DDOS Attack

[moeloubani]

One of my sites is undergoing a DDOS attack that is coming in at around 40-50mbps. The traffic is all coming from Russia and I've tried blocking Russian traffic through a firewall but my host is telling me all they can do now is null the IP that the site is on. I'm not too worried as the site doesn't make me money but as a matter of principle I'd like to be able to keep the site up.

Are there any hosts out there that I could get a server with that would be able to mitigate these attacks?

[DWB]

Back when Russians were DESTROYING all the ladyboy sites, isprime was the only company who took a licking and kept on ticking. Everyone else fell to shit and couldn't handle it very well.

[Barefootsies]

Contact Fortress and ask for their "special sauce". That will take care of it for you.

I think it runs around $2500.00 a month.

[loreen]

It happens to me too, every couple of months or so. I just take the targeted sites down for 3-4 days and that's it. I swallow it with pride, lol.

[moeloubani]

lol so all I need to take down any site is some little script kiddy bs script and some russian server and that's it? there's gotta be a company that can deal with this thats not going to cost a fortune

edit: ive tried taking the site down for months and brought it back up just for the attack to resume

[Barefootsies]

Quote:

Originally Posted by moeloubani

edit: ive tried taking the site down for months and brought it back up just for the attack to resume

[d-null]

Quote:

Originally Posted by moeloubani

lol so all I need to take down any site is some little script kiddy bs script and some russian server and that's it? there's gotta be a company that can deal with this thats not going to cost a fortune

edit: ive tried taking the site down for months and brought it back up just for the attack to resume

what is it about your site that is pissing them off?

[V_RocKs]

I'd say bluegravity but they just sold themselves to someone else.

[moeloubani]

no clue what it is about the site, i think its just some copycat guy wanting my site to fail

[moeloubani]

barefootsies you seem to advertise ddos mitigation with your servers, do you guys actually provide that or are you just saying that?

[Barefootsies]

Quote:

Originally Posted by moeloubani

barefootsies you seem to advertise ddos mitigation with your servers, do you guys actually provide that or are you just saying that?

DDoS Mitigation is going to cost you a handsome ransom no matter who does it.

If you are determined to keep your site up, despite it not making you a lot of money, going the null routing would be your best option to be frank. Since yours is a sustained, months on end, attack any other option is going to cost you more than you, apparently, want to spend.

[moeloubani]

Quote:

Originally Posted by Barefootsies

DDoS Mitigation is going to cost you a handsome ransom no matter who does it.

If you are determined to keep your site up, despite it not making you a lot of money, going the null routing would be your best option to be frank since yours is a sustained, months on end, attack.

Any other option is going to cost you more than you, apparently, want to spend.

Not a sustained attack, it stops then I bring the site back and I guess when the guy sees that it's back up he starts the attack again.

Shouldn't advertise DDOS mitigation if you can't really provide it Barefootsies.

SEMI MANAGED SUPPORT:
24/7/365 Tech Support Available
Free Reboot
Control Panel installation and Configuration
DDOS Mitigation
Resource Monitoring
Free Migration

So all I need to bring 95% of websites down is just a server with this company in Russia and a little script kiddie DOS script? Hard to believe!

[Barefootsies]

Quote:

Originally Posted by moeloubani

Shouldn't advertise DDOS mitigation if you can't really provide it Barefootsies.

We have a DC that we use for JUST DDoS attacked clients (as it typically happens for a client at any host). We have two or three clients in there right now as a matter of fact. Although their attacks come and go. They have to pay more for that since it is repeated every few weeks.

That said, you forget I do not like you champ. So realistically, I would never host you, or help you one way or the other. Although I appreciate the free advertising.

[moeloubani]

Quote:

Originally Posted by Barefootsies

We have a DC that we use for JUST DDoS attacked clients (as it typically happens for a client at any host). We have two or three clients in there right now as a matter of fact. Although their attacks come and go. They have to pay more for that since it is repeated every few weeks.

That said, you forget I do not like you champ. So realistically, I would never host you, or help you one way or the other. Although I appreciate the free advertising.

