Portal Home > Knowledgebase > Industry Announcements > Web Hosting Main Forums > Providers and Network Outages and Updates > SiteRack.net Down due to DDOS
SiteRack.net Down due to DDOS
| Posted by Siterack_net, 05-08-2012, 06:38 PM |
We are currently experiencing a long term outage due to a very sophisticated DDOS attack.
Unfortunately, this attack has affected our entire network, and all services are unavailable at this time.
Currently we have redirected our main site to another provider to provide a way for our clients to get in touch with us.
If you have any questions about the outage, please feel to call us at 1-800-610-4282.
We understand the severity and critical nature of this issue, and are working directly with the datacenter to find a resolution as soon as possible. |
| Posted by Johnathon, 05-08-2012, 06:49 PM |
Thank you for posting this quickly so that I can pass this on to my clients who I host through your service.
Please keep us up to date when you have any updates! |
| Posted by Siterack_net, 05-08-2012, 07:56 PM |
Johnathon,
Unfortunately, the DC is not letting us back on the shared bandwidth, as the DDOS affected everyone on the line, and they fear the DDOS will resume as soon as the shared server is back online.
Even though they have found the sources, they stated the botnet is too large to isolate all of it.
We have ordered a dedicated line that will be private to us. However, sadly, the earliest service will be restored to us is tomorrow morning, as they don't have 24/7 techs available for things like line installations.
We will be separating the network into 2 segments. Our power controls and KVM/IPMI's will remain on the shared bandwidth, and the public services will all be deleivered on the private line. This way, in the event of another DDOS, we will still have remote server controls as our IPMI's will be on a completely different network. |
| Posted by Johnathon, 05-08-2012, 08:00 PM |
|
I will update my clients with this information. Thank you very much for your update and for your honesty. I'm also happy with the manner in which you are handling the situation in order to reduce the impact in the (hopefully unlikely) event that something like this happens again. |
| Posted by Spluut, 05-08-2012, 08:18 PM |
|
Sorry to hear about this, DDoS is such a big problem in the web hosting industry. |
| Posted by Siterack_net, 05-08-2012, 08:19 PM |
Once service is restored we may be forced to changed to a different IP subnet, if the DDOS persists. Unfortunately we do not know which domain was targeted, only the IP that was targeted. That IP hosts approx 1000 sites. Without knowing the domain, the hackers that issued the DDOS can just ping the domain again to get the new IP.
It's a rough situation. Just doing everything I can do to prepare for when services come back online. I want to isolate this swiftly and locate the targeted domain before switching the IP space. |
| Posted by cd/home, 05-08-2012, 08:26 PM |
Quote:
|
Originally Posted by Siterack_net
Once service is restored we may be forced to changed to a different IP subnet, if the DDOS persists. Unfortunately we do not know which domain was targeted, only the IP that was targeted. That IP hosts approx 1000 sites. Without knowing the domain, the hackers that issued the DDOS can just ping the domain again to get the new IP.
It's a rough situation. Just doing everything I can do to prepare for when services come back online. I want to isolate this swiftly and locate the targeted domain before switching the IP space.
|
Have you considered maybe using Cloudflare?
Or even setting up some basic protection on the server to help fight the attack?
Has the DC nulled the IP(s)? |
| Posted by Spluut, 05-08-2012, 08:28 PM |
Quote:
|
Originally Posted by Siterack_net
Once service is restored we may be forced to changed to a different IP subnet, if the DDOS persists. Unfortunately we do not know which domain was targeted, only the IP that was targeted. That IP hosts approx 1000 sites. Without knowing the domain, the hackers that issued the DDOS can just ping the domain again to get the new IP.
It's a rough situation. Just doing everything I can do to prepare for when services come back online. I want to isolate this swiftly and locate the targeted domain before switching the IP space.
|
These DDoSers never seem to care that they effect many businesses and people making a living.  |
| Posted by KMyers, 05-08-2012, 08:29 PM |
Quote:
|
Originally Posted by cd/home
Have you considered maybe using Cloudflare?
Or even setting up some basic protection on the server to help fight the attack?
