Results 1 to 17 of 17

Thread: humbled by 1&1

  1. #1
    Join Date
    Apr 2003
    Location
    London UK
    Posts
    1,235

    Cool humbled by 1&1

    i just thought i'd share this experience with everyone.

    yesterday from 12pm GMT to 8pm my site was subjected to a distributed denial of service attack .

    i don't know who was responsible for the attack and i don't know why, specially since i'm such a nice person . the first sign of the attack was the fact that i had 60 users on my site at once, there's no way my site is that popular.

    at first they tried to download an mpeg file and use up the bandwidth but i replaced it with a text file (they still accessed it 1300 times) and it'd would be pretty difficult to use up the 12GB/s of bandwidth 1&1 supply with only 60 users.

    the next thing they tried was to overload my search.php by flooding it. now i believe this attack was directed at the cms i use e107, hence the attempts to flood, however this was unsuccessful, what it did achieve was to temporarily disable any CGI on my account. ok i wasn't too happy about that but every host needs to protect their servers from being overloaded.

    i deleted the search.php and the attackers simply hit 404s for a few hours while i went out to do my shopping (hey it was saturday).

    after i got back my log file had increased by several megabytes so i inserted a logging script into search.php and got a list of the IPs that were hammering my site (with spoons imo) as far as i can tell all the ips traced back to anonymous proxies .

    i then emailed the IPs to 1&1 and either the attack stopped or the IPs were blocked.

    i have to say that 1&1 are the strong and silent type, around 140,000 hits to my site in 8 hours and the effects on my site were negligible! OK so again we have this slow support issue but when you get through to them they go the distance, for example when i had around 30mins downtime on mysql a while back they weren't happy and refunded me for [b]three[b/] months!

    to help protect my site from code injection they kindly pointed out a flaw and suggested a fix.

    after the DDOS attack i assumed they would be very unhappy with me but they appear to have either not noticed or just let it go.

    so thank you 1&1 i may complain that your support is slow but for me they have made up for it, your servers are powerful and fast and could probably survive an attack 5 times as big without any problems, you've been good in the past but yesterday you were better

    i'm humbled

    ps they was no damage at all to my site's cms e107 which also rocks!
    <erno> hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is.

  2. #2
    Join Date
    Dec 2003
    Location
    Miami, FL
    Posts
    3,262
    Despite their lack of support, or delay in answering support questions, their network is very solid.

  3. #3
    Join Date
    Aug 2000
    Location
    Tacoma, Washington
    Posts
    9,576
    As far as DDOS attacks go that one was pretty mild...
    Former Webhost... now, just a guy.

  4. #4
    I agree with akashik, that was a mild attack. As for e107, you say they didn't affect it yet they did manage to take it offline for a while didn't they? Doesn't e107 have any flood control?

  5. #5
    that wasn't an attack, that was a kid with spitballs....LOL...ask Mike over at Spywareinfo.com what REAL ddos is like..sure he's be MORE the glad to tell you and how much money it cost him and half dozen others to circumvent it.

  6. #6
    Join Date
    Feb 2004
    Location
    Southern California
    Posts
    749

  7. #7
    Join Date
    Dec 2001
    Location
    Above The Clouds
    Posts
    6,999
    Aw, lightweight. Yesterday we had someone run a bot on our forum that created 10,000 members and they were all online at the same time. This is a powerful server with our site, forum and a few others on it but it still caused the load to jump to 30. They also mailbombed us (combined with the 20,000 activation emails) and DoSed us too. But they were so clever that it took about 6 minutes to track them down, firewall them. clean out the mail queue and the forum database.

    Stupid script kiddies.
    Laurence Flynn @ atOmicVPS LTD
    Linux & Windows Cloud Hosting Solutions Powered by OnApp
    Fully Managed [Shared][Reseller][Cloud VPS] [Dedicated]
    Featuring the atOmicSTACK ● Speed ● Performance ● Reliability

  8. #8
    Join Date
    Jul 2002
    Posts
    376
    NexDog: Will you be pursuing legal action?

  9. #9
    Join Date
    Dec 2001
    Location
    Above The Clouds
    Posts
    6,999
    On who? The attack probably came from a hacked box itself. In this kind of thing, there is not alot that can be done.
    Laurence Flynn @ atOmicVPS LTD
    Linux & Windows Cloud Hosting Solutions Powered by OnApp
    Fully Managed [Shared][Reseller][Cloud VPS] [Dedicated]
    Featuring the atOmicSTACK ● Speed ● Performance ● Reliability

  10. #10
    Join Date
    Feb 2002
    Location
    Australia
    Posts
    24,009
    Originally posted by akashik
    As far as DDOS attacks go that one was pretty mild...
    Yep, it was light alright.

  11. #11
    Join Date
    Apr 2003
    Location
    London UK
    Posts
    1,235
    Originally posted by Watcher_TVI
    I agree with akashik, that was a mild attack. As for e107, you say they didn't affect it yet they did manage to take it offline for a while didn't they? Doesn't e107 have any flood control?
    no, the site was up through out. i just decided to remove the file they were accessing in order save my traffic and yes e107 does have flood control.

    a small attack yes, but this is my personal site on a shared server so small does matter.
    <erno> hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is.

  12. #12
    I thinking of bying a dedicated server there too... they are really damn cheap... But if the service is good you dont need much support...

  13. #13
    Originally posted by ALGORYTHM
    no, the site was up through out. i just decided to remove the file they were accessing in order save my traffic and yes e107 does have flood control.

    a small attack yes, but this is my personal site on a shared server so small does matter.
    So you had to disable e107 (or portions of it) to cope with the attack? That means the attack DID take e107 (or portions of it) offline.

    That is not what I would call very effective flood control.....

  14. #14
    Join Date
    Oct 2002
    Location
    EU - east side
    Posts
    21,913
    But if the service is good you dont need much support...
    That's true... Until on day when you really-really need support and you need it fast.

  15. #15
    Join Date
    Apr 2003
    Location
    Ottawa, Ontario
    Posts
    151
    I have to say that such doesn't sound like much of an attack. Now, if you want to see a server go down and fast, get it slashdotted.

    Even the most powerful servers have gone belly up after a good slashdotting.
    Peter M Dodge,
    President, Viridian Tower Electronics

    (Formerly Creative Director of LiquidFire Network Solutions 2003-2007)

  16. #16
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    As the issue and reason for the posting seems to be, request made for DC support and very good support was quickly provided, I would also agree that in this situation, 1&1 made themselves look good. Hat's off to them.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  17. #17
    use all them hits to show to sell some advertising lol, im joking, but glad your site survived it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •