Web Hosting Talk : Web Hosting Main Forums : Web Hosting : Windows Hosting : Is DiscountASP.Net reliable?

[wildthing4ever]

Hi all,

This is my first post at WHT! Yay!

I have been doing some research to try and figure out the best host for my ASP.Net website. DiscountASP.Net seems like a very good option. However, I have read about some serious downtime they had due to two DDOS attacks they had. Apparently this brought down all hosted sites for days.

Other than this, DA.Net seems quite reliable. My questions are:

1. Are the DDOS attacks on DA.Net something I should be worried about? They claim to have improved their security, but I wonder why they were brought to their knees twice?

2. How come only DA.Net was attacked on such a large scale twice? Is it a sign that hackers are targeting it?

3. How good is the infrastructure that DA.Net has?

Thanks in advance, guys. Replies from DA.Net would be welcome too.

Wild Thing

[Ultima VPS]

I don't think there is any way to fully protect against a massive DDOS attack. DASP may have made themselves a target with their AdWords campaign slandering other Windows hosting companies. Only speculation though. On the whole though DASP are a good choice for shared hosting. Don't think they offer VPS or dedicated options though.

[dasp]

Full Disclosure: I work for DiscountASP.NET

Wildthing4ever: You are right to be concerned about DDoS attacks. They can happen to any host at any time. And the attacks are getting stronger and stronger by the day. You should ask any host that you are considering about their security infrastructure.

1. When you state "two" DDos attacks, I think you are just referring to the one DDoS attack in June 2007 when our entire system was down for 2 days. The attack came in multiple waves over the two day period. We posted what happenned and what we did to get everything back online in our Community Forum at http://community.discountasp.net/def...x?f=31&m=18216

Before the June 2007 attack, our system was already secure from any attack magnitude that our staff has ever experienced in the hosting business. It seemed reasonable to take the largest attack any of us ever faced when working at other hosting providers and make sure that our system can handle a couple times that magnitude. The DDoS attack of June 2007 was way bigger than that - massive in scale - enough to saturate a 1gb drop. The security engineers at our upstream provider had never seen an attack that big. So, yes, we were unprepared for it but now we are prepared to handle such attacks.

You may read some negative posts in online forums, but we received more positive feedback thanking us for how we handled the attack. You can read some positive feedback posted on our site at http://www.discountasp.net/testimonials_2007.aspx to get another perspective.

As for our security infrastructure, we have the usual suspects - firewalls, up-to-date security patched servers...etc. All the things most hosts will tell you.

We fortify the usual security infrastructure, with the TippingPoint Intrusion Prevention system to thwart large DDoS attacks and other security exploits. We pay for the update service, so the TippingPoint system is always updating itself to protect against any new exploit that appears.

Then we fortify our infrastructure even more, with the Prolexic DDoS Mitigation service for extremely large attacks like the one we experienced in June 2007. This is a service that is used by Fortune 500 companies, huge ISPs, major news sites....etc. Even some countries use them to protect their country's internet infrastructure. I don't know of any host using such an enterprise-class solution for DDoS mitigation. I'd be curious to know if any host out there uses Prolexic. Please chime in.

2. We have no idea why we were attacked last June 2007. We received no extortion demand. The attack was directed to our DNS servers so we cannot pinpoint any particular site that we may have been hosting at the time. A similar large attack has not occured since June 2007.

3. As stated above, we have improved our security infrastructure significantly and we would challenge any host to share their security infrastructure. I believe that our security infrastructure is much more robust than any host of like size and even bigger.


Ultima Hosts: You are right, there is no way to fully protect against massive DDoS attacks, but a host can fortify their hosting security infrastructure to thwart large attacks if they are committed to it. At DiscountASP.NET, we have invested heavily in our security infrastructure and we demonstrate to our customers that the security of their sites is important to us - and our customers have shown us their appreciation as well.

