Results 1 to 19 of 19
  1. #1
    Join Date
    Dec 2006
    Location
    Cardiff, Wales
    Posts
    803

    I need to host a site that is DDOSSED ALOT

    Hi. I have been asked to host a big site that is dossed alot.

    When ever i have been ddossed, i have found that if i go into the csf firewall and block the ips, the server suddenly calms down.

    It this theory correct or has this been just luck?

    Thanks,
    SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/

  2. #2
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,771
    ddos can be to a particular network, particular Ip, particular port etc. One of the method for blocking is what you have mentioned. But that alone cannot prevent ddos always. Sometime we will need to nullroute the IP or port to stop the attack. During that time sites and services may go down.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  3. #3
    Join Date
    Jan 2004
    Location
    York, UK
    Posts
    371
    Quote Originally Posted by logikstudios View Post
    Hi. I have been asked to host a big site that is dossed alot.
    Personally I wouldn't touch such a site by choice - unless they are paying you good money (or it is a good friend who you want to help) the potential for hassle probably isn't worth it. Remember: while one site on a server is being attacked in this way others on the same server or network leg are also likely to be affected.

    Just being nosy: do you know why the site is getting DDOSed? Is the content controversial in some way? Or is it that one or more of the site's owners/admins has attracted an enemy or two?

  4. #4
    Join Date
    Dec 2006
    Location
    Cardiff, Wales
    Posts
    803
    It is a huge gaming site. If i was to host it, it would go onto my super high spec server with 8 x 2.66Ghz Xeon and 8 gb ram. Also it has 6 x 300gb sas 15, 000 rpm HD and has 3 raid 1 sets.

    It was originally hosted with GODADDY but they chucked them off.

    and yes. Only my highest paying customers have there sites on this server. The site it self requires about 5gigs storage and about 400GB transfer/ month

    Also what do you think is a good price to host a site like this. Im thinking of about £400/year.

    Thanks,
    SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/

  5. #5
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    What kind of DDoS attacks was the site receiving before GoDaddy shut them down? I'm just going to assume that these attacks were eating up the bandwidth and disrupting other GoDaddy clients.

    Here's the thing... a lot of people on WHT have this cute theory that CSF is going to stop a significant DDoS attack. In reality, most DDoS attacks are going to eat up your entire 100 Mbit connection and potentially disrupt your provider.

    Additionally, if you know this website is going to get DDoSed a lot... I sure as hell hope there are no other clients on that server.
    RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca

    www.HostingSecList.com - Security Notices for the Hosting Community.

  6. #6
    Join Date
    Dec 2006
    Location
    Cardiff, Wales
    Posts
    803
    It caused the server to crash.
    SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/

  7. #7
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    Quote Originally Posted by logikstudios View Post
    It caused the server to crash.
    Was it a shared server or a dedicated server? If it was a dedicated server, I can't see GoDaddy kicking them out because it kept crashing...

  8. #8
    I would stay away from such sites .

  9. #9
    Join Date
    Jan 2004
    Location
    York, UK
    Posts
    371
    Just a thought: was it really intentional DDOS attacks, or simply that the site was too popular at times for the server it was running on to cope with?

  10. #10
    Join Date
    Aug 2006
    Location
    Canada
    Posts
    763
    If it's a gambling site, I would think that people will indeed DDoS the site in frustration after they lost?
    Otto Yiu
    Rsync Palace ● Providing offsite backups since 2007.
    Backomatic ● Hassle-free Automated cPanel/WHM, DirectAdmin, FTP, and MySQL backups.

  11. #11
    Join Date
    Jun 2006
    Location
    United Kingdom
    Posts
    95
    If your colocated buy a security appliance to protect against the DDOS/Malicous traffic, you can get a decent one starting at about £800 excluding service subscriptions. Depends again on what sort of traffic is coming inbound, if it's an extensive level it could flood the inbound fiber, or your local switch, best look into it further, but £400 doesn't seem worth the hassle for 12 months and the potential disruption.

    Depending on your existing setup, if it's a high profile/high risk website, I would try and get them on a dedicated server, install a simple switch for them, and connect it directly into the core, this will at least bypass any service issues for your other servers, but again depends on the traffic, whether it causes problems at the core.

