Results 1 to 18 of 18
  1. #1
    Join Date
    Oct 2005
    Location
    Austin, TX
    Posts
    260

    DDoS Protection - What next?

    Alright, so a guy I know runs a site, it's being hit very hard with a DDoS attack. He's spending about 500 /month to keep his site online. He's using ServerTech, but for the last few days, it's been offline and they have been non-responsive for the most part. I'm guessing they just don't know what to do.

    Do you guys have any recommendations for any DDoS protected hosting? He doesn't really want to pay more, if he doesn't have to.
    Cody McLain
    Founder of PacificHost / AptHost

  2. #2
    Join Date
    Mar 2009
    Location
    Toronto, Canada
    Posts
    2,570
    Any idea how big the attack is? I would recommend Gigenet or BlackLotus for DDOS protection.

  3. #3
    It's his problem, he maybe should of thought before he started to Flame people over the internet that led to to the Attack I bet.

  4. #4
    Join Date
    Oct 2005
    Location
    Austin, TX
    Posts
    260
    No, the issue is the competitors are trying to attack him because he actually does have a better product. But I guess some of the guys working on it, use to work for the old company there mad ect..

    Just wondering, there being hit with a forked processes attack. It tries to use up all their server resources.
    Cody McLain
    Founder of PacificHost / AptHost

  5. #5
    Quote Originally Posted by ZinkHosting View Post
    Just wondering, there being hit with a forked processes attack. It tries to use up all their server resources.

    Then move him onto a server platform that is not subject to that attack. One example is IIS. Another possibliity is nginx, but IIS is definitely immune to that particular attack.

    @fudgefoot,

    Nice try at bumping your post count, but you cannot claim it had anything to do with flaming since the particular site was not even disclosed. Now, this *is* a flame.
    edgedirector.com
    managed dns global failover and load balance (gslb)
    exactstate.com
    uptime report for webhostingtalk.com

  6. #6
    Join Date
    Apr 2009
    Posts
    643
    I wonder whay that guy haven't change the web host yet?
    ASPnix Web Hosting - ASP.NET, MS SQL, AJAX, Hyper-V
    Microsoft Hosting and Virtualization

  7. #7
    Join Date
    Mar 2009
    Location
    Dallas, Texas
    Posts
    242
    Try installing squid on the server it works wonders :]

  8. #8
    Join Date
    Jul 2009
    Posts
    639
    Does he know how big the attack is, possible? (e.g. if it's coming from thousands of different IPs or just a few)
    bihira.com | 10+ Years of Web Hosting Experience!
    Shared Hosting | Reseller Hosting | 30 Day Money Back Guarantee
    cPanel | CloudLinux | R1Soft | Softaculous
    Find us on facebook and follow us on twitter @bihira

  9. #9
    Join Date
    Jun 2006
    Location
    NYC
    Posts
    1,446
    Quote Originally Posted by hostingdispatch View Post
    Try installing squid on the server it works wonders :]
    Works wonders in driving the utilization up when getting hit with thousands of IP's

    It would help a little with a SYN flood but a real attack is going to require assistance outside the server itself.
    FiberPeer.Com | | REAL DDoS Protection | Cloud Hosting | VPS | Dedicated Servers | High Bandwidth Hosting | 1Gbps-10Gbps Unmetered
    FiberPeer DDoS Mitigation | ethProxy Upgraded! | 14-Years Experience | Emergency 24/7 Support
    Visit us @ www.fiberpeer.com

  10. #10
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    Quote Originally Posted by Mike Fudgefoot View Post
    It's his problem, he maybe should of thought before he started to Flame people over the internet that led to to the Attack I bet.
    That's a pretty horrendous misconception. Flaming is one of the less likely reasons for a site to become attacked.

  11. #11
    Join Date
    Oct 2005
    Location
    Austin, TX
    Posts
    260
    Still looking for solutions. I had somebody PM me a few ideas. I tried them, didn't work out well enough. Servers still under attack pretty nice. at the moment, he pays 350 /month. He will pay more if he can have it stopped. As for size, I was seeing thousands of IP's making random connections ranging from 100-10000. It was completely arbitrary. But they would ALL grab the largest image file you could get. So we tried removing it. The attack stopped right there and then. Completely useless, but we can't not have our banner. So... we put it back and from time to time the site still goes down, during like peak hours and such.
    Cody McLain
    Founder of PacificHost / AptHost

  12. #12
    Join Date
    Feb 2006
    Location
    The Midwest
    Posts
    1,458
    Can you unequivocally prove that the competitor is behind the attack?

  13. #13
    Join Date
    Jun 2006
    Location
    NYC
    Posts
    1,446
    Quote Originally Posted by ZinkHosting View Post
    Still looking for solutions. I had somebody PM me a few ideas. I tried them, didn't work out well enough. Servers still under attack pretty nice. at the moment, he pays 350 /month. He will pay more if he can have it stopped. As for size, I was seeing thousands of IP's making random connections ranging from 100-10000. It was completely arbitrary. But they would ALL grab the largest image file you could get. So we tried removing it. The attack stopped right there and then. Completely useless, but we can't not have our banner. So... we put it back and from time to time the site still goes down, during like peak hours and such.
    Your best bet is to find a DDoS protection company who can filter the attack. You're not going to be able to fix it server-side. Who is he paying $350/month to? If he's paying that much and it isn't being filtered, depending on the size of the attack, he can likely find a provider for a cheaper price that can actually solve his problem.

    And just a note here:
    I'm not necessarily even trying to promote our own product. I know BLCC offers this sort of protection, Staminus, Gigenet, etc. There are several providers with low-cost solutions that could assist. I am not privvy to the services they provide, how well they work, etc. Although, most will likely work with you to get your site up and quote you a price before you pay anything up front.
    FiberPeer.Com | | REAL DDoS Protection | Cloud Hosting | VPS | Dedicated Servers | High Bandwidth Hosting | 1Gbps-10Gbps Unmetered
    FiberPeer DDoS Mitigation | ethProxy Upgraded! | 14-Years Experience | Emergency 24/7 Support
    Visit us @ www.fiberpeer.com

  14. #14
    Each attack requires personal care. I suppose your friend or customer do understand that.

  15. #15
    Join Date
    Jul 2008
    Location
    Seminole, OK
    Posts
    1,575
    Does the data center the server in even have DDoS protection? Upto date Data Centers have a smart routing system which routes back packets away from the server. Not aways 100% but if the data center doesn't have that then you might consider a Dater Center that Does.
    Inode Hosting - Reliable Web Hosting for the right price.
    Shared & Reseller hosting featuring the industry leading cpanel
    99.9% Uptime Guarantee ,30 Day Money Back Guarantee ,24/7 Support
    Established since 2011

  16. #16
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    Quote Originally Posted by jcarney1987 View Post
    Does the data center the server in even have DDoS protection? Upto date Data Centers have a smart routing system which routes back packets away from the server. Not aways 100% but if the data center doesn't have that then you might consider a Dater Center that Does.
    This has nothing to do with DDoS protection.

  17. #17
    Join Date
    Jul 2008
    Location
    Seminole, OK
    Posts
    1,575
    Quote Originally Posted by IRCCo Jeff View Post
    This has nothing to do with DDoS protection.
    Data Centers do offer DDoS protection. Not all but some do. For example The Planet in Texas, USA they use a system called Arbor Peak Flow. Which helps them sense and migrate a DDoS attack away from the server. To help keep a better Server uptime.
    Inode Hosting - Reliable Web Hosting for the right price.
    Shared & Reseller hosting featuring the industry leading cpanel
    99.9% Uptime Guarantee ,30 Day Money Back Guarantee ,24/7 Support
    Established since 2011

  18. #18
    Join Date
    Jun 2006
    Location
    NYC
    Posts
    1,446
    Quote Originally Posted by IRCCo Jeff View Post
    This has nothing to do with DDoS protection.
    jcarney1987: I think you're misunderstanding a couple of things. Jeff is correct in what he stated, the routing you're talking about has nothing to do with DDoS protection.

    So I want to respond as well to what Jeff responded to:

    Quote Originally Posted by jcarney1987 View Post
    Does the data center the server in even have DDoS protection? Upto date Data Centers have a smart routing system which routes back packets away from the server. Not aways 100% but if the data center doesn't have that then you might consider a Dater Center that Does.
    Most DoS protection won't have any sort of "routing away" or sending them back. Far too often I see posts where people state that the best defense against DDoS attacks are to route the packets back to the originating IP's so they will "ddos themselves". For one, this is a horrible idea. It wastes good bandwidth, doubles the in-house utilization of bandwidth, routing resources, and will likely have no effect on the attack.

    There seems to be a misconception that all DDoS attacks come from lots of "servers" with some evil guy sitting back and throwing commands to make it happen. Simply isn't the case. 90% of DDoS attacks are computers just like the one you're typing on, the laptop for the real estate guy, the local coffee shop PC which the employees use to browse the web. Attacks are distributed across tens, hundreds, and sometimes thousands of individual computers. Most of them being home computers. Those computers have regular users who have a DSL/cable modem connection and likely have very little knowledge that their computer is sending requests or attacking a server somewhere.

    If you redirect that traffic back to the computers initiating the attack then it is likely filtered somewhere along the way or if it does make it back then it's damage is it slows down random_guy01's download speeds

    The attack would continue and it would likely make the attack worse on the datacenter because at that point the amount of inbound isn't the only problem, it'd fill up both inbound/outbound.

    Your next statement:

    Quote Originally Posted by jcarney1987 View Post
    Data Centers do offer DDoS protection. Not all but some do. For example The Planet in Texas, USA they use a system called Arbor Peak Flow. Which helps them sense and migrate a DDoS attack away from the server. To help keep a better Server uptime.
    This is correct. Many datacenters have some form DDoS protection but the protection is normally sub-par under heavy attacks. The larger majority of datacenters have little to no protection outside of what innate protection is provided by built-in routing functionality.

    ThePlanet (the example you gave) is a good example of one with protection but a *very* low quality protection. It will likely stop many basic DDoS attacks but complex attacks (from past experience) pass right on through.

    As for DDoS Mitigation:
    There are a wide variety of techniques in use to fight the effects of DDoS attacks but majority I am aware of will not be re-routing traffic. Either they null-route or they filter the traffic. Most filtering will drop the traffic and not respond further. The bad packets are discarded and the good traffic continues to flow. (This is in a perfect world)

    Real world DDoS attack victims have to face the simple truth that DDoS protection isn't an exact science. You will *at some point* have some false positives or bad traffic that will continue to pass. Most attacks now days are well-done. The attacks are so close to normal visitor traffic that it is almost impossible to distinguish without watching patterns and/or packet analysis. Protection is about avoiding disruption. Mitigating the serious side-effects but accepting that most *extremely large* attacks will still have some effect. Depending on the protection, many times, barely noticeable but normally there are some downstream effects. Whether it be a higher than normal traffic volume to the end server or simply a few millisecond delay browsing the site, etc.

    Anyway, best of luck.
    Last edited by FiberPeer; 10-07-2009 at 02:02 AM.
    FiberPeer.Com | | REAL DDoS Protection | Cloud Hosting | VPS | Dedicated Servers | High Bandwidth Hosting | 1Gbps-10Gbps Unmetered
    FiberPeer DDoS Mitigation | ethProxy Upgraded! | 14-Years Experience | Emergency 24/7 Support
    Visit us @ www.fiberpeer.com

Similar Threads

  1. DDos protection.
    By definebr in forum Dedicated Server
    Replies: 4
    Last Post: 05-25-2009, 09:49 PM
  2. DDOS Protection
    By hostingguy123 in forum Hosting Security and Technology
    Replies: 7
    Last Post: 07-05-2008, 02:04 AM
  3. IRC + DDoS Protection VPS ?
    By D3m0n in forum VPS Hosting
    Replies: 4
    Last Post: 01-19-2007, 11:46 PM
  4. Replies: 7
    Last Post: 01-17-2007, 12:49 PM
  5. Ddos Protection?
    By holyway in forum Dedicated Server
    Replies: 21
    Last Post: 10-30-2005, 12:57 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •