Results 1 to 8 of 8
  1. #1

    major network attack ! help please

    I recently bought a VPS from contabo , i have a very simple companies website hosted on it ( an informational websites ) however i got an email from Contabo today saying that they suspended the server because of a major ddos attack on my server , am confused ( i dont even know what is ddos ) and my business is offline losing money please help me what to do on their below email

    ""We are contacting you because, right now, your server at Contabo is the target of an extremely large network attack. This attack does not only create problems for the availability of your server but also for many other servers owned by other customers. For us, as a service provider, it is essential to guarantee the stability of our entire network.

    Unfortunately, it is impossible to resolve this problem by regular means. You are always our most important partner. We will do anything possible to protect your server from attacks. This attack, however, is no trivial, 'little' DoS attack. DoS attacks are automatically blocked on our router, and our customers usually do not even take notice of them. This attack is a massive one, which requires a lot of resources. Such large attacks cannot be launched by everyone. Depending on the intricacy of the attack and the resources of the attacker, it sometimes is impossible to block such dDoS attacks with current technology. In this case, there is only one last resort: Not to block the attacking IP addresses (of which there might be myriad) but to block the attacked IP address. As already mentioned, this is the last thing we would ever do, but the stability of our network for other customers must be maintained by all means, and our hands are tied in this matter: We had to take action, and had to suspend access to your server.

    If you have any information on the attacking party or why this attack is taking place, we would like you to describe in detail what you know, so that we can better coordinate our efforts. Please let us know how such attacks could be avoided in the future. We value our business relationship very much, but we need to work together in order to stop such attacks from reoccurring.

    Please note that coping with this problem has taken a lot of effort. Serious damage has been caused by the network interruptions, a lot of our customers have been affected. Our technical support team is concentrated on getting the affected network sections up and running again. Our support team has to handle a massive number of complaints. Our entire team is forced to focus on this issue instead of continuing with regular work. All this has been caused by your server.

    Taking all the above mentioned facts into consideration, we would normally have to ask for full compensation of the damage you caused. We will, exceptionally, refrain from doing so this time. Please understand that this is an exemption which can only be granted once.

    We would like to point out that we will not tolerate such or similarly drastic incidents in the future. If a server of you ever causes comparable problems again, we will ask for full compensation. An immediate termination of the contract could be the consequence as well.

    We will continue to monitor the network closely and wait for any information you might send to us. Once the attack is over, and you have explicitly confirmed that you are aware of the aforementioned possible consequences, we can unsuspend your server.

    Please let us know if there is any other way in which we can assist you.

    Last edited by meashsoft; 12-09-2013 at 01:11 AM.

  2. #2
    Join Date
    May 2012
    Boston, MA
    I would suggest switching all your passwords to the VPS and potentially hiring some third-party to assist you in hardening your security.

  3. #3
    Join Date
    Nov 2013
    You need to get your site behind an IP address that has DDoS protection. There's stuff you can run on your server, but that's not too helpful. It's best done at the router/switch level.

    Check out the offers section for DDoS capable hosting companies. - Ditch your slow host and choose the best!

    Web Hosting: Super fast web hosting. Your choice: San Francisco, CA or Atlanta, GA
    SSD VPS (KVM): Instant KVM VPS from Buffalo, NY

  4. #4
    Join Date
    May 2012
    I would suggest switching to OVH directly or some reseller of them in order to keep yourself protected from such attacks.

  5. #5
    Join Date
    Jun 2011
    Quote Originally Posted by HR-PhillF View Post
    I would suggest switching all your passwords to the VPS and potentially hiring some third-party to assist you in hardening your security.
    This wouldn't help - by the time a VPS host notices the attack it's likely causing issues (or is likely to cause issues) for other customers. At that point there's nothing you can do on the VPS itself.

  6. #6
    Join Date
    Dec 2013
    You could use something like cloudflare, I don't know if you can swap to it during an attack but it would help if there was another one.
    Unhappy with your current host? Take at look at The Pro Host
    Daily Backups|Guaranteed 99% uptime|Friendly support
    What else do you need?

  7. #7
    Join Date
    Jan 2011
    Wow, that's actually the nicest "we're null-routing you" ticket email I've ever seen.

    @meashsoft To get you up to speed real quick...

    A DDoS stands for Distributed Denial of Service, where many bot-controlled hosts will send network packets at your single server. There are primary two classes: 1) Layer 3/4 network attacks, and 2) Layer 7 application (e.g. http) attacks. The network attacks generally are a brute force attempt at overwhelming your network, hence why Contabo has decided to null-route your IP. This sinks all network packets at the periphery of the internet before it reaches their real network.

    If this is seemingly random, you could try to just wait it out after letting Contabo know. Usually most providers stick it on a 24-hr timer although I'm not sure what Contabo's specific policy is regarding this matter.

    If you think you know the culprit, have been contacted for ransom, or have competitors that might target you, then you're looking at getting yourself some DDoS protection. You can either get a DDoS proxy which will acts as a remote filter forwarding only clean requests to your server. Or you can get a DDoS protected server which colocates the server nearer to the filter to cutdown on any roundtrip times.

    But first, contact Contabo and let them know if there's any possible motive behind this. They'll be in a better situation to suggest alternatives for you. Come back here if you have more questions.

  8. #8
    Join Date
    May 2013
    When your provider says they cannot do anything other than null-routing your IP address, there is nothing more you can do with their services to prevent current DDOS. What is your best choice is to route your traffic through a third party DDOS protected network ( mostly a good solution when port 80 ( HTTP ) is targeted ). For that you can ask more information from your provider like, targeted IP(s), targeted service, rate of attack so that you can look around for a suitable service. There are a couple of providers around here who offer DDOS mitigation services.Otherwise move your VPS to another provider with DDOS protection. Still your choices will be based on the service which is targeted and the rate of attack. When hiring an anti-DDOS service, make sure it is powerful / resource armed enough to prevent the current attack against your server.

    Good luck with it!

Similar Threads

  1. major DDoS attack
    By Lem0nHead in forum Hosting Security and Technology
    Replies: 9
    Last Post: 01-29-2006, 10:48 AM
  2. Major hacking attack!!!!
    By netsolutions in forum Running a Web Hosting Business
    Replies: 18
    Last Post: 02-26-2005, 03:58 PM
  3. Major DDOS attack on my LayeredTech Server?
    By WebSavvyGuy in forum Dedicated Server
    Replies: 56
    Last Post: 10-26-2004, 05:43 PM
  4. RackShack major DoS attack...
    By gfhosting in forum Web Hosting
    Replies: 8
    Last Post: 06-13-2002, 01:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts