Results 1 to 19 of 19
-
09-03-2007, 05:17 AM #1Web Hosting Master
- Join Date
- Dec 2006
- Location
- Cardiff, Wales
- Posts
- 803
I need to host a site that is DDOSSED ALOT
Hi. I have been asked to host a big site that is dossed alot.
When ever i have been ddossed, i have found that if i go into the csf firewall and block the ips, the server suddenly calms down.
It this theory correct or has this been just luck?
Thanks,SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/
-
09-03-2007, 05:38 AM #2Web Hosting Master
- Join Date
- Oct 2004
- Location
- Kerala, India
- Posts
- 4,771
ddos can be to a particular network, particular Ip, particular port etc. One of the method for blocking is what you have mentioned. But that alone cannot prevent ddos always. Sometime we will need to nullroute the IP or port to stop the attack. During that time sites and services may go down.
David | www.cliffsupport.com
Affordable Server Management Solutions sales AT cliffsupport DOT com
CliffWebManager | Access WHM from iPhone and Android
-
09-03-2007, 09:36 AM #3Aspiring Evangelist
- Join Date
- Jan 2004
- Location
- York, UK
- Posts
- 371
Personally I wouldn't touch such a site by choice - unless they are paying you good money (or it is a good friend who you want to help) the potential for hassle probably isn't worth it. Remember: while one site on a server is being attacked in this way others on the same server or network leg are also likely to be affected.
Just being nosy: do you know why the site is getting DDOSed? Is the content controversial in some way? Or is it that one or more of the site's owners/admins has attracted an enemy or two?
-
09-03-2007, 09:48 AM #4Web Hosting Master
- Join Date
- Dec 2006
- Location
- Cardiff, Wales
- Posts
- 803
It is a huge gaming site. If i was to host it, it would go onto my super high spec server with 8 x 2.66Ghz Xeon and 8 gb ram. Also it has 6 x 300gb sas 15, 000 rpm HD and has 3 raid 1 sets.
It was originally hosted with GODADDY but they chucked them off.
and yes. Only my highest paying customers have there sites on this server. The site it self requires about 5gigs storage and about 400GB transfer/ month
Also what do you think is a good price to host a site like this. Im thinking of about £400/year.
Thanks,SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/
-
09-03-2007, 10:43 AM #5Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
What kind of DDoS attacks was the site receiving before GoDaddy shut them down? I'm just going to assume that these attacks were eating up the bandwidth and disrupting other GoDaddy clients.
Here's the thing... a lot of people on WHT have this cute theory that CSF is going to stop a significant DDoS attack. In reality, most DDoS attacks are going to eat up your entire 100 Mbit connection and potentially disrupt your provider.
Additionally, if you know this website is going to get DDoSed a lot... I sure as hell hope there are no other clients on that server.RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca
www.HostingSecList.com - Security Notices for the Hosting Community.
-
09-03-2007, 10:44 AM #6Web Hosting Master
- Join Date
- Dec 2006
- Location
- Cardiff, Wales
- Posts
- 803
It caused the server to crash.
SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/
-
09-03-2007, 10:46 AM #7Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
-
09-03-2007, 12:47 PM #8WHT Addict
- Join Date
- Sep 2005
- Posts
- 150
I would stay away from such sites .
-
09-03-2007, 01:15 PM #9Aspiring Evangelist
- Join Date
- Jan 2004
- Location
- York, UK
- Posts
- 371
Just a thought: was it really intentional DDOS attacks, or simply that the site was too popular at times for the server it was running on to cope with?
-
09-03-2007, 01:37 PM #10Ottomatic backup specialist
- Join Date
- Aug 2006
- Location
- Canada
- Posts
- 763
If it's a gambling site, I would think that people will indeed DDoS the site in frustration after they lost?
█ Otto Yiu
█ Rsync Palace ● Providing offsite backups since 2007.
█ Backomatic ● Hassle-free Automated cPanel/WHM, DirectAdmin, FTP, and MySQL backups.
-
09-03-2007, 05:16 PM #11Junior Guru Wannabe
- Join Date
- Jun 2006
- Location
- United Kingdom
- Posts
- 95
If your colocated buy a security appliance to protect against the DDOS/Malicous traffic, you can get a decent one starting at about £800 excluding service subscriptions. Depends again on what sort of traffic is coming inbound, if it's an extensive level it could flood the inbound fiber, or your local switch, best look into it further, but £400 doesn't seem worth the hassle for 12 months and the potential disruption.