As for your comment on AdWords or whatnot, this is the second time that you have mentioned something like this in a public forum. It suspiciously appears that you know something about the attack that we don't. If you have any information about the attack you should let us know. The authorities have not found the perpretrators yet but we still send information their way.

[tws]

In a word: yes.

Maybe it's because I know one of their staff members.. but yes, I'd trust them to host any site I needed to operate on a Windows box.

[Ultima VPS]

Quote:

Originally Posted by dasp

As for your comment on AdWords or whatnot, this is the second time that you have mentioned something like this in a public forum. It suspiciously appears that you know something about the attack that we don't. If you have any information about the attack you should let us know. The authorities have not found the perpretrators yet but we still send information their way.

Wish I knew. I am only suggesting that this could have been a reason for stirring up a lot of resentment amongst a population which may have had the power to retaliate. Its only speculation though. I have noticed that the Adwords campaign has now taken a much more benign focus.

[dasp]

Others can chime in here with their opinions but the DDoS attack was like more than 6 months ago and you are still "speculating" on this old news and you are compelled to publically post about your speculation? It's very wierd to me.

By the way, we got a sales email from one of your customers about some hardware issue they are having with your service - shouldn't you be working on that instead of speculating?

[Ultima VPS]

Thats really disappointing. I would have expected better. I used to hold DASP in high regard but incidents like this and the AdWords campaign make me see that we are really only dealing with boys.

[dasp]

Perhaps we are just boys here, but we work on our customer's issues and fortify our security infrastructure rather than post wierd speculations about old news.

[iration]

Quote:

Originally Posted by wildthing4ever

Hi all,

This is my first post at WHT! Yay!

I have been doing some research to try and figure out the best host for my ASP.Net website. DiscountASP.Net seems like a very good option. However, I have read about some serious downtime they had due to two DDOS attacks they had. Apparently this brought down all hosted sites for days.

Other than this, DA.Net seems quite reliable. My questions are:

1. Are the DDOS attacks on DA.Net something I should be worried about? They claim to have improved their security, but I wonder why they were brought to their knees twice?

2. How come only DA.Net was attacked on such a large scale twice? Is it a sign that hackers are targeting it?

3. How good is the infrastructure that DA.Net has?

Thanks in advance, guys. Replies from DA.Net would be welcome too.

Wild Thing

I too strongly recommend Discountasp.net, and I most certainly hold them in high regard. I have used them for my asp.net hosting needs for years and they really offer a top notch service. Yes, the DDOS attack they experienced was unfortunate but they were completely honest with me when I emailed them about it and they responded with a clear and thorough response.

Believe me, I have used tons of asp.net hosts and in my opinion, discountasp.net offers an amazing service.

[wildthing4ever]

Thanks for the reply, dasp. It's really helped.

Wild Thing

[us0r]

Quote:

Originally Posted by dasp

Full Disclosure: I work for DiscountASP.NET

Wildthing4ever: You are right to be concerned about DDoS attacks. They can happen to any host at any time. And the attacks are getting stronger and stronger by the day. You should ask any host that you are considering about their security infrastructure.

1. When you state "two" DDos attacks, I think you are just referring to the one DDoS attack in June 2007 when our entire system was down for 2 days. The attack came in multiple waves over the two day period. We posted what happenned and what we did to get everything back online in our Community Forum at http://community.discountasp.net/def...x?f=31&m=18216

Before the June 2007 attack, our system was already secure from any attack magnitude that our staff has ever experienced in the hosting business. It seemed reasonable to take the largest attack any of us ever faced when working at other hosting providers and make sure that our system can handle a couple times that magnitude. The DDoS attack of June 2007 was way bigger than that - massive in scale - enough to saturate a 1gb drop. The security engineers at our upstream provider had never seen an attack that big. So, yes, we were unprepared for it but now we are prepared to handle such attacks.

You may read some negative posts in online forums, but we received more positive feedback thanking us for how we handled the attack. You can read some positive feedback posted on our site at http://www.discountasp.net/testimonials_2007.aspx to get another perspective.

As for our security infrastructure, we have the usual suspects - firewalls, up-to-date security patched servers...etc. All the things most hosts will tell you.

We fortify the usual security infrastructure, with the TippingPoint Intrusion Prevention system to thwart large DDoS attacks and other security exploits. We pay for the update service, so the TippingPoint system is always updating itself to protect against any new exploit that appears.

Then we fortify our infrastructure even more, with the Prolexic DDoS Mitigation service for extremely large attacks like the one we experienced in June 2007. This is a service that is used by Fortune 500 companies, huge ISPs, major news sites....etc. Even some countries use them to protect their country's internet infrastructure. I don't know of any host using such an enterprise-class solution for DDoS mitigation. I'd be curious to know if any host out there uses Prolexic. Please chime in.

2. We have no idea why we were attacked last June 2007. We received no extortion demand. The attack was directed to our DNS servers so we cannot pinpoint any particular site that we may have been hosting at the time. A similar large attack has not occured since June 2007.

3. As stated above, we have improved our security infrastructure significantly and we would challenge any host to share their security infrastructure. I believe that our security infrastructure is much more robust than any host of like size and even bigger.


Ultima Hosts: You are right, there is no way to fully protect against massive DDoS attacks, but a host can fortify their hosting security infrastructure to thwart large attacks if they are committed to it. At DiscountASP.NET, we have invested heavily in our security infrastructure and we demonstrate to our customers that the security of their sites is important to us - and our customers have shown us their appreciation as well.

As for your comment on AdWords or whatnot, this is the second time that you have mentioned something like this in a public forum. It suspiciously appears that you know something about the attack that we don't. If you have any information about the attack you should let us know. The authorities have not found the perpretrators yet but we still send information their way.

What is the reason for being down the last 12 hours?

[dasp]

Full Disclosure: I work for DiscountASP.NET

Well, we were not down for 12 hours. That is not true.

During the evening of February 13, 2008 we took a network outage as part of our scheduled maintenance. We emailed ALL cusotmers a week prior and we posted about the scheduled maintenance in our Community Forum (http://community.discountasp.net/def...=31&p=1#m22609) and in the Control Panel.

On the morning of February 14, 2008, we experienced a network outage that was caused by software updates to our TippingPoint Intrusion Prevention system that was upgraded during the schedule maintenance above. The network is back up at of around 10am and we are working with 3COM to investigate this incident further.

[wisam74us]

wildthing4ever, would you please let me know what was your final choice, I am having terrible time with my Godaddy ASP hosting, but I wouldnt change unless I find what must be a reliable full functional host.

[us0r]

Quote:

Originally Posted by wisam74us

wildthing4ever, would you please let me know what was your final choice, I am having terrible time with my Godaddy ASP hosting, but I wouldnt change unless I find what must be a reliable full functional host.

i have sites with discountasp and softsys.

both work I guess but neither give phone support. i personally like to call if its something important (like an outage). im thinking now phone support does not exist with shared hosting.

one thing i like about softsys - im in kiev and submit tickets at random hours - and they reply pretty quick most of the time. it almost seems they reply faster with "off hours" in the US which is a big plus for me since im up during US nights.

my 2 cents.

good luck!

[Softsys Hosting]

Quote:

Originally Posted by us0r

i have sites with discountasp and softsys.

both work I guess but neither give phone support. i personally like to call if its something important (like an outage). im thinking now phone support does not exist with shared hosting.

one thing i like about softsys - im in kiev and submit tickets at random hours - and they reply pretty quick most of the time. it almost seems they reply faster with "off hours" in the US which is a big plus for me since im up during US nights.

my 2 cents.

good luck!

Hi,

That's correct. We do take support very seriously and you'll get a reply fairly quickly at any time of the day from our 24x7 fully manned technical support team. Additionally, we do have an emergency phone number available for existing customers to contact us in case of real emergencies like outages.

Thanks,

- Rick