Results 1 to 21 of 21
  1. #1
    Join Date
    Jan 2010
    Location
    Belgrade, Serbia
    Posts
    71

    Is this a normal solution?

    Hi
    Unfortunately, my reseller provider and one of his servers were under DDos attack. Of course, my reseller accounts were on that server.
    So websites were down for 45minutes-1hour(they are still down btw), when provider sent email saying that old IP is nulled, and now we only need to wait until is propagated, up to 24 hours.
    I am not an expert, but leaving me without websites for 24 hours??? I don't even want to think about my client(I will handle that somehow)... but what if new attack happens? Another 24 hour...
    I have reseller account at one other company and this hasn't happened for almost 2 years(maybe I was lucky)
    Thanks

  2. #2
    Join Date
    Feb 2006
    Posts
    4,799
    How a DDOS attack is handled depends mostly on the DC the servers are being hosted with (if servers are rented) and/or the network configuration being used (especially if servers are colo'ed). A null route is not unusual at all in a situation where a server is rented or in a colo setup with limited available bandwidth. It might not be ideal, however, expect to pay a premium price for a service capable of absorbing large attacks without service disruption.
    WHMEasyBackup.com - Take Control Of Your Backups!
    Complete Backup Solution For WHM Reseller Accounts
    Download Trial

  3. #3
    Join Date
    Jul 2011
    Location
    SriLanka
    Posts
    2,073
    Yes, changing IP is not a permanent solution, It can happen to new IP as well.
    LankaPartnerHost.Com
    Openvz SolusVm VPS DDOS Protected Canada & Romania
    Dedicated Servers And Satellite Dish Colocation with 1Gbps For IPTV
    Canada Anti DDOS Webhosting, Reseller Hosting, WHMsonic, WHMsonic Resellers

  4. #4
    Join Date
    Jan 2010
    Location
    Belgrade, Serbia
    Posts
    71
    Quote Originally Posted by DWS2006 View Post
    How a DDOS attack is handled depends mostly on the DC the servers are being hosted with (if servers are rented) and/or the network configuration being used (especially if servers are colo'ed). A null route is not unusual at all in a situation where a server is rented or in a colo setup with limited available bandwidth. It might not be ideal, however, expect to pay a premium price for a service capable of absorbing large attacks without service disruption.
    I understand that ddos protected server should cost more(and reseller hosting packages too, off course). I am using very reputable provider, and this is why I am surprised. It is very strange for someone to tel you everything is fine, just wait up to 24 hours, because it is really too much time in hosting business. Even their server status says server is up, so I couldn't even get credits(refund for this month) back probably even if I will be without hosting for 24 hours.(i don't want them, but just saying).

  5. #5
    Devise and Incident Response Plan. This could keep happening...
    Hosting And Designs L.L.C. Since 2002 --> http://www.hostinganddesigns.com/HD/
    Tech Blog: http://www.hostinganddesigns.com/Blog/
    Sales: Lars A Jensen. Direct: 503-999-7518 9am-5+pm

  6. #6
    Join Date
    Feb 2006
    Posts
    4,799
    This kind of situation is definitely frustrating. This is one reason why ipv6 implementation can't happen fast enough. If ipv6 was the norm and each website ran on its own ipv6 address, finding targets and such would be a much easier process.
    WHMEasyBackup.com - Take Control Of Your Backups!
    Complete Backup Solution For WHM Reseller Accounts
    Download Trial

  7. #7
    Join Date
    Aug 2009
    Location
    Lafayette, IN
    Posts
    194
    It's not uncommon, but this is some of the inherent risks of running Shared/Reseller Hosting, you can get caught up in someone else's issues. It can happen to anyone though, all you need is 1 malicous person to have a problem or a desire to mess with someone and a lot of innocent people can get caught in the fallout. If websites/services need constant uptime then a Shared/Reseller enviroment might not be the best for them, as these services are cost effective for a reason. You might want to look into a VPS or Cloud solution.

    When it comes to prorogation it can take up 24 hours, but it could be less as well, so you will want to check back routinely to see when services are working correctly.

  8. #8
    Join Date
    Jan 2010
    Location
    Belgrade, Serbia
    Posts
    71
    Quote Originally Posted by TouchSupport View Post
    You might want to look into a VPS or Cloud solution.
    Do you think that VPS or cloud would lower the risk of DDOS attacks?

  9. #9
    Join Date
    Aug 2009
    Location
    Lafayette, IN
    Posts
    194
    If the attack is not targeted at him then yes, then he can work in a isolated environment with only his customers.

    From the sounds of the OP, the problem is DDOS on the server the accounts are located on and not a DDOS to one an account they control, so moving to a solution that is not shared with other people you have no control over will reduce your exposure to unneeded DDOS risks

  10. #10
    Join Date
    Apr 2009
    Location
    New York City
    Posts
    5,054
    Quote Originally Posted by goran5103 View Post
    Do you think that VPS or cloud would lower the risk of DDOS attacks?
    I think it's all the something the only thing that will make a difference is if you get ddos protected service with your server weather you go with shared , vps or even dedicated and cloud..

