Results 1 to 6 of 6
  1. #1

    SYN Attack / Hivelocity

    I have a dedicated server with Hivelocity and recently have been come under a SYN DDoS attack which has crippled the server at times.

    I contacted support at Hivelocity about this and they suggested to me to purchase a Juniper hardware firewall to help stop the attacks. This was at the start of August and I confirmed that I would like the firewall installed. A week later it wasn't installed and I was still getting attacks so I tried to contact dave@hivelocity.net saying;

    'Hi,
    I spoke to someone about installing a firewall on my server last night as it kept getting DDOS'd, and found out earlier that nothing has happened since, are you able to find out what's happening?
    Thanks'

    I never received a reply from this email. A week after that I was still getting attacks and the firewall still hadn't been installed.
    It got to August 18th when I was finally contacted about the firewall being installed. It was quite an expensive router and since installation has had minimal effect on the attack.

    After slow response times with tickets and no response from both dave@hivelocity.net and steve@hivelocity.net I decided to go for outside sysadmin management and contacted a guy after a recommendation. Within 30 minutes he had setup a proxy infront of apache that seemed to work well for a while, but then the SYN attacks still somehow came in a few days later (maybe a different kind of attack?).

    Glad to here the server is running good now, the proxy is definitely filtering the attack also the packet loss/latency I was getting to the server (you did yesterday too) seems to have cleared up but this was unrelating to the attack anyway.
    I then spoke to Kevin - my account manager asking for some reassurance about the server and that my sites were in good hands, but I didn't even receive a reply about this!

    I was also told by the other guy that;

    We can get the entire subnets and filter all of them but this isn;'t the issue at hand, the latency shouldn't be occurring - full stop - to your system. You should be able to saturate 100mbps (excluding I/O latency) without any issue which you cannot and that's the bottom line.

    If you speak to hivelocity and they are not helpful then I must insist that you move to a better provider with a much better network and issue will be solved. The proxy is filtering the attack you recived yesterday which was more like a tiny DoS (rather than DDoS) against apache.
    So with my lack of sysadmin skills I managed to whois a few of the IPs that were causing the SYN attacks and noticed that they all are from Romania. I found out that you can block the IP ranges for countries and found a list specifically for Romania. I have been adding these ranges to the firewall to deny, but it seems most are still coming through.

    Any idea?

    (p.s. the reason I've included the rant about Hivelocity's service is because after lurking through some threads that they only seem to take urgency when events like these come into public light and it's important that my sites get back online and remain ASAP)

  2. #2
    Quote Originally Posted by hypebucks View Post
    I have a dedicated server with Hivelocity and recently have been come under a SYN DDoS attack which has crippled the server at times.

    I contacted support at Hivelocity about this and they suggested to me to purchase a Juniper hardware firewall to help stop the attacks. This was at the start of August and I confirmed that I would like the firewall installed. A week later it wasn't installed and I was still getting attacks so I tried to contact dave@hivelocity.net saying;

    'Hi,
    I spoke to someone about installing a firewall on my server last night as it kept getting DDOS'd, and found out earlier that nothing has happened since, are you able to find out what's happening?
    Thanks'

    I never received a reply from this email. A week after that I was still getting attacks and the firewall still hadn't been installed.
    It got to August 18th when I was finally contacted about the firewall being installed. It was quite an expensive router and since installation has had minimal effect on the attack.

    After slow response times with tickets and no response from both dave@hivelocity.net and steve@hivelocity.net I decided to go for outside sysadmin management and contacted a guy after a recommendation. Within 30 minutes he had setup a proxy infront of apache that seemed to work well for a while, but then the SYN attacks still somehow came in a few days later (maybe a different kind of attack?).



    I then spoke to Kevin - my account manager asking for some reassurance about the server and that my sites were in good hands, but I didn't even receive a reply about this!

    I was also told by the other guy that;



    So with my lack of sysadmin skills I managed to whois a few of the IPs that were causing the SYN attacks and noticed that they all are from Romania. I found out that you can block the IP ranges for countries and found a list specifically for Romania. I have been adding these ranges to the firewall to deny, but it seems most are still coming through.

    Any idea?

    (p.s. the reason I've included the rant about Hivelocity's service is because after lurking through some threads that they only seem to take urgency when events like these come into public light and it's important that my sites get back online and remain ASAP)
    Please email me again. I am happy to look into your issue. I find it hard to believe that me, Kevin and Dave have all ignored your emails. Please email me and I will certainly look into the issue. Do you have managed services with us?
    Steve Eschweiler - Hivelocity.net - Since 2002
    The Bare Metal Cloud Co.
    Instantly Deploy Dedicated Servers in 30 Data Centers on 4 Continents
    24/7/365 World Class Phone, Chat and Ticket Technical Support

  3. #3
    Quote Originally Posted by HivelocityGM View Post
    Please email me again. I am happy to look into your issue. I find it hard to believe that me, Kevin and Dave have all ignored your emails. Please email me and I will certainly look into the issue. Do you have managed services with us?
    Yes I have the 'gold' service. Have emailed you.

  4. #4
    I have your email. Kevin and I discussed you on Friday and Kevin called you and emailed you in regards. I will discuss the issue with my techs now and see what we can get done for you.
    Steve Eschweiler - Hivelocity.net - Since 2002
    The Bare Metal Cloud Co.
    Instantly Deploy Dedicated Servers in 30 Data Centers on 4 Continents
    24/7/365 World Class Phone, Chat and Ticket Technical Support

  5. #5
    Yeah I sent him a lengthy email and he didn't reply although it was on Friday so he may have left for the weekend or something. Waiting on your reply.

  6. #6
    Am being told this;

    Hello,

    You can block entire countries however you shouldn't have to, even with minor ddos's you will be left filtering legitimate users if you do an entire country. What I was explicitly stating regarding the packet loss is that it is NOT normal for the system to have such packet loss for what was a very minor ddos (Which was service based not bandwidth based).

    Regards,
    ..which noone at hivelocity seems to respond to.

Similar Threads

  1. Hivelocity down again?
    By Darph Bobo in forum Providers and Network Outages and Updates
    Replies: 12
    Last Post: 01-03-2007, 12:20 PM
  2. HiVelocity down!
    By GeekDub in forum Providers and Network Outages and Updates
    Replies: 28
    Last Post: 12-14-2006, 09:49 PM
  3. HiVelocity down
    By Darph Bobo in forum Providers and Network Outages and Updates
    Replies: 13
    Last Post: 11-21-2006, 12:49 PM
  4. Replies: 14
    Last Post: 11-22-2003, 05:40 AM
  5. Replies: 8
    Last Post: 11-13-2003, 10:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •