DDoS protection for a smaller guy

Portal Home > Knowledgebase > Articles Database > DDoS protection for a smaller guy

Posted by Shorshor, 08-05-2005, 05:46 PM
While doing a research on hosting companies that offer at least some kind of protection from DDoS attacks for reseller/shared accounts I realized that there are currently 2 companies being successful in effectively protecting their customers from DDoS attacks: staminus (S) and gigeservers (G) for moderate price. However, even $150/month for dedicated hosting offered by those companies is way above my budget. Also I do not have neither expertise no time to administer a box, so I'm after reseller accounts. Naturally I thought that I have to find smaller hosting companies who keep their servers with G. or S. and offer reseller accounts (or at worst, just regular shared hosting allowing to host more than one domain). From the threads on WHT I found some names, here they are: stamina-host.com/reseller.html (@Staminus) hostxpro.com (@ Gigeservers) pyrexnetworks.com (@ G) best-shellz.net (@ G) sh3lls.net (@ G) voltshells.com (@ G) But as I found out except for the stamina-host the rest keep only IRC-servers at G., and the servers used for web hosting are kept elsewhere... Question #1: are there any other hosting companies offering shared hosting/reseller account and having servers at G or S? Question #2: why reputable companies like HTTPme, Idologic and bunch of others offering reseller accounts do not keep couple of servers at Staminus or Gigeservers to host customers who for some reasons have attracted attention of packet kiddies? I mean, the regular procedure when someone is being DDoS-ed at shared hosting is like this: the host first tries to somehow protect the server from the attack (best case scenario) then/or just nullroutes the doomed IP. If attacks continue the customer is being asked to leave ASAP so the others do not suffer, that's it. But isn't it better to offer the victim of the attack some space at a much better protected facility, even for higher price? For example I am willing to pay lets say $50-55/month for the basic reseller account instead of $30 (Idologic) or $35 (HTTPme) just for being sure that I am not being booted because one of my clients has become a target of a DDoS attack. Not to say that offering protection for small guys may be a great selling point. Last edited by Shorshor; 08-05-2005 at 05:53 PM.
Posted by productive, 08-05-2005, 06:50 PM
HI, Shorshor You should really look arround the forum in the offers section if you want info like that and besides it never hurts to contact the companies with questions reading DDOS protection. One thing for sure is that almost every company out there tries to protect them self from beaing damaged. After all who in here wants to be destroyed. Some companies can protect them selfs more than others but that does not mean that they are not trying. Good Luck
Posted by Scott.Mc, 08-05-2005, 08:53 PM
Staminus are really good.
Posted by Shorshor, 08-06-2005, 02:45 AM
This is what I have been doing since the last Friday Yes. But still I would prefer to deal with a company that has it servers in a protected DC, rather than with someone who is going to fight just to some point then run to the hills I was asking not about Staminus but smaller hosting companies keeping their servers there.
Posted by productive, 08-06-2005, 02:51 AM
Hello, Shorshor I totally understand you, you want to know that you are protected to the fulless extent. Good Luck
Posted by Aorozco, 08-08-2005, 11:34 AM
Some of my sites have DDos Attacks lately. Then i buy Jodohost with a spcecific ip plans ( for emergencies ) and use roundr robbins with three resellers in different DC each using cpanel, blocking offenders ip. Things are safe now for me.
Posted by Shorshor, 08-08-2005, 02:41 PM
The fact that you used round robin suggests that you have dedicated servers. Or was it shared account? Last edited by Shorshor; 08-08-2005 at 02:53 PM.
Posted by Aorozco, 08-08-2005, 02:47 PM
Simple Resellers. I have not any dedicated or VPS. Mi main concern is not have a significant % of my customers with one business.. if one fail, is not catastrophic. At the moment have 12 resellers around 120-140 USD monthly, but my income is around 500 to 800 Monthly, I use round robbin ONLY in cpanel and static sites, but have too plesk, hsphere, ensim, helm. I put the ns of the target domains in this matter: 1) ns1.resellerinGlobalcompass.com 2) ns2.resellerinGlobalcompass.com 3) ns1.resellerinGNAX.com 4) ns2.resellerinGNAX.com 5) ns1.resellerinTHEPLANET.com 6) ns2.resellerinTHEPLANET.com And get around 100% Uptime. The customer need upload in three sites via FTP, but no much problems. If you have addon domains in the account, can be shared. I have a little plan with round robbin, and i backup ALL the customers data in one step, is the reason i use cpanel and not helm or DIrectAdmin.
Posted by Shorshor, 08-08-2005, 02:54 PM
Sounds logical yet I have to check this in more detail, I am not very well aware of how the round robin works. I thought one needs to have a dedicated server and to run some additional scripts to implement round robin.
Posted by Aorozco, 08-08-2005, 02:56 PM
use the search feature , in a thread beginned for me asking for "weird reseller requeriment about the planet" one guy put a good link.
Posted by Babushka99, 08-16-2005, 03:24 PM
Some companies do offer DoS/DDoS protection - for example resellers for shared hosting on EZZI might do it and EV1, etc. but chances are their mitigation systems may not thwart an attack in its entirety (a) it could be too small to be noticed (b) it could be too big for the hardware protecting the DC or the Server. If you're experiencing an attack of say 200k setups per second, there is very little a Netscreen firewall or even a TopLayer 5500 (base) model can do. It would inundate the appliance. If your attack is small (you need to find out) then it could very well be controlled. Faisal
Posted by Shorshor, 08-16-2005, 04:05 PM
Nothing like 200K/sec. The most agressive I've seen was less than a hundred requests per sec.
Posted by Babushka99, 08-16-2005, 04:08 PM
1-2K per second is very controllable.
Posted by Shorshor, 08-16-2005, 04:10 PM
Yes, if the hoster wishes to spend time while being at risk of getting hit by a wave of complaints from other customers on the same server. In my case the hoster didn't try and didn't want to do anything.
Posted by Aorozco, 08-16-2005, 06:25 PM
do u know how many ip are the offenders ort are too many ?
Posted by Shorshor, 08-17-2005, 03:08 AM
Not many, actually. It's all about the willingness to fight for the customer's interest in an out of ordinary situation.
Posted by Babushka99, 08-17-2005, 03:24 AM
Your problem might come down to pure economics (sadly!). If it prices the data-center say 10 hours to control this - assuming they are charging US$ 90/hour, its $900 of billing so to speak for that month. If you only give them say $45/month, that's only $540/year - considering a year has 12 months and you may have only been with them for say 3 months. So in your case they may very well adopt the "screw it" attitude. It all depends from DC to DC / host-to-host. Some will bend over backwards to help you out, others might not. YMMV.
Posted by Shorshor, 08-17-2005, 04:38 AM
I understand that perfectly (sigh...). However, I think every host must have some basic protection at least from smaller attacks, because nowadays anyone can get hit by a DDoS attack. A web hosting client doesn't need to run an online casino, porn site or IRC network to become targetted. A host that cannot and doesn't want to protect customers from a 2Mbps attack is asking for troubles for those very clients whose interests he/she claims to be protecting. These days running a web hosting company without some DDoS protection is like entering a battlefield driving Honda Civic. Of course, there are chances the driver and passengers may survive, but those are very low I believe. Last edited by Shorshor; 08-17-2005 at 04:42 AM.
Posted by Babushka99, 08-17-2005, 04:52 AM
Actually Fast & Furious taight us that Honda Civics are good for the run!!! Any ways, most DCs do not have protection from DoS/DDoS, even if they do, the trigger threshold may be set up high - so as to kick in if the traffic to & from the data center starts getting affected. 2Mbps would not even register on some DCs network monitoring systems, but a mis-configured server, and one that is not throughly patched up and drummed down, a 2Mbps pipe can play havoc. Just remember one thing - the estimate of the number of PCs/Servers compromised that can adequately be termed as "zombie" machines is anywhere from 50 million nodes to 90 million nodes, depending whom you ask. The problem is only going to get worse before it gets better. Faisal
Posted by Shorshor, 08-17-2005, 05:57 AM
Yes and yes and yes! That's why I am sure that making some investments by hosting companies now will let both them and their clients avoid some potentially disastrous consequences of DDoS attacks later on. Actually there are not that many huge botnets around and chances are one won't get attention from those big guys, but even smaller (500-2000) botnets can cause lots of trouble to unprepared hosts. And it is possible to create such a botnet for people without some extraordinary knowledge of computers and networks. Last edited by Shorshor; 08-17-2005 at 06:05 AM.
Posted by Aorozco, 08-17-2005, 03:01 PM
well you say are noy too much ip causing the problem, i try to ban it in cpanel... and use round robbin
Posted by Prolexic UK, 08-22-2005, 07:41 AM
Sigh* - yup - unfortunately the ISP market is very competitive, so expending money on DDoS mitigation is only a last resort for many. However, we have seen quite a change in attitude in the last year and a bit, so maybe, just maybe......
Posted by Rochen, 08-22-2005, 09:02 AM
Although a lot of web hosting providers will have systems in place to help protect against DOS/DDOS attacks many will not advertise this as a feature to try and prevent customers signing up who are actively looking for this protection because they know their websites will be attacked. - Chris
Posted by Shorshor, 08-23-2005, 04:46 AM
My (though very limited) experience shows that most of the hosting companies claim they have something in place to protect from DDoS. However, when there is an attack they fail to stop even the smallest one. Recently my site was DDoSed along with 7 other web sites of similar theme: in all cases except for one the hosting companies were totally useless.
Posted by Alex Fernandez, 08-23-2005, 05:03 AM
Ezzi have some basic DDoS protection, but a no IRC allwoed policy too. Having said that, a 2mbps attack against a DC with multiple GigE would not cause any harm, its when attacks get into the 10mbit or more (especially if you are on a 10mbit port) that problems occur.