    Assigning a new ip and nulling the old one will do a temp fix for a short period of time till the hackers or attackers find out what's the new IP address that is assigned to you or your people
    .

  11. #11
    Join Date
    Jan 2010
    Location
    Belgrade, Serbia
    Posts
    71
    I think I understand now but just to be sure. I one VPS is ddos attacked, would other VPSs placed on same dedicated server be affected? If not that would be great, because my sites are small business websites with very little visitors, and they would hardly attract any attention

  12. #12
    Join Date
    Aug 2009
    Location
    Lafayette, IN
    Posts
    194

    reply

    It all matters on how the VPS Node is setup, and if there are hard limits set to resources, if there are then there should be decent protection and you could see some sluggish results but not all out failure like being on shared/reseller server that is under attack.

    Also changing the IP is a temp fix, but if you know what site(s) are being attacked but you can't get into the server to disable them, then changing the IP could give the reprieve needed for the Admins to terminate/move accounts under attack off the server where other customers are located, but then they might not do that but is a possibility.

  13. #13
    Join Date
    Jan 2010
    Location
    Belgrade, Serbia
    Posts
    71
    Thanks for your info and patience.
    I will definitely move files to one more server, so if new attack occurs i can change nameservers and avoid longer down time.
    It is so frustrating when you are helpless on reseller account

  14. #14
    Join Date
    Aug 2009
    Location
    Montreal
    Posts
    1,606
    Quote Originally Posted by goran5103 View Post
    I think I understand now but just to be sure. I one VPS is ddos attacked, would other VPSs placed on same dedicated server be affected? If not that would be great, because my sites are small business websites with very little visitors, and they would hardly attract any attention
    If the network port is saturated, everyone will be affected. Also, if the attacks are large, datacenters will null route IP to prevent issues to other clients on the same network. It's a normal practice unfortunately.
    CrocWeb :: Canadian Web Hosting
    Accelerate your website, maximum performance!
    www.crocweb.com :: Since 2009 (Montreal, Quebec)

  15. #15
    Join Date
    Dec 2006
    Posts
    285
    Unfortunately this is a situation that can happen at any provider and it sounds like they are trying to get things under control and trying to move you away from the attack which is good. Ya of course waiting the 24 hours, nobody wants to do that, but there is nothing else that can be done.

  16. #16
    Join Date
    Jan 2010
    Location
    Belgrade, Serbia
    Posts
    71
    Actually, total down time was 4-5 hours for me... Not very pleasant, but it is better than 24 hours. As I said before, company has good reputation, and they solved this situation too.
    My only fear was repeated DDOS attacks, and repeated 24 hours of down time, but luckily this hasn't happened

  17. #17
    Does your provider offer an SLA? There should be some sort of credit for 4-5 hours of downtime.

  18. #18
    Join Date
    Oct 2013
    Location
    Everywhere
    Posts
    696
    Unfortunately many providers (like EZPZ) have exceptions based on what caused the downtime. Because DDoS is not usually the direct fault of the web host, they may not count it as grounds for SLA. I think it's a little shady but it's not uncommon.

  19. #19
    Join Date
    Jan 2010
    Location
    Belgrade, Serbia
    Posts
    71
    Yes,they do, but whats the use of 2 or 3$ refund
    I would never go for that. For me, the pint is to trust your host, and than, i just want to see them doing the right thing at every situation.
    There are some hosts around where you could get a lifetime free hosting with their 100% SLA, but whats the use of refund if your server is down all the time.
    Thats just mine opinion, off course

  20. #20
    Join Date
    Oct 2008
    Location
    Singapore
    Posts
    4,521
    Nasty things can happen and DDoS attacks are unfortunately outside of the host's control. If you are afraid of future attacks, go for a host with a DDoS protected setup but that will drive the prices up significantly.
    LIMENEX WEB HOSTING
    Affordable High Performance Web Hosting in United States & United Kingdom
    Web Hosting | Reseller Hosting | Managed VPS | Managed Dedicated Servers | Cheap SSL Certificates

  21. #21
    Join Date
    Jan 2010
    Location
    Belgrade, Serbia
    Posts
    71
    Actually, I am a little scared to go for hosts that advertise themselves for DDOS protection, as their servers are probably full of people who really need ddos protection and whose websites are attracting ddos attacks. None of my sites attracts any kind of attacks and attention, so I would jump into dangerous environment, where I there wouldn't be dilemma IF there is going to be an attack, but is defense going to be strong enough.
    I might be wrong off course, but this was just me I'm thinking out loud.

Similar Threads

  1. Is it normal?
    By hostcadet in forum Web Hosting
    Replies: 16
    Last Post: 09-14-2012, 06:39 PM
  2. Is this normal?
    By jellday in forum VPS Hosting
    Replies: 9
    Last Post: 10-02-2011, 02:12 PM
  3. Is this normal?
    By CoryL in forum Reseller Hosting
    Replies: 16
    Last Post: 11-02-2010, 02:54 AM
  4. Replies: 9
    Last Post: 07-05-2007, 10:07 AM
  5. Is this normal?
    By JCranfill in forum Hosting Security and Technology
    Replies: 8
    Last Post: 08-26-2001, 10:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •