DDoS Attack in a heavy Joomla site: Dedicated or VPS Protected?

Portal Home > Knowledgebase > Articles Database > DDoS Attack in a heavy Joomla site: Dedicated or VPS Protected?

Posted by Kotsolis, 11-08-2014, 09:21 PM
I have a very heavy Joomla site, each backup takes about 34GB. I use Dedicated server for about 3 years. Last time I had a VPS server (I might had a small one back then) I had some slowdowns I must stay. During 30 days I received 2 DDoS Attacks, the first was 3,9Gbps and the second 3Gbps. During those attacks, the server was brought down by the main company that owns the server for 24 hours (the one that my hosting company co-operates). So I had to ask my hosting company to remove the block so they responded within the first hours. My hosting company advised that I should move to a VPS Server - DDoS Protected. - The Dedicated server that I have: Intel Core i5 3550, 16GB RAM, 2x500GB HDD, 5TB Bandwidth. - The VPS Server they offered me: 5 CPU Cores (Intel Xeon), 6GB Dedicated Memory, 240GB HD, 4TB Monthly Bandwidth and DDoS Protection (480Gbps). Questions: 1)If I will move to this server, am I going to have the same speed that I have now? Iam surprised that the Dedicated server prices $165 and the VPS I mentioned $115 . 2)Is it possible to stay in this dedicated server and install DDoS protection? I know that a Dedicated server means that you own the whole PC, while a VPS server means "Server within server". So what's the catch? I own the whole PC, why I can't protect it? 3)Is it logic that the main server owner brings down the Dedicated Server PC? It's a PC that I paid to own, so why should they have their own rules? The PC should restart by itself and the server should continue running. Why should it be taken down for 24 hours? 4)The hosting company support (reseller) declares that they don't know the attacker's IP in both cases. Is this logic? At least can I install a software (in my WHM or Cpanel) and track his IP when the site goes down again? Sorry for the long post. I hope that you can reply in all of my questions!
Posted by astutiumRob, 11-08-2014, 10:19 PM
Without knowing the setup, software and config intimately it's impossible to know, but as it's a lower-specification, simple answer is probably not. The 'protection' will be 'before' the server (or VM) - your provider should be able to answer why they cant protect the server but think they can protect a virtual machine - it's probably because they dont actually have any control over the actual service that is being provided, just reselling someone elses systems. If the attack is causing a problem to their network, other customers, or costing them money - yes. Depends on the type of attack, and what 'visibility' and 'control' they actually have over the service(s).
Posted by Truman, 11-09-2014, 06:12 AM
If the attack is continuing, you can ask them to have a hardware firewall in place while keeping you on your dedicated server. Did they provide more information about the attack? Do you run any firewall on your server? Assuming its cPanel/WHM you got csf installed right? I know these attacks are more than what csf could do, but generally asking. My suggestion would be to ask them for a hardware firewall to be placed and monitor the server for few days and see if the attack has subsided or not.
Posted by Infinitnet, 11-09-2014, 06:34 AM
That depends on how many other virtual machines they have on the same node, what kind of storage they use and lots of other factors, so that's close to impossible to tell. It seems like you don't know that much about how this works. For once, if you receive a 3Gbps DDoS attacks, but I'm assuming that the NIC (network card) in your server is only a 1Gbps or even just 100Mbps one, it will simply make your NIC and server crash, so you can't protect yourself by installing something on your server. Furthermore the traffic has to go through the routers and switches of your hosting provider first and they most likely don't have the equipment to handle such huge traffic spikes and it could even affect other servers that are behind the same switch. One solution you could deploy "infront" of your server would be remote DDoS protection that quite a few providers on here offer. In your case you'd have to look for a HTTP reverse proxy DDoS protection. This would allow you to stick with your current hosting provider and keep your current server, as it would filter all the DDoS traffic before it reaches your hosting provider's network or your server. However, you would have to change your IP to one the attackers don't know yet and then make all your DNS records point to the DDoS protected proxy IP that you'll receive from your anti DDoS provider instead of your server IP and also follow a few guidelines that your anti DDoS provider should tell you about, such as not sending mails through your server, but to use a service like Amazon SES instead for outgoing mails and Google Apps for incoming mails (although a few providers can protect your MX records as well and forward port 25 too and not just HTTP traffic). Yes, they do that to protect their own network. In fact they don't turn off your server, but "blackhole" your IP(s) at router level, so the DDoS traffic doesn't enter their internal network segments and can't affect switches and other servers (see my reply to #2). Yes, it is logical. Most DDoS attacks are impossible or at least close to impossible to track. It isn't just one IP attacking a target, but usually many thousands that consist of compromised (hacked) servers and PCs. Because they're not owned by the actual attacker and are often located in 3rd world countries, it makes it close to impossible to trace them back to the actual bad guy. Furthermore reflection attacks would make badly configured servers attack a target, even without them having to be compromised/in control of the attacker. I suggest you read this to get an idea (more details at the bottom): http://www.digitalattackmap.com/understanding-ddos/ Last edited by Infinitnet; 11-09-2014 at 06:37 AM.
Posted by EvolutionCrazy, 11-09-2014, 01:25 PM
I wouldn't do the switch to a cheaper VPS. I would just move to another server in a ddos protected environment
Posted by nokia3310, 11-09-2014, 02:29 PM
move to aws.amazon.com and call it a day might cost more but trust me you sleep VERY well at night
Posted by Kotsolis, 11-09-2014, 07:24 PM
Thanks for the answers. Currently I don't have the budget and my Dedicated server is paid in a co-operation basis in which I advertise my web hosting company. So the dillema is big now and the cost of staying offline for some hours is bigger than the cost of paying more each month. Between the solutions that Truman and Infinitnet suggested, which one is the most suitable for me in terms of money/cost ? We have: 1)Put a hardware firewall. 2)Remote DDoS Protection 3)They also told me to have a look at CloudFlare.com About Aws.Amazon.com , sorry but Iam against the idea of "Put your credit card here, one year free and at the end of it you will forget us but we'll charge you from top to bottom". Let's just forget about this. I also don't know Cloud Computing and I think that nothing is compared to a Dedicated server, just for the tasks that I want to accomplish. Thanks. Last edited by Kotsolis; 11-09-2014 at 07:33 PM.
Posted by Infinitnet, 11-09-2014, 07:41 PM
If their free plan can block the attacks you're receiving, #3 might be the cheapest one, as it would be free. If not, then you should consider #2 and you can forget about #1 if you have a tight budget. And PS: CloudFlare.com basically is remote DDoS protection.