack against your server.