My 5 yearold site has never gotten Ddos attack before.. less than amonth ago i moved to LiquidWed, and suddenly.. today.. the site is under ddos attack, it has gone down for over 3 hours now.
Anyone using LiquidWeb?
How long usually ddos attack last?? This is the first time im using LW's StormServer (not Traditional server). If i had stronger/better server, would this ever happen?? Will CDN help?
Here's email i got from LW:
Hello, A large inbound denial of service (DoS) attack of size 2.4 Gbps was detected attacking the server host.xxx.com. The attack appears to have been targeting the IP address 209.xxx.xx and that IP has now been null routed on the Liquid Web network. This means that all traffic to that IP address, including legitimate traffic, will be dropped. We do have other countermeasures available that will allow most legitimate traffic through even during a DoS; we refer to that service as "DDoS Attack Protection".
We've taken action due to the severity of the attack and because the attack was causing packet loss for other customers. To prevent further complications on the Liquid Web network the IP address will remain null routed until the attack has subsided, or until DDoS Attack Protection is enabled.
Get DoS protection. I believe LW offer this so either get it with them or through a 3rd party.
█ SERVSTRA | THE HIGH BANDWIDTH SERVER SPECIALISTS
█ Lowest prices on 2Gbps, 5Gbps & 10Gbps DEDICATED unmetered servers!!!
█ Custom 10Gbps unmetered clustered server solutions! Email us for more info!
█ Over 24 world wide locations to choose from!
If you just moved there it could be possible the last person on that IP attracted some attacks if you haven't had any in five years it sounds a little odd that you would be attacked now.
Sales/Support - sales @ purevoltage.com / 1-855-787-8658 PureVoltage.com Premium Colocation, Dedicated & VPS Hosting, along with Remote Hands NY Enterprise Hardware with 6 Global Locations - Seattle | Dallas | Chicago | Los Angeles | New York | Amsterdam
I personally wouldn't look into DDoS protection just yet. Since it's the first time you've been attacked in 5 years, it could be a one-off. Sometimes you get people testing the capability of their booters/botnets (as annoying as it is, it happens) on random targets.
I would wait for LiquidWeb to lift the null-route (if they haven't already) and monitor the situation. If it happens again, it sounds like you're intentionally being attacked, in which case, you should look for a more permanent solution.
First find out the type of attack and it's size from your hosting provider.
Second in case if it's TCP - consider using a remote protection TCP proxy, in other case, if it's a game server and you don't need lags, consider a new dedicated server, protected from ddos attacks.
How much money are you loosing from downtime? If money lost > cost of DDoS protection, then you need it.
Like what someone already said here, it could be a one off. You may get them every day for several hours, once per week, once per month of varying strengths or never again. You need to give this time to find out if it is worth the investment into anti-DDoS.
A word of warning: if you're being targeted on purpose, attackers will only use the minimum amount to get you null routed to save resources. They may have 30 Gbps attacks ready and waiting for you. Once you have protection in place for say 3 Gbps, then comes the 5, 10, 15, 20 or 30 Gbps attacks. Make sure you have a scalable (and affordable) DDoS protection service. I am speaking from my own personal experience.