My VDS hosting provider's server has been down all day and much of yesterday. They claim they are being DDoS attacked by "Over 100 commercial servers."
But when I ping the server the response time average is exactly the same as I've gotten on days when everything was working fine. Is it normal for a server that's being ddos attacked on this scale to respond to ping requests so quickly?
The strange thing is that my host has his own personal website and game servers on this machine, and they're down as well. So I know he probably wants the server to be up as much as I do. I can't see why he'd lie to me about what's really going on.
An easier way to tell via MRTG is the open connections graph.
Traffic fluctuates too much to help determine if it's a DOS, but open connections to the server at any one period are very obvious to the eye.
YourCheapHost.com - Low cost multi domain hosting solutions. [Legal adult content friendly] Reliable web site hosting is our motto. We have Alertra stats to back that up. Proven provider of high quality shared and reseller accounts since 2002.
it could be that the attck is targetting apache port 80 but if you say his game server is also down then its much be a traffic attack but if its traffic atack you should get a time out in the ping or a very high ping rate.
it could be that he is just lieing but you will never be sure
I just found out that they were targeting apache as well as the ports that the game servers ran on, and apparently the game servers are fairly vulnerable to these kinds of attacks.
So I've pretty much determined that my host was telling the truth, though I suspect that the "Over 100 commercial servers" remark may have been an exageration.
I am dissapointed in the way my host solved the problem though, the attacker was an extortionist and my host gave in to his demands. I have a feeling this isn't the last time I'm going to find the server being attacked.
I don't think I should discuss the details, but essentially that's what was happening. The attacker was targeting a single server, and I believe colocated with ethr.net and I can ping it for 6ms from my college's connection, so it's on something much more than a dsl line.