    Edit: The network provider for your host/datacenter states on their website 'High Security/DDOS Protected Environment', for the network, so you may want to look into this, as protection may already be built in to cope with 'certain' levels of abuse.
    Last edited by AventureRichard; 09-03-2007 at 05:29 PM.
    Richard - Aventure United Kingdom
    Managed Servers, Email Marketing, CPanel Shared/Reseller Accounts
    http://www.aventurehost.com - http://www.twitter.com/aventure

  12. #12
    reading from your post , you say once you block some ip's the attack stops ? this must be a small attack and not a co ordinated attack against the network . See if can get a cisco hardware firewall , contact your datacenter if they can help you out .

  13. #13
    Join Date
    Aug 2001
    Location
    Scotland
    Posts
    224
    Only my highest paying customers have there sites on this server.
    How do you think these high paying clients will react if the server keeps going down or is unreachable/slow due the repeated DDOS attacks?

    Is it worth losing these clients for £400 /year?

  14. #14
    you can't stop serious ddos without some 50k+ money. period.

    Forget about software firewalls, they can't help you if you deal with serious ddos. Just make some math and understand what ddos is. Just as an example, say they have 500 computers in the botnet, all personal dsl, say 4Mbit. So under attack they will push how much to your server? What's your datacenter connections? Ok if it's very good, what's your port connection? Answering this questions will give you idea that you can not stop it without investing some big $$$.

    just as a note they can have many more infected PCs in their botnet.

    Can not give you advise to host it or not, it's up to you.

  15. #15
    It depends on the type of ddos.
    Is it a synflood? a http flood? icmp flood or a pingflood
    Is it a service- specific attack?

    Also it doesnt sound very distributed as you said you block a few ips and it calmed down.

    Were the ips on the same range? where are they located? does the ISP host dedicateds/colo?

    Take a look at all of these things, and post back, then we can give you some sort of guidance.

  16. #16
    Join Date
    Dec 2006
    Location
    Cardiff, Wales
    Posts
    803
    Hi. All my servers are Colocation. When ever the site was Ddossed, The attacks was coming from indonesia and malaysia. All servers are on a 100mbit port and i do seem to pull 100mbit connections from each server most of the time. (Thats what i love about my provider)

    Also the big sites i host are sometimes Ddossed and so far the server has never crashed.

    I will admit. It did become a little bit slower. But that was not 100% noticable. Most of the connection was eaten up, but the server load was at about load 7.5 out of about 10 when it does get really slow.

    With -OY- response. Its not a gambling site. Its a computer gamming site.

    Should i advise him to get a dedi instead of coming onto my hosting?

    Thanks,
    SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/

  17. #17
    Join Date
    Dec 2006
    Location
    Cardiff, Wales
    Posts
    803
    Quote Originally Posted by dtredwell View Post
    It depends on the type of ddos.
    Is it a synflood? a http flood? icmp flood or a pingflood
    Is it a service- specific attack?

    Also it doesnt sound very distributed as you said you block a few ips and it calmed down.

    Were the ips on the same range? where are they located? does the ISP host dedicateds/colo?

    Take a look at all of these things, and post back, then we can give you some sort of guidance.
    Regarding the blocking IP's if i do host the site, i dont no if that will work. However if in most cases if i block the ip, it does calm down. That works 9/10 for me.

    Thanks,
    SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/

  18. #18
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    Quote Originally Posted by logikstudios View Post
    Regarding the blocking IP's if i do host the site, i dont no if that will work. However if in most cases if i block the ip, it does calm down. That works 9/10 for me.

    Thanks,
    You still haven't answered my question, what kind of attacks was the site receiving prior to GoDaddy asking them to leave? If you don't know, I would suggest that you find out before putting them on any of your servers.

    As for suggesting they get a dedicated server, that wouldn't be a bad idea at all. Honestly, if I was a "higher paying" client of yours and you stuck a known DDoS magnet on the same server, I would be less than thrilled.

    Just my two cents, Canadian.

  19. #19
    Join Date
    Apr 2005
    Posts
    1,767
    Let me stress (If you are interested), then I may be able to help you out with your DDoS issue, track the attack down, and keep your site online. PM me if you want.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •