It's definitly not a common practice (and first time I heard about it). Though most likely could be in thier TOS (which I would read to see if it says anything about that).
Other than that, what datacenter is charged this (so we know who to avoid).
█ bihira.com | 10+ Years of Web Hosting Experience!
█ Shared Hosting | Reseller Hosting | 30 Day Money Back Guarantee
█▀█ cPanel | CloudLinux | R1Soft | Softaculous
█▄█ Find us on facebook and follow us on twitter @bihira
I never had a charge for DDoS. May we know which host you are referring to? One time The Planet even place a special hardware firewall to reduce the attack without charging anything to us.
██ We Have Generated Over 7 Million cPanel Backups Come Dance Together With Us Y'all!
██ Offer Your Own Backup Hosting Service - SiteAutoBackup.Com (Private Label / WHMCS Ready) ██ WebHostingBusinessBook.Com | YouTube.com/WebHostingTutorial | NowOpenOnline.Com
I'm glad you guys aren't in the same shoes as me, makes me feel like they are trying to rip me off.
Perhaps this is a way to send you away! also no body knows perhaps they themselves are in trouble for that attack and perhaps they had to pay extra money for technicians to handle it. We do not know !
Internet Brothers Asia*SEOUL South Korea Since 1999 http://www.internetbrothers.co.kr Business Registration 134-11-18207
▇ ASIA KOREA Web Hosting with English Support focusing on International clients in/out of Korea
Cloud XEN VPS, VDS , Dedicated Servers physically located in South Korea Twitter @internetbros
I believe what the host did is right. That host is paying their own host for this attack as well. Even if they own the datacenter they still have to pay their upstream providers for the bandwidth. If you went over your bandwidth you are obligated to pay. However, if you stayed within the limit I think the charge was not needed.
I have never been charged for something like this and have been working with various servers in various data-centres for years. They may charge for support time if they were working in a focussed manner to get your services back online and mitigate the DDoS attack entirely... or if they are having to pay for a large amount/wave of bandwidth as a result of the attack... but I don't understand how it would come up to $160 and they would not warn you before taking action or as soon as the attack starts about the possibility of such a large charge.
What data-centre has done this? I am interested to know.
█ Guy Riese - Tech-Hosts Ltd. - Registered company in England & Wales (Based in UK - Europe)
█ High quality & affordable Web Hosting, Reseller Hosting, Master Reseller Hosting, Linux VPS & Dedicated Servers
█ Lowest priced domain names in the industry - instant registration and management
Under one of our companies, we was under a DDOS for about a day, the host even filtered it and charged us $160 for it.
We have servers in about 10 different datacenters, and this is the only host that has ever charged us for a inbound DDOS attack.
I'm curious to see what other people have to say, does your host charge you if you get DDOS'd?
If the basis of the charge was due to a lot of bandwidth being used (e.g. $160 worth of bandwidth consumed by the DDoS), it could be a justified charge. That said, a lot of providers do not charge for it.
Mike G. - Limestone Networks - Account Specialist Cloud - Dedicated - Colocation - Premium Network - Passionate Support DDoS Protection Available - Reseller Program @LimestoneInc - 877.586.0555
There is also the situation where the host has a bandwidth commit of X. If the DDOS would take the bandwidth consumption to X+D, then the host can see significant costs. Those costs have to be paid for. There have been situations where the host said to the customer, "we can keep you live and reachable, but the bandwidth bill is going to be $10K additional for the month." And that was at the friendly rate. The site swallowed hard and said kill it. The host had the resources to withstand the traffic, they just wanted to be sure that they weren't left holding the bag. You pay for what you use.
I've never heard of anyone being charged before today, but read your ISPs TOS.
I would not go with any ISP that charges specfically for DDoS for a couple reasons.
1) The duration of the attack is out of your control.
a) The ISP can purposefully delay mitigating and managing the attack.
b) The DDoS was not initiated by you and you have no way of stopping it.
2) A reptutable ISP should have a reasonably fast mitigation strategy or equipment.
a) Datacenters have the option of buying mitigation equipment.
b) A datacenter can build a system and put it on the edge of their network to handle DDoS mitigation.
c) Datacenters can easily nullroute an IP with someone who is on call, this isn't labor or time intensive.
However, here's the catch. If you have a bandwidth allotment and you exceed your bandwidth allotment - DDoS included - then it's your responsibility to pay for the bandwidth. Traffic to a server is mostly out of a client's control, and depending on your plan you may be responsible for overage charges on the bandwidth required to operate your server, as it's connected to the internet and bandwidth may be limited. If the DDoS attack is targeted at a large enough network from enough computers it can take some time to mitigate. I can understand ISPs charging support hours in the case an attack requires a significant amount of attention. If your site is attracting this much attention then you should look into a DDoS Protected network that is properly prepared and doesn't charge for attacks. You might be lucky and find a DDoS Protected network that is faster and cheaper than what you're paying now.
Last edited by dren; 10-15-2009 at 02:44 AM.
█ Friendly and in business since 2005.
█ Providing stable FreeBSD Shells, Web Hosting, and VPS.