Picture is right.

Nigga please, you can't do shit when it comes to DDOS attacks. You pretend like you can but really it's just a scam like when you sold stolen celebrity photos you didn't own. So yes, nigga please, don't pretend like you're not the one trying to cheat noobs like you did when you were selling your 'start a business packages' that failed miserably.

As I recall you're the one who is scared shitless to share what sites he has because of a DDOS attack that you were crying about a while back.

Stop lying and doing false advertising Barefootsies. You might not want to sell me something but I'm sure as hell that money talks and little bitches like you walk, I can always go to whoever you resell for and get whatever I want without being lied to and cheated by a punk dumbass like you.

That said, anyone that isn't all talk that can help out?

[Barefootsies]

Quote:

Originally Posted by moeloubani

You might not want to sell me something but I'm sure as hell that money talks and little bitches like you walk

Yep. Money talks. You don't have it. So keep walking to the next host. Keep the bumps a rockin toots.

[moeloubani]

Quote:

Originally Posted by Barefootsies

Yep. Money talks. You don't have it. So keep walking to the next host. Keep the bumps a rockin toots.

Right..keep the bumps coming so I can get some help from someone who knows what they are talking about.

Barefootsies why don't you go back to spamming the forums with your multiple failed business ventures so the rest of the people here can continue watching your tragic/comical failures pile up.

[BIGTYMER]

Whats the site?

[moeloubani]

Just a dinky little forum for dudes to wank off on pictures LOL

I wasn't even making any money on it or flying ads on it was just building it for the member base and it had about 8500 a while ago when I shut it down. Like I said it doesn't really matter if it goes up or not since it wasn't making money but as a matter of principle id really like to be able to keep it up in the face of the attacks especially since the attacks aren't even that big.

[Barefootsies]

Quote:

Originally Posted by moeloubani

Barefootsies why don't you go back to spamming the forums with.....

[Tutorial] Clips4Sale (clips stores) and Starting Out in the Biz

[Tutorial] Celebrity Membership Pay Site, Blog, Fan Site

Sin2.0 Interview - Modern Consumer Marketing Methods
Sin2.0 Interview - Niche Pay Sites 101

Will do. Thanks for the permission chief.

[moeloubani]

Quote:

Originally Posted by Barefootsies

Bla bla out of 36,217 posts here are the only 4 I (but someone else could have) ever wrote that were relevant

Ok byeeee

[chaze]

Wow sorry man, it happens to everyone. Even Google has been dossed and offline for hours. Just be patience it costs them a lot of money or reputations to do it so they will run out of funds or people soon.

[Barefootsies]

Quote:

Originally Posted by moeloubani

Ok byeeee

[moeloubani]

Maybe someone can recommend a DDOS protection service that isn't too expensive? Lets say 200-300 a month type thing.

[RycEric]

Quote:

Originally Posted by moeloubani

Maybe someone can recommend a DDOS protection service that isn't too expensive? Lets say 200-300 a month type thing.

We've had Ddos attacks as high as 13GB... enough to take down multiple DCs. There's no service out there that can totally mitigate DDos, SynRecv, etc. Just null route the IP.

[moeloubani]

Quote:

Originally Posted by RycEric

We've had Ddos attacks as high as 13GB... enough to take down multiple DCs. There's no service out there that can totally mitigate DDos, SynRecv, etc. Just null route the IP.

That's what I've been doing for the past little bit but I just want to say fuck it and see what I can do to keep the site up. I don't think it's that big of an attack 40-50mbps type thing and I really doubt it's anyone that really wants to put any resources towards it.

[Barefootsies]

Quote:

Originally Posted by RycEric

We've had Ddos attacks as high as 13GB...

[RycEric]

Quote:

Originally Posted by Barefootsies

[moeloubani]

What if i hosted it at dreamhost.com or something, they have ddos protection I'm sure and would they really be able to tell that it's an attack on me and not just another site on the server? Can't that be a sneaky way out at least for a couple of weeks until the attack stops and I can move it back to something reasonable?