Has the DC nulled the IP(s)?
|
CloudFlare wont stop large DDoS Attacks, I assume the IP has been nullrouted |
| Posted by cd/home, 05-08-2012, 08:30 PM |
Quote:
|
Originally Posted by KMyers
CloudFlare wont stop large DDoS Attacks
|
Cloudflare has said it can withstand certain 1-2Gbps attacks although thats nothing to be considered "big" by any means but it certainly would stand up against most attacks these script kiddies pull together  |
| Posted by Siterack_net, 05-08-2012, 08:30 PM |
We have many server level security measures, in place, to fight most ddos attacks. However, our measures, and the network level measures the DC have in place could not fight this one.
They pulled my entire switched. They won;t put me back on the shared bandwidth because they are afraid the people responsible for the DDOS will go up the IP chain and start hitting the entire range.
I actually have 2 ranges, and they won;t let me put the secon range online either, which sucks because the second range is where my VPS clients are located. |
| Posted by cd/home, 05-08-2012, 08:32 PM |
Quote:
|
Originally Posted by Siterack_net
We have many server level security measures, in place, to fight most ddos attacks. However, our measures, and the network level measures the DC have in place could not fight this one.
They pulled my entire switched. They won;t put me back on the shared bandwidth because they are afraid the people responsible for the DDOS will go up the IP chain and start hitting the entire range.
I actually have 2 ranges, and they won;t let me put the secon range online either, which sucks because the second range is where my VPS clients are located.
|
How big is the attack exactly? |
| Posted by Siterack_net, 05-08-2012, 08:34 PM |
|
They stated it was around a 10gbps attack. |
| Posted by CGotzmann, 05-08-2012, 08:39 PM |
Quote:
|
Originally Posted by cd/home
Cloudflare has said it can withstand certain 1-2Gbps attacks although thats nothing to be considered "big" by any means but it certainly would stand up against most attacks these script kiddies pull together
|
ddos attacks are rarely that small anymore... you need 10Gbps protection or its worthless |
| Posted by IRCCo Jeff, 05-09-2012, 03:30 AM |
Quote:
|
Originally Posted by CGotzmann
ddos attacks are rarely that small anymore... you need 10Gbps protection or its worthless
|
I respectfully disagree. For every 10G attack I see, I also see thousands of < 1 Gbps attacks and hundreds of < 2 Gbps. |
| Posted by Steven, 05-09-2012, 03:33 AM |
Quote:
|
Originally Posted by IRCCo Jeff
I respectfully disagree. For every 10G attack I see, I also see thousands of < 1 Gbps attacks and hundreds of < 2 Gbps.
|
I would have to agree. |
| Posted by Siterack_net, 05-09-2012, 06:56 PM |
Most services have been restored.
However, the datacenter, in a very hasty maneuver, cold powered off all our servers resulting in file system damage to one machine.
node-atl01.siterack.net is in a non bootable state. |
| Posted by Flapadar, 05-09-2012, 07:02 PM |
Quote:
|
Originally Posted by Siterack_net
Most services have been restored.
However, the datacenter, in a very hasty maneuver, cold powered off all our servers resulting in file system damage to one machine.
node-atl01.siterack.net is in a non bootable state.
|
Curious, if you don't mind telling us - who is your provider, so as we all know to stay away.
Unplugging a machine for sending attacks consistently could be understandable if a resolution wasn't reached before, but seen as this is receiving attacks, it not being plugged in isn't exactly going to benefit anyone at all.
Quote:
|
Originally Posted by Steven
I would have to agree.
|
Depends how determined the attacker is. Having 3gbps protection would probably just annoy them into getting more servers to attack you with, until the protection isn't enough. Most are too lazy/poor of course, so it rarely happens. |
| Posted by Siterack_net, 05-09-2012, 07:09 PM |
THey already pulled the switch. I guess they somehow thought my (non attacked) server was magically receiving data still.
I'm completely pissed. There was absolutely no need to cold power off a vps node, or any of my other servers, after just pulling the switch.
Anyone know how to fix this?
fsck.ext3: Unable to resolve 'LABEL=/vz' |
| Posted by Johnathon, 05-09-2012, 07:15 PM |
|
Wow, they actually pulled the plug on the server? How the heck did they think that was going to benefit anyone at all? Unless you can magically make the IP address not route to the facility, just because the data dead ends, doesn't stop it from going there anyway... Assuming my rudimentary network skills aren't totally failing me (which is entirely possible. I'm a systems admin, not a network admin, for a reason.) |
| Posted by Siterack_net, 05-09-2012, 07:16 PM |
|
THey pulled the plug on ALL my servers, AFTER they pulled the switch. |
| Posted by Spluut, 05-09-2012, 07:19 PM |
Quote:
|
Originally Posted by Siterack_net
THey pulled the plug on ALL my servers, AFTER they pulled the switch.
|
What provider do you use? I'll add them to my list of blacklisted data centers.  |
| Posted by Siterack_net, 05-09-2012, 08:16 PM |
|
I colo with a company inside GNAX. It's not GNAX that did the unplugging, it's the guys that own the cage I'm located in. Don;t want to give that out. |
| Posted by Testtube302, 05-10-2012, 08:17 AM |
|
Hey buddy I am very sorry to hear what you are going through If you need any help please be sure to ask I hate seeing this happen. |
| Posted by cd/home, 05-10-2012, 08:59 AM |
Quote:
|
Originally Posted by Siterack_net
I colo with a company inside GNAX. It's not GNAX that did the unplugging, it's the guys that own the cage I'm located in. Don;t want to give that out.
|
Well to be honest if everything is correct on what your saying I would be demanding a refund for the month and moving away |
| Posted by SPINIKR-RO, 05-10-2012, 09:40 AM |
Quote:
|
Originally Posted by Siterack_net
THey pulled the plug on ALL my servers, AFTER they pulled the switch.
|
wow man sorry to hear that.. how ridiculous. I would get out of there if thats how they are going to handle something like that. 
Quote:
|
Don;t want to give that out.
|
 |
| Posted by NetDepot - Terrence, 05-10-2012, 10:06 AM |
|
I hope you get your issue resolved with your provider. |
| Posted by Testtube302, 05-10-2012, 10:06 AM |
Have you guys visited http://siterack.net/ And seen how hes trying to keep his customers informed?
I find this impressive. |
| Posted by DPG, 05-10-2012, 10:46 AM |
|
You can PM me if you want to know who pulled the plug on them. I will respect SiteRack.net's wish to not post this publicly. |
| Posted by amelen, 05-10-2012, 10:47 AM |
|
Looking at their site, it seems like some pretty serious issues going on - hopefully they get them resolved. |
| Posted by Siterack_net, 05-10-2012, 03:29 PM |
Quote:
|
Well to be honest if everything is correct on what your saying I would be demanding a refund for the month and moving away
|
ALOT easier SAID than DONE.
But ultimately probably my plan.
First step is to get everything up and running again |
| Posted by UNIXy, 05-10-2012, 03:36 PM |
Quote:
|
Originally Posted by Siterack_net
ALOT easier SAID than DONE.
But ultimately probably my plan.
First step is to get everything up and running again
|
Do you still need a hand recovering the downed node?
Regards
Joe |
| Posted by Siterack_net, 05-10-2012, 03:53 PM |
Yeah the downed node is an absolute mess.
The /vz partition is just completely corrupted.
This was the newest server too, and I was still seeking an effective backup solution for solusvm/openvz containers.
Solus's built in backup system is ridiculously horrible.
Caused such high load problems.
But even it would have been better than the nothing I had on the node |
| Posted by UNIXy, 05-10-2012, 04:00 PM |
Quote:
|
Originally Posted by Siterack_net
Yeah the downed node is an absolute mess.
The /vz partition is just completely corrupted.
|
How corrupted is it? |
| Posted by Siterack_net, 05-10-2012, 04:23 PM |
Looking at container data, folders have turned into files, things like databases are missing, and just general scatter.
Seems most people's /home folders are intact.
