Jump to content


Photo

[Ended] Fresco server - DDoS attack


  • Please log in to reply
27 replies to this topic

#21 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 28 September 2010 - 03:43 AM

http://en.wikipedia....-service_attack

I understand the frustration - I've been personally working on mitigating this attack for over 24 solid hours.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#22 Bluesplayer

Bluesplayer

    Member

  • Clients
  • PipPip
  • 62 posts

Posted 28 September 2010 - 03:54 AM

Ok I understand what a ddos attack is. Just got up only to find my site has practically zero traffic which is very annoying after it has recovered from my own imposed site disruptions (caused by me I would add).

I am just wondering why a site under attack can't be switched off so that the rest of the server isn't affected? Why can't such a site then be moved to a different server or something so that any changes being made only affect that one particular site?
  • 0

#23 Mike

Mike

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 28 September 2010 - 05:16 AM

I am just wondering why a site under attack can't be switched off so that the rest of the server isn't affected? Why can't such a site then be moved to a different server or something so that any changes being made only affect that one particular site?

One very simple reason is when a site comes under this kind of attack, it can be extremely difficult to determine what traffic is legitimate from what is malicious. Would you want legitimate requests to your site to be 'switched off', if the attack could be mitigated by other means?

One method to assure you have no future problems is to move your account to a dedicated server, then you have completely isolated yourself from any other sites.

Mike, I co-admin a site owned by one of your customers and I stopped by to offer my thanks for handling the attack as efficiently you did. The site was a bit lazy for a few hours, but once propagation had taken place, we bounced right back. I understand the situation you were in and I do not envy you at all. Your actions exemplified your level of dedication to your customers and did not go unnoticed.

For anyone looking for a new host, MDDHosting takes great care of their customers and I suggest you give them a closer look. It's simple to be a great host when things are running smoothly. Mike proved himself and his customer service in a difficult, trying situation and that says a lot.
  • 0

#24 Bluesplayer

Bluesplayer

    Member

  • Clients
  • PipPip
  • 62 posts

Posted 28 September 2010 - 05:43 AM

As annoying as my replies can be I still would like my opinion heard.

For one thing if my site was the cause of lots of other sites being slowed considerably, or going offline, I would expect it to be switched off immediately while a solution was ongoing. I expect that the owner of the affected site would also.

God knows what the impact on search engines is with regard to a different ip but I am now seeing the lowest traffic on my site ever:

http://whos.amung.us...s/4xpxrrw7o8zu/

In my opinion the affected site should have been isolated straight away and some other way of combatting the ddos attack found.

I think maybe you haven't considered the search engine implications of the changes you have made. Who knows how long my site - and others - will take to recover.
  • 0

#25 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 28 September 2010 - 08:45 AM

As annoying as my replies can be I still would like my opinion heard.

First and foremost your replies are not annoying and we are always happy to hear your opinion even if we don't necessarily agree with it :)

For one thing if my site was the cause of lots of other sites being slowed considerably, or going offline, I would expect it to be switched off immediately while a solution was ongoing. I expect that the owner of the affected site would also.

It all depends on the type of attack - some are easy to block and reroute and some are not. This particular account was being attacked by IP and not by it's domain name so the only way to disable the account and the attack was to null-route the IP which necessitated moving all accounts off of that IP but the one under attack which we did yesterday.

God knows what the impact on search engines is with regard to a different ip but I am now seeing the lowest traffic on my site ever:
http://whos.amung.us...s/4xpxrrw7o8zu/

I understand but keep in mind that with most providers your site would have simply been offline until the attack subsided as you were on the same IP - the attack is still ongoing even now.

In my opinion the affected site should have been isolated straight away and some other way of combatting the ddos attack found.

What makes you think it wasn't? It takes time to move accounts around to make what we did possible.

I think maybe you haven't considered the search engine implications of the changes you have made. Who knows how long my site - and others - will take to recover.

I think maybe you don't really know what we have and haven't considered - keep in mind that our number one goal is keeping your sites online as much as possible. We always do our best however DDoS attacks are tough to deal with.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#26 Bluesplayer

Bluesplayer

    Member

  • Clients
  • PipPip
  • 62 posts

Posted 28 September 2010 - 09:36 AM

Well at least I am now well informed and my mind put to rest. Just a pity you can't allocate a different ip to all sites which would make these attacks easier for you to block.
  • 0

#27 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 28 September 2010 - 10:26 AM

It's not responsible to do so due to the limited number of IPv4 addresses left. We could end up having IP ranges pulled by ARIN for doing that believe it or not.

Customers are welcome to order dedicated IPs and all they need to say is it's for SSL but we can't knowingly allocate IPs to each account without justification such as SSL.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#28 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 30 September 2010 - 08:11 PM

The DDoS attack has ended, so I just thought I'd post and let everybody know. I'm updating the thread subject accordingly.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users