[RycEric]

Quote:

Originally Posted by moeloubani

What if i hosted it at dreamhost.com or something, they have ddos protection I'm sure and would they really be able to tell that it's an attack on me and not just another site on the server? Can't that be a sneaky way out at least for a couple of weeks until the attack stops and I can move it back to something reasonable?

I'm sure a lot of hosting guys in here may tell you the same.. once your attack starts to affect the rest of the cluster.. you will be termed.

[d-null]

Quote:

Originally Posted by moeloubani

What if i hosted it at dreamhost.com or something, they have ddos protection I'm sure and would they really be able to tell that it's an attack on me and not just another site on the server? Can't that be a sneaky way out at least for a couple of weeks until the attack stops and I can move it back to something reasonable?

[moeloubani]

Quote:

Originally Posted by RycEric

I'm sure a lot of hosting guys in here may tell you the same.. once your attack starts to affect the rest of the cluster.. you will be termed.

But is there really any way for them to tell what site is being attacked? Or just an IP?

[Pushcube]

Is your forum on shared hosting or a dedicated box?

[moeloubani]

Quote:

Originally Posted by Pushcube

Is your forum on shared hosting or a dedicated box?

dedicated box right now but there are other sites on server (mine)

[sandman!]

yes they can tell unless they are idots in that case the whole server will just go down.

if its only a 40-50mbps attack you might be able to stop it on the server with a firewall if your not using a good managed host i would start with hiring someone that knows what they are doing to try that.

Quote:

Originally Posted by moeloubani

But is there really any way for them to tell what site is being attacked? Or just an IP?

[Pushcube]

I asked that as it seems weird to me that someone would sustain (while small) a 50mbps DDoS on a forum/site of no value. If it was VPS/shared/etc hosting I would of put it down to just being caught in the crossfire as such, but it seems very weird to me that it returns time and again after being null routed (btw a firewall wont even cause the DDoS to slow down). Best I would suggest would be simply to rehost with another host, ask them how they deal with DDoS attacks, if they just say "null route" move on to the next one.

It doesn't matter which host you choose tho (exception being something like Prolexic, they charge a LOT but can handle multi-gigabit DDoS without breaking sweat, allegedly.), a DDoS attack can't be prevented, it can only ever be mitigated once it has begun so in Foots' defense his ads are 100% truthful, so you should base your choice of new host on their answers to your DDoS questions.

[moeloubani]

I just don't get how some kid with a server that isn't really pumping much bandwidth at all is taking down a website like that. Is it really that easy that it just takes 1 person and most of the websites out there would go down?

[signupdamnit]

Quote:

Originally Posted by moeloubani

I just don't get how some kid with a server that isn't really pumping much bandwidth at all is taking down a website like that. Is it really that easy that it just takes 1 person and most of the websites out there would go down?

You have to realize that many people have connections which are capable of 50 Mbps alone. Get 1000 of these in a bot net and it can be tough for anything to stay up. There are things you could do but they have to be done at the host or in some cases the backbone. Most aren't going to want to bother. For small unsophisticated attacks which are only meant to overload one server you sometimes can change things around at the server (IPtables and kernel buffer) but often the attacks are way more than this method can handle.

[Zyber]

Quote:

Originally Posted by moeloubani

I just don't get how some kid with a server that isn't really pumping much bandwidth at all is taking down a website like that. Is it really that easy that it just takes 1 person and most of the websites out there would go down?

How do you know it is just some kid?

It sounds like your enemy has made a script which always monitors which IP your domain is hosted at, and then he either automatically or manually enters that IP into some botnet command tool which he has access to.

You should probably identify which hostname he is monitoring, and then move that problematic hostname away from your main server. Isolate the troubled hostname, move it far away from your important stuff. Now you have "mitigated" the DDOS to somewhere else.

Not a perfect solution, but better than nothing?