But containers are missing files needed for operation, and won;t start either. |
| Posted by Simplex-Ed, 05-10-2012, 04:25 PM |
Quote:
|
Originally Posted by Siterack_net
Looking at container data, folders have turned into files, things like databases are missing, and just general scatter.
Seems most people's /home folders are intact.
But containers are missing files needed for operation, and won;t start either.
|
Strange... folders have turned into files? Are you sure about that one or is your shell display them as files? May be trivial but have you actually tried to cd to the folders which you think are files? What databases are missing?
You need to get other servers up in a new provider ASAP and sync what customer data you have left if these nodes are not salvageable.
Good luck!
 |
| Posted by Siterack_net, 05-10-2012, 04:28 PM |
Yes, the superblock had to be restored using fsck.
Trying to access the folders as folders yields an error that it's not a folder.
run vi on them adn they apear to be empty files, or even in some cases contain @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
I have another node. I am trying to get people moved over there, but I have to salvage each bit of data manually, so it;'s taking forever. |
| Posted by UNIXy, 05-10-2012, 04:45 PM |
Quote:
|
Originally Posted by Siterack_net
Yes, the superblock had to be restored using fsck.
Trying to access the folders as folders yields an error that it's not a folder.
run vi on them adn they apear to be empty files, or even in some cases contain @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
I have another node. I am trying to get people moved over there, but I have to salvage each bit of data manually, so it;'s taking forever.
|
Check under /vz/lost+found if you've run fsck. You'll find recovered files there. Did fsck pass OK? I'm surprised it'd leave corrupted inodes like that without complaining.
Regards |
| Posted by Siterack_net, 05-10-2012, 04:52 PM |
there is a lost+found, but each file is an inode number, and there are litterally thousands upon thousands.
I ran FSCK a second time, but it got nothing on second run |
| Posted by cd/home, 05-10-2012, 06:46 PM |
Quote:
|
Originally Posted by Siterack_net
ALOT easier SAID than DONE.
But ultimately probably my plan.
First step is to get everything up and running again
|
If you have a contract in place which covered this type of thing you could easily do them for recovery of the node which they well simply almost destoryed... |
| Posted by prateek, 05-10-2012, 08:42 PM |
You can still try to recover data connect the hdd to a windows pc and recover the newsest possible copy???
some time os keep a backup copy of each file as old copy if ur lucky you may find a copy just few hrs or day before the crash?
well i did recover some files from my desktop pc never tried on any server though or linux
also there are also lots of paid recovery services but they take anywhere between 24 hrs to a whole month depends on data |
| Posted by stablehost, 05-10-2012, 10:11 PM |
Quote:
|
Originally Posted by CGotzmann
ddos attacks are rarely that small anymore... you need 10Gbps protection or its worthless
|
It's not really about bandwidth speed, but moreso about how many packets. I've seen 50Mbit attacks fill up connection tables and overload the router plenty of time... |
| Posted by Turf', 05-10-2012, 11:23 PM |
|
Wow. You should sue your provider. That is totally unacceptable, I hope everything comes out smoothly for you (But honestly, I don't think it will), they really screwed up.. |
| Posted by beastserv, 05-11-2012, 12:54 AM |
Quote:
|
Originally Posted by Siterack_net
there is a lost+found, but each file is an inode number, and there are litterally thousands upon thousands.
I ran FSCK a second time, but it got nothing on second run
|
Have you created an image/clone of the drive prior of running fsck ?
actually this sounds like your raid setup broke the file system.
but that you find out after your format the array and test run it.
how many drives do you have in the array?
does it looks like this : https://www.securehost.co.il/stam-ti.../data-loss.png ?
a mangled ext3 is a bad situation, if you don't like solus backup system, script your own backup method and keep the containers safe.
did you have cpanel backups enabled to a local directory such as
/vz/private/<VMID>/backup/cpbackup
Maybe worth running a find . for .tar.gz files and ftp them out once you done with fsck.
that saved me 99.5% of the data when we had a power blip in the past ( Circuit breaker exploded in DC ! ) |
| Posted by Siterack_net, 05-11-2012, 04:21 AM |
Quote:
did you have cpanel backups enabled to a local directory such as
/vz/private/<VMID>/backup/cpbackup
|
Yes most of the users did have a /backup folder. Some are intact, some are not.
Good point on running a find for tar.gz files. If I wasn't so sleep deprived, I would have thought of that on my own
Quote:
actually this sounds like your raid setup broke the file system.
but that you find out after your format the array and test run it.
|
It almost certainly had something to do with the raid. The BBU is only good for 12 hours.
THey had me shut down for 24. SO the 512Mb's of write cache dissappeared. |
| Posted by aeris, 05-11-2012, 04:27 AM |
|
A few weeks back, I had a similar thing happen to one of my ext3 file systems (a 10-disk Adaptec-based RAID-6), where the RAID basically ate it for no particular reason. fsck just turned an unreadable mangled mess into a mangled mess, and even professional data recovery wouldn't be able to get much of anything usable out of something like that, so wipe and recover from backup was the only viable strategy. |
| Posted by nehir, 05-11-2012, 04:30 AM |
|
Sad.. Good luck man! |
| Posted by SilentKnight, 05-11-2012, 09:22 AM |
|
Sad, Hope you get it resolved soon. I'll be awaiting any updates. |
| Posted by Siterack_net, 05-11-2012, 12:55 PM |
|
GREAT NEWS!! We are under DDOS and the anti DDOS proxy is working beautifully! Datacenter doesn't see a thing! All services are running fine, with node-atl01(the crashed node) being the exception of course |
| Posted by IRCCo Jeff, 05-11-2012, 01:16 PM |
Quote:
|
Originally Posted by Siterack_net
GREAT NEWS!! We are under DDOS
|
You don't hear that every day |
| Posted by Flapadar, 05-11-2012, 01:17 PM |
Quote:
|
Originally Posted by IRCCo Jeff
You don't hear that every day
|
Admittedly it is quite fun to be taking a huge attack and seeing it have no effect. |
| Posted by Siterack_net, 05-11-2012, 01:47 PM |
Quote:
|
You don't hear that every day
|
Yeah lol, I kinda thought about it after I wrote it.
Is funny
Quote:
|
Admittedly it is quite fun to be taking a huge attack and seeing it have no effect.
|
It's even more fun when you have the live graphs showing what is going on. |
| Posted by RethinkVPS, 05-11-2012, 01:51 PM |
Quote:
|
Originally Posted by Siterack_net
Yeah lol, I kinda thought about it after I wrote it.
Is funny
It's even more fun when you have the live graphs showing what is going on.
|
Can we see the graph? |
| Posted by Siterack_net, 05-11-2012, 02:05 PM |
It was only a little one.
But that's how they were starting. Would start small, then get bigger as time went on. But even this would have been enough to shut me down.
THis time it looked like they gave up rather quickly.
Start End
May 11 09:26:39 PDT 2012 May 11 09:46:33 PDT 2012 810,855 Kbps 164,248 PPS |
| Posted by morrisonhosting, 05-11-2012, 02:10 PM |
This was a huge issue but you not only managed to keep working toward a resolution, you managed to keep your customers informed all the while you were working on this. Being a siterack customer I have to say, even in the worst of situations, the support was great as always.
So everyone give a round of appplause for Chris Walker, he deserves it!
-Tyler Morrison |
| Posted by Siterack_net, 05-11-2012, 02:56 PM |
Thanks Tyler. I just hope the rest of clients feel the same way.
Took 3 years to build this to what it is today. A little DDOS, and negligence on the part of the DC, and admittedly even some of my own, and get set back 2 years. Sux. |
| Posted by RethinkVPS, 05-11-2012, 03:12 PM |
Quote:
|
Originally Posted by Siterack_net
Thanks Tyler. I just hope the rest of clients feel the same way.
Took 3 years to build this to what it is today. A little DDOS, and negligence on the part of the DC, and admittedly even some of my own, and get set back 2 years. Sux.
|
Did you lose many clients from this? If so I really feel sorry for you man. I hope your existing clients realize how much of a hard time you have had trying to fix this mess. |
| Posted by Siterack_net, 05-11-2012, 03:16 PM |
I'm pretty sure I did.