Depending on your existing setup, if it's a high profile/high risk website, I would try and get them on a dedicated server, install a simple switch for them, and connect it directly into the core, this will at least bypass any service issues for your other servers, but again depends on the traffic, whether it causes problems at the core.
Edit: The network provider for your host/datacenter states on their website 'High Security/DDOS Protected Environment', for the network, so you may want to look into this, as protection may already be built in to cope with 'certain' levels of abuse.Last edited by AventureRichard; 09-03-2007 at 05:29 PM.
Richard - Aventure United Kingdom
Managed Servers, Email Marketing, CPanel Shared/Reseller Accounts
http://www.aventurehost.com - http://www.twitter.com/aventure
-
09-03-2007, 05:25 PM #12WHT Addict
- Join Date
- Sep 2005
- Posts
- 150
reading from your post , you say once you block some ip's the attack stops ? this must be a small attack and not a co ordinated attack against the network . See if can get a cisco hardware firewall , contact your datacenter if they can help you out .
-
09-03-2007, 05:55 PM #13Junior Guru
- Join Date
- Aug 2001
- Location
- Scotland
- Posts
- 224
Only my highest paying customers have there sites on this server.
Is it worth losing these clients for £400 /year?
-
09-04-2007, 02:45 AM #14Newbie
- Join Date
- Jul 2007
- Posts
- 16
you can't stop serious ddos without some 50k+ money. period.
Forget about software firewalls, they can't help you if you deal with serious ddos. Just make some math and understand what ddos is. Just as an example, say they have 500 computers in the botnet, all personal dsl, say 4Mbit. So under attack they will push how much to your server? What's your datacenter connections? Ok if it's very good, what's your port connection? Answering this questions will give you idea that you can not stop it without investing some big $$$.
just as a note they can have many more infected PCs in their botnet.
Can not give you advise to host it or not, it's up to you.
-
09-04-2007, 05:26 AM #15WHT Addict
- Join Date
- Jul 2004
- Posts
- 148
It depends on the type of ddos.
Is it a synflood? a http flood? icmp flood or a pingflood
Is it a service- specific attack?
Also it doesnt sound very distributed as you said you block a few ips and it calmed down.
Were the ips on the same range? where are they located? does the ISP host dedicateds/colo?
Take a look at all of these things, and post back, then we can give you some sort of guidance.
-
09-04-2007, 05:27 AM #16Web Hosting Master
- Join Date
- Dec 2006
- Location
- Cardiff, Wales
- Posts
- 803
Hi. All my servers are Colocation. When ever the site was Ddossed, The attacks was coming from indonesia and malaysia. All servers are on a 100mbit port and i do seem to pull 100mbit connections from each server most of the time. (Thats what i love about my provider)
Also the big sites i host are sometimes Ddossed and so far the server has never crashed.
I will admit. It did become a little bit slower. But that was not 100% noticable. Most of the connection was eaten up, but the server load was at about load 7.5 out of about 10 when it does get really slow.
With -OY- response. Its not a gambling site. Its a computer gamming site.
Should i advise him to get a dedi instead of coming onto my hosting?
Thanks,SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/
-
09-04-2007, 05:29 AM #17Web Hosting Master
- Join Date
- Dec 2006
- Location
- Cardiff, Wales
- Posts
- 803
SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/
-
09-04-2007, 05:20 PM #18Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
You still haven't answered my question, what kind of attacks was the site receiving prior to GoDaddy asking them to leave? If you don't know, I would suggest that you find out before putting them on any of your servers.
As for suggesting they get a dedicated server, that wouldn't be a bad idea at all. Honestly, if I was a "higher paying" client of yours and you stuck a known DDoS magnet on the same server, I would be less than thrilled.
Just my two cents, Canadian.
-
09-10-2007, 02:47 AM #19Web Hosting Master
- Join Date
- Apr 2005
- Posts
- 1,767
Let me stress (If you are interested), then I may be able to help you out with your DDoS issue, track the attack down, and keep your site online. PM me if you want.