[Pushcube]

DDoS'ing capabilities are only limited by the size of the botnet. A single person with just their home connection and a copy of some skiddie tool like LoIC would be like firing a peashooter at a batteship these days. But get a group of 20+ using it and your site will be effected (not Google etc obviously, 99% of VPS/shared sites). Next level, someone creates their own botnet (easy to do), or someone who pays to use one of the big botnets would be like Godzilla (them) Vs Japan (your server). You'd be walking funny for weeks after.

DDoS is so effective simply due to its packet structure, not necessarily it's mbps/gbps size (tho obviously the more the merrier). So, for example, the BredoLab/Oficla botnet had, at it's peak last year, close to 30,000,000 bots at it's disposal. While it was mostly used for email spam if it had of been used for DDoS'ing it would have.. well.. it would have fucked any site up it targeted. Google included. Easily.

[RycEric]

Quote:

Originally Posted by Pushcube

I asked that as it seems weird to me that someone would sustain (while small) a 50mbps DDoS on a forum/site of no value. If it was VPS/shared/etc hosting I would of put it down to just being caught in the crossfire as such, but it seems very weird to me that it returns time and again after being null routed (btw a firewall wont even cause the DDoS to slow down). Best I would suggest would be simply to rehost with another host, ask them how they deal with DDoS attacks, if they just say "null route" move on to the next one.

It doesn't matter which host you choose tho (exception being something like Prolexic, they charge a LOT but can handle multi-gigabit DDoS without breaking sweat, allegedly.), a DDoS attack can't be prevented, it can only ever be mitigated once it has begun so in Foots' defense his ads are 100% truthful, so you should base your choice of new host on their answers to your DDoS questions.

Prolexic charges for "overages" now.... Those overages costs thousands by the hour as well.

[potter]

So what is the site really? BS it's just a nothing forum.

[moeloubani]

Quote:

Originally Posted by potter

So what is the site really? BS it's just a nothing forum.

lol it really is honestly

[webair]

40+ GIG protect

WEBAIR.COM

[moeloubani]

I have a server at webair too, if I got a second one there you guys could help me through this you think?

[directfiesta]

Quote:

Originally Posted by moeloubani

I have a server at webair too, if I got a second one there you guys could help me through this you think?

If they actually are saying that they can block the attack, move that site to the server you actrually have .. you will have your answer.

But most who answered here are right : it cost way too much for a nothing site ...

[nenad007]

don't worry 40-50 mbps is nothing as long they dont open massive number of connections per second.

as I already write here: gofuckyourself / showthread.php?t=1006103

how much connections/sec they open? what kind of attack?
proably you can handle this scriptkiddy ddos attack with server hardening only... give them a try, google for: inetbase ddos script

If your forum is for small set of countries only, move to a DNS Service with Geo split service.
Install GeoIP on your server and do the same there, you can put this rules inside .htaccess.

Such small attack is not hard to fight server based as long the connections/sec are not too high.

A real hard fighting begins above 20 gbps and above 1 mio new connections per second :-)


---
regarding Geo DNS / local GeoIP Routing -> sent all requests that you don't need back to 127.0.0.1

[facialfreak]

Quote:

Originally Posted by moeloubani

But is there really any way for them to tell what site is being attacked? Or just an IP?

httpd-status will tell them right down to which specific file is being requested ... LOL!

[pumpercloggs]

hit me up 349588486 I might be able to help you where you are. If not I have a solution for you which doesnt cost 2500 a month.

[facialfreak]

Here's the thing .... a managed host may be able to lighten the blow somewhat using DDoS Deflate, tightening up some firewall rules, temporarily reconfiguring your php.ini, etc., etc ... but if the attacker is stubborn enough, what's going to happen is that your site will stay "up", but it will be severely bottlenecked, as your load balances go up into the double (or even triple) digits ... which will mean half of your legit traffic is going to back out of your page before it even loads anyways!!!

Between the added expense of DDoS mitigation, and the loss of legit traffic, I would say this endeavor is a bad one before it even begins ...

For a site that is not making you any money, I have to wonder why you want to keep it up so badly?

[RycEric]

Quote:

Originally Posted by webair

40+ GIG protect

WEBAIR.COM

You are kidding right?