The primary reseller server loads are awfully low. |
| Posted by morrisonhosting, 05-12-2012, 02:45 AM |
Quote:
|
Originally Posted by Siterack_net
I'm pretty sure I did.
The primary reseller server loads are awfully low.
|
Just hope that the resellers don't know about the sites being back up and leave it at that. You did what you could. |
| Posted by Siterack_net, 05-12-2012, 09:27 PM |
Note to SiteRack.net Customers.
While the DDOS issue was resolved days ago, many of you had experienced extended downtimes due to the data corruption of one of our servers.
About 95% of that server has been recovered and moved to another working server. My sincerest apologies go out to the clients who did lose there sites.
Why this particular server had no backups...
This server was deployed about two months ago in a hurry to replace an older failing server. The first priority was to get everything off the old failing server and migrated to this new one. Shortcuts were taken to get it deployed rapidly. As time went on it was forgotten that there was not a backup system in place for this system.
I know this is a poor excuse, and complete ignorance on my part for not getting that done.
My promise to you: Never again will client data ever touch a server that has no backup system in place. I have learned my lesson, "that the only server with no backup is the one that will fail"
In closing, I want to give a big thank you to everyone who awaited patiently and worked with me in this time of difficulty.
-Chris Walker |
| Posted by ccalby, 05-13-2012, 07:44 AM |
Hello Chris,
Sorry about this issue. I have just been reading over it after you referred me to it a few days ago.
I am glad everything is looking up. I remember a DDoS attack on Boxing Day a few years ago. All techs were called in and costs us a tonne.
These things happen unfortunately, its just a case of trying to be one step ahead of them even though at times this is hard.
Regards,
|
| Posted by YouHosting, 05-13-2012, 07:54 PM |
Quote:
|
Originally Posted by Siterack_net
GREAT NEWS!! We are under DDOS and the anti DDOS proxy is working beautifully! Datacenter doesn't see a thing! All services are running fine, with node-atl01(the crashed node) being the exception of course
|
May we know who was your DDOS proxy?
I see it worked fine for you so it would be nice to know who to trust in case of emergency. |
| Posted by Siterack_net, 05-14-2012, 01:29 PM |
Staminus.net
They were great. Really worked with my budget and developed a custom plan to suit my needs.
Took about an hour to get things provisioned, and then the rest was up to me to get the servers configured to make use of it. They quickly answered any questions I had.
I'm very happy with there service, and it quite literally saved the life of my business. |
| Posted by toro, 05-14-2012, 04:27 PM |
|
Thanks for the positive remarks! |
| Posted by VectorVPS, 05-14-2012, 08:26 PM |
Quote:
|
Originally Posted by Siterack_net
Note to SiteRack.net Customers.
While the DDOS issue was resolved days ago, many of you had experienced extended downtimes due to the data corruption of one of our servers.
About 95% of that server has been recovered and moved to another working server. My sincerest apologies go out to the clients who did lose there sites.
Why this particular server had no backups...
This server was deployed about two months ago in a hurry to replace an older failing server. The first priority was to get everything off the old failing server and migrated to this new one. Shortcuts were taken to get it deployed rapidly. As time went on it was forgotten that there was not a backup system in place for this system.
I know this is a poor excuse, and complete ignorance on my part for not getting that done.
My promise to you: Never again will client data ever touch a server that has no backup system in place. I have learned my lesson, "that the only server with no backup is the one that will fail"
In closing, I want to give a big thank you to everyone who awaited patiently and worked with me in this time of difficulty.
-Chris Walker
|
Sounds like you are learning from the mistake, and also that you value honesty instead of sugarcoating and excuses. These are qualities that unfortunately seem to be lacking in a lot of hosts these days. |
| Posted by Robbie P, 05-15-2012, 05:23 AM |
Quote:
|
Originally Posted by Siterack_net
Staminus.net
They were great. Really worked with my budget and developed a custom plan to suit my needs.
Took about an hour to get things provisioned, and then the rest was up to me to get the servers configured to make use of it. They quickly answered any questions I had.
I'm very happy with there service, and it quite literally saved the life of my business.
|
Just looked on their site, and they can only handle 500 Mbps DDoS attacks - if a booter such as twbooter/rebelsecurity was used then it would not stand a chance.
Is it possible to get higher DDoS Protection for lets say, a 1GBps attack? Because most of the "pros" can get their hands on very powerful booters. |
| Posted by Jono20201, 05-15-2012, 07:14 AM |
Quote:
|
Originally Posted by Robbie P
Just looked on their site, and they can only handle 500 Mbps DDoS attacks
|
Your wrong, we have 2gbps protection from them - its worth $1k/m but they have given it to us free with our giant node we have with them.
So far only 2% of DDoS's have beaten it, and even when it was beaten only the targeted IP was took down (resulting in only one customer offline, and 40 other happy customers who didn't even know). |
| Posted by Robbie P, 05-15-2012, 11:02 AM |
Quote:
|
Originally Posted by Jono20201
Your wrong, we have 2gbps protection from them - its worth $1k/m but they have given it to us free with our giant node we have with them.
So far only 2% of DDoS's have beaten it, and even when it was beaten only the targeted IP was took down (resulting in only one customer offline, and 40 other happy customers who didn't even know).
|
Fair enough, their site says 500mbps which is why I said that |
| Posted by Jono20201, 05-15-2012, 11:27 AM |
Quote:
|
Originally Posted by Robbie P
Fair enough, their site says 500mbps which is why I said that
|
Yeah - there site does have its issues. Their newsletters are even worse, good old publisher 2003! |
| Posted by morrisonhosting, 05-15-2012, 11:38 AM |
Quote:
|
Originally Posted by Robbie P
Just looked on their site, and they can only handle 500 Mbps DDoS attacks - if a booter such as twbooter/rebelsecurity was used then it would not stand a chance.
Is it possible to get higher DDoS Protection for lets say, a 1GBps attack? Because most of the "pros" can get their hands on very powerful booters.
|
A quick google search reveals that it can be up to 10Gbps (small b being bits not bytes).
Linky- https://www.staminus.net/Under-Attack |
| Posted by cd/home, 05-15-2012, 11:54 AM |
Quote:
|
Originally Posted by Robbie P
Is it possible to get higher DDoS Protection for lets say, a 1GBps attack?
|
Sure, Its been confirmed that Cloudflare will handle upto 2Gbps depending on the attack type |
| Posted by morrisonhosting, 05-15-2012, 03:58 PM |
Quote:
|
Originally Posted by cd/home
Sure, Its been confirmed that Cloudflare will handle upto 2Gbps depending on the attack type
|
I would like to see that proof. I know they said approximately 1Gbps would be able to be mitigated if it was a layer 4 attack or a http attack when your website is in their "Under Attack" mode. |
| Posted by toro, 05-15-2012, 04:10 PM |
Quote:
|
Originally Posted by Robbie P
Just looked on their site, and they can only handle 500 Mbps DDoS attacks - if a booter such as twbooter/rebelsecurity was used then it would not stand a chance.
Is it possible to get higher DDoS Protection for lets say, a 1GBps attack? Because most of the "pros" can get their hands on very powerful booters.
|
Robbie,
I'm not sure where you're reading that. If our website has errors, I apologize. Our website sells up to 10 Gbps but we can filter well above 10 Gbps. |
| Posted by damoncloudflare, 05-15-2012, 05:05 PM |
Quote:
|
Originally Posted by cd/home
Cloudflare has said it can withstand certain 1-2Gbps attacks although thats nothing to be considered "big" by any means but it certainly would stand up against most attacks these script kiddies pull together
|
It depends on the type of attack, overall. There are also some other things that a CloudFlare user can do to stem the attack as well (restrict connections to CloudFlare's ips only, etc.). |
| Posted by shlomi2k, 05-15-2012, 05:14 PM |
they are just jelous with your services  |
| Posted by cd/home, 05-15-2012, 05:29 PM |
Quote:
|
Originally Posted by morrisonhosting
I would like to see that proof. I know they said approximately 1Gbps would be able to be mitigated if it was a layer 4 attack or a http attack when your website is in their "Under Attack" mode.
|
Quote:
|
Originally Posted by damoncloudflare
It depends on the type of attack, overall. There are also some other things that a CloudFlare user can do to stem the attack as well (restrict connections to CloudFlare's ips only, etc.).
|
Correct hence I said "certain" |
| Posted by morrisonhosting, 05-16-2012, 09:15 AM |
Quote:
|
Originally Posted by cd/home
Correct hence I said "certain"
|
I know, everyone gives everyone a hard time here. |
| Posted by Robbie P, 05-16-2012, 02:30 PM |
Quote:
|
Originally Posted by Jono20201
Yeah - there site does have its issues. Their newsletters are even worse, good old publisher 2003!
|
Gotta love it, eh?!
Quote:
|
Originally Posted by morrisonhosting
|
Ah thanks for that pal :}
Quote:
|
Originally Posted by cd/home
Sure, Its been confirmed that Cloudflare will handle upto 2Gbps depending on the attack type
|
It's also been proven (by people i know) that Cloudflare doesn't protect it 100%!
Quote:
|
Originally Posted by toro
Robbie,
I'm not sure where you're reading that. If our website has errors, I apologize. Our website sells up to 10 Gbps but we can filter well above 10 Gbps.
|
It's on your website, on the ddos protected servers page! Thanks |
| Posted by morrisonhosting, 05-16-2012, 03:57 PM |
Quote:
|
Originally Posted by Robbie P
Gotta love it, eh?!
Ah thanks for that pal :}
It's also been proven (by people i know) that Cloudflare doesn't protect it 100%!
It's on your website, on the ddos protected servers page! Thanks
|
You are welcome. I clicked on the link with "Under Attack!" as the title on their homepage. Talk about a call to action.
-Tyler Morrison |
| Posted by damoncloudflare, 05-16-2012, 06:33 PM |
Quote:
|
Originally Posted by morrisonhosting
I would like to see that proof. I know they said approximately 1Gbps would be able to be mitigated if it was a layer 4 attack or a http attack when your website is in their "Under Attack" mode.
|
We don't protect against all attack types and sizes at this time (nor do we claim to). Many Layer 7 attacks, for example, are generally stopped fairly well; other attacks, like SYN floods, are generally more difficult.
We will be updating our marketing content with more specifics about what kind of attack we will help with & size very soon (something I've been pushing for & will make all of our lives a lot easier). We can still generally help mitigate against many common http:// attacks quite well right now. |
| Posted by morrisonhosting, 05-16-2012, 07:34 PM |
Quote:
|
Originally Posted by damoncloudflare
We don't protect against all attack types and sizes at this time (nor do we claim to). Many Layer 7 attacks, for example, are generally stopped fairly well; other attacks, like SYN floods, are generally more difficult.
We will be updating our marketing content with more specifics about what kind of attack we will help with & size very soon (something I've been pushing for & will make all of our lives a lot easier). We can still generally help mitigate against many common http:// attacks quite well right now.
|
Well that's good. I'm guessing the traffic is detected and denied or do you spread it across the network (I can see some issues with that). I know how good cloudflare is for challenges (captcha and tests).
-Tyler Morrison |
| Posted by Exploited Host, 05-16-2012, 11:15 PM |
|
We got DDoSed at 4.80Gbps last night. I wonder if this is related. Also, I would suggest you get a nice hardware firewall if your datacenter sells them. |
| Posted by IRCCo Jeff, 05-17-2012, 12:20 AM |
Quote:
|
Originally Posted by Exploited Host
We got DDoSed at 4.80Gbps last night. I wonder if this is related. Also, I would suggest you get a nice hardware firewall if your datacenter sells them.
|
200 - 300 Mbps of TCP SYN is about enough traffic to saturate the session table on a stateful firewall (Juniper SRX, Netscreen, Cisco ASA, etc.) |
Add to Favourites 
Print this Article
Also Read
JoeDC (Views: 1045)
Shared Hosting
Shared Hosting
