Results 1 to 7 of 7
  1. #1
    Join Date
    Nov 2003
    Location
    Rovaniemi
    Posts
    483

    Bandwidth exceeded - customer claims it's DDOS attack

    Hi,

    We've had a few severe DDOS attacks the past week, but all is under control now.

    Yesterday we noticed that one of our customers's bandwidth has been exceeded by more than 400% and the account was automatically suspended. Customer was notified of this, urged to move to a higher plan and pay for the exceeded bandwidth.

    Customer now rudely claims this overage is because of DDOS attacks. However, the overage only appeared AFTER the attacks.

    No other accounts have had this kind of problem, so I would like to know if anyone else has had this kind of problem? Is it possible for this overage to show up one day after the actual attacks?
    IceBlueHost | Premium Quality Hosting Solutions
    Shared | Reseller | Xen VPS | Dedicated | cPanel | Softaculous | CLoudLinux | Game Servers
    True 24x7 Support | No Overselling | Servers in France and Canada
    Follow us on Twitter for the latest news and special promotions

  2. #2
    The best way to find out is to check the access logs for the customer. If those aren't available, try the stats. A DDOS will rarely ever contribute to someone's bandwidth usage since they rarely actually make web requests (let alone receive data).

    At the very least, there should be a bytes_log file for the customer (I'm pretty sure this exists with cPanel) and while I don't know for sure, I believe this shows the timestamp and data used for each request. You can attempt to match this to the approximate time your DDOS occurred.

    Last, keep in mind that a lot of customers with FrontPage extensions or otherwise easy passwords often have hidden directories (sometimes with names such as '...') that contain warez -- you may want to try a du -sh * in their public_html dir and look for any big files/directories that seem strange or that may have contributed to their bandwidth usage.

    I find it hard to believe that a server-wide DDoS would have caused the bandwidth spike, but the warez problem may be more likely... in the end it is up to you whether you choose to let them slide or not.

  3. #3
    err, if the attack did actually make requests it would make it considerably easier to trace neh?

    If the logs account for the usage, show the customer the logs.
    Try file hosting at Simpload.com

  4. #4
    Join Date
    Jan 2002
    Location
    UK
    Posts
    1,034
    Ultimately I think if the customer should be responsible for the traffic even tho it is from an attack, if the resulting bill would be hige then a compromise is probably the best solution which acts as compensation for you taking the attack. If the customer refuses to hold any responsibility and will pay nothing extra and expect no suspenson you need to question if its a customer worth having.
    Chris Collins
    Hostingfreak.net
    Directadmin Hosting in europe
    www.hostingfreak.net

  5. #5
    Join Date
    Nov 2003
    Location
    Rovaniemi
    Posts
    483
    Thank you all for your suggestions, it's very much appreciated.

    We are currently investigating the issue and checking the logs.

    I will keep you updated!
    IceBlueHost | Premium Quality Hosting Solutions
    Shared | Reseller | Xen VPS | Dedicated | cPanel | Softaculous | CLoudLinux | Game Servers
    True 24x7 Support | No Overselling | Servers in France and Canada
    Follow us on Twitter for the latest news and special promotions

  6. #6

    Its not Ddos

    Its not Ddos attack Its Bandwidth leaching !!
    last year one of my clint was having same problem .... some guys were leaching some jpg and zip Files on his site ..They leached near about 80GB in 24 Hours
    I sugested him to use HotLink Protection and it worked.

  7. #7
    Join Date
    Nov 2005
    Location
    North Tonawanda, NY
    Posts
    29
    Cpanel has an addon called Leach Protect that we offer with our service. This will allow him to set it up without dealing with installs, since it is autoinstalled through cpanel.
    Adam J. Thompson
    [email protected]
    http://www.incheckhost.com
    Also Check Out our Brand New Forums http://www.incheckforums.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •