Results 1 to 17 of 17
Thread: The old DoS atack! What now?
-
04-24-2006, 11:47 PM #1New Member
- Join Date
- Apr 2006
- Posts
- 4
The old DoS atack! What now?
Hello guys,
Well, I have a server on LT, it was flooded, they unplugged my server from the network to wait the ataack to cease...
Then I thought, I cant just wait, I need Uptime.. Then I saw The Planet, with that Cisco DDoS guard and everything, I got into their salle chat, and they said they would block flood DoS atack on the router level, not harming my server uptime...
Some days latter, I wake up, just to see my server was offline, and a ticket saing it has been null routed due to a 650Mbits incomming DoS atack...
Now, what do I do? Do I really have to be at disposal of this Kids who by anyway doesnt like your work or in my case my game server?
EV1 says they will block DoS flood while it doesnt harm other server on the router...
Which most likely 650Mbit will do...
Do you guys think of anything? Or found a solution for that?
Thank you.
Pavel Alves.Last edited by Coizado; 04-24-2006 at 11:53 PM.
-
04-24-2006, 11:50 PM #2Poooooonnyyy :*
- Join Date
- Jan 2003
- Location
- Canada
- Posts
- 5,073
Staminus is the best for taking care of DDOS attacked
650Mbit for staminus is nothing in all honesty.
You can AIM toro at 'toro00' and he'll give you a price.
~FranciscoBuyVM - OpenVZ & KVM Based VPS Servers - Chat with us
- All popular VPN methods supported
- Affordable offloaded MySQL & DDoS protection
- 5GB backup space, unmetered private LAN bandwidth & native IPv6 included. All with a strong serving of pony
-
04-24-2006, 11:50 PM #3Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
http://gigeservers.net/
They have a neat setupSteven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
04-25-2006, 12:12 AM #4Web Hosting Master
- Join Date
- Dec 2002
- Location
- Prince Edward Island
- Posts
- 2,289
ThePlanets DOS blocking system has been broken for ages. If they sold the server to you saying its working, I'd call them up and demand a refund.
-
04-25-2006, 12:17 AM #5WHT Addict
- Join Date
- Jan 2006
- Posts
- 146
LT took your server offline? This concerns me... why can't they block a 650mbit ddos at the router level?
-
04-25-2006, 12:19 AM #6New Member
- Join Date
- Apr 2006
- Posts
- 4
Hello,
Yes they did, I asked very clearly before buying it, "Will you protect me, and keep my server running even during a DoS flood atack, no matter how big it is, unlike my last company"
Answer: Correct.
That sux guys...
Do you think that Staminus Will be a good alternative?
Thank you.
-
04-25-2006, 12:22 AM #7WHT Addict
- Join Date
- Jan 2006
- Posts
- 146
I will tell you what I think I think you need to go with a provider, and get a dedicated firewall for it. If I was having that much trouble that is what I would do.
-
04-25-2006, 12:22 AM #8Poooooonnyyy :*
- Join Date
- Jan 2003
- Location
- Canada
- Posts
- 5,073
Originally Posted by Coizado
Depending on the type of attack, etc, Matt is able to filter 2Gbit - 3Gbit without an issue. All this filtering is automated so you see nothing outside of an email telling you that you are currently under attack
~FranciscoBuyVM - OpenVZ & KVM Based VPS Servers - Chat with us
- All popular VPN methods supported
- Affordable offloaded MySQL & DDoS protection
- 5GB backup space, unmetered private LAN bandwidth & native IPv6 included. All with a strong serving of pony
-
04-25-2006, 01:05 AM #9Disabled
- Join Date
- Jan 2006
- Posts
- 388
Originally Posted by pshepperd
LT isn't setup for it, nor are many hosts... if you are going to get attacked, you need to be with a host that is especially setup to handle it.
-
04-25-2006, 01:33 AM #10Junior Guru
- Join Date
- Jul 2003
- Location
- North Carolina USA
- Posts
- 199
If you are talking about game hosting which requires UDP packets then (correct me if im wrong ) but both Gige and Staminus both block that kind of traffic but like i said im not 100% sure about this so you may want to contact them directly about it. As far as getting attacked im sorry to hear about your ordeal its a shame kids cant play nice and it requires there mommys to sit with them at the computer and supervise so decent people can operate and go about there everyday lives.
I would like to add that Gigeservers does a excellent job of blocking DDoS iv dealt with them personally and was very pleased with there level of service and prefessional way of handling things.
-
04-25-2006, 02:18 AM #11Junior Guru Wannabe
- Join Date
- Apr 2006
- Location
- Cali
- Posts
- 37
we were hit with an attack when our server was set up. the morons ended up getting root and erased our drive.
Turns out it was a blessing in disguise. We hadn't hardened the box enough and found some odd ports Plesk had opened for something. I'll have to as my admin for specifics but it was our time using Plesk and we weren't aware of all of the open ports we had. But once we plugged those holes we've been fine.
I would love to know why people find (D)DOS'ing or hacking into other people's servers fun. We don't run IRC/game servers, talk sh*t about people, or anything. We're just a small design/web shop trying to earn a living. Could anyone help this clueless guy out?
Why do they do it? And how do they find a freshly installed server so quickly?
-
04-25-2006, 06:37 AM #12Disabled
- Join Date
- Dec 2004
- Location
- Southwest Florida
- Posts
- 955
Originally Posted by sven04
It could be that someone's had that IP space before you that got attacked and it probably just continued onto when you came into play on that IP space. Or it could be someone who just doesn't like you, or a client on your server talking smack about said DoS'r, or a person who doesnt' like the datacenter and is flooding all their IP's..
Never know really.
I recommend you set up APF firewall and take other precautions.
Contact Jonesolutions.. They can set your server up, harden it professionally, and set your firewall up. Helped me mitigate my DoS after 24 hours, it filtered to nothing.
LT took your server offline? This concerns me... why can't they block a 650mbit ddos at the router level?
Why is it people go to Layered Tech, knowing their an unmanaged and CHEAP provider, and expect them to handle everything?
If you can't mitigate a DOS, you need to go to a MANAGED provider.
-
04-25-2006, 08:35 AM #13New Member
- Join Date
- Apr 2006
- Posts
- 4
Hello guys,
Well, acctually, my consern at this point isnt invasion protection, but FLOODing protection, I am able to install a software firewall and confirgure it to protect me in that manner, and besides, this kids arent looking for hacking, they neither want to nor know how to.
If I am not mistaken they are even Nuking/Flooding/DoSing my domain name, and not the IP directly...
I sent an email to Staminus, pasting my ticket on Theplanet where they say 650Mbit will harm other server and my server has to be null routed. And thats what they answer me:
"Hello,
I have read your WHT thread, and this email. We will protect you up to 2-3
gbps depending on the attack if you are not doing anything illegal in
accordance with local and federal laws in the United States.
--
Sincerely,
Matt M.
Staminus Communications"
So I guess thats perfect for me, I seriously doubt that they will put toguether enuf shells to over come that limit, speccialy now that google just changed something on their searching system and all "infected-shells-searching-Softwares" based on google, has stoped working.
Thank you very much guys. If Staminus has the config I want and Windows 2003 Standard Box, I am renting on them.
Comming here earlyer would have saved me so much mony, GOSH!
see ya.Last edited by Coizado; 04-25-2006 at 08:39 AM.
-
06-07-2008, 09:11 PM #14New Member
- Join Date
- Apr 2006
- Posts
- 4
Hi all,
LONG TIME since I last posted on this thread.
This is just a feedback and a Thanks note.
I am with staminus now for more then one year... They are great. Nothing is noticed on the atacks besides emails warning about atacks.
They have sustained up to 2.0GB atack just when we changed to them. No bigger atack was attempted ever since.
The "kids" got smarter... When they noticed that randomly nuking ports in order to use more bandwidth then the server could handle wouldnt work anymore becouse staminus router was detecting the atack and wasnt sending the packges to my server, consuming only some of its 6GB bandwidth not my server's 100MB, they beggan to nuke the process port, they got the process use to 100% of the processor and evetually lock down. Then I finally got a firewall and configured it to drop syn packages comming from the same IP too fast, and some other firewall rules, now my process runs normally, and sometimes they still try the random nuke, so far, they had no luck on causing any problem. Haha!
Staminus never null routed my server, ever!
Matt and toro are very helpfull and nice.
Thank you all guys for the suggestion. Really apreciate it!
Sincerely,
Pavel Alves (Coizado).
-
06-08-2008, 03:13 AM #15Junior Guru Wannabe
- Join Date
- Dec 2006
- Posts
- 56
Out of curiosity how much do you now pay extra per month with the firewalls and protection, without including the server price.
-
06-08-2008, 05:05 AM #16Web Hosting Master
- Join Date
- Jun 2006
- Posts
- 1,027
Softlayer do Cisco DDOS protection and again it can be turned on very quickly indeed.
Damien
-
06-08-2008, 05:18 AM #17Web Hosting Master
- Join Date
- Mar 2001
- Posts
- 2,057