Hi all.
Lately the website of our hotel became the victim of several DDoS attacks. It's been attacked for like 4 times a day.
http://i.imgur.com/YSq0HhU.png
We run the website on a webserver on a linux server. The emulator and database are running on a windows server. Both hosted at OVH.
OVH says they have an anti-DDoS system. This 'system' clearly doesn't work for us. I asked for explanation and the answer I got:
That doesn't help us any further.Can you give us more details what method/kind of tools were used, that brought down your vps so I can discuss this with our network team. Of course our system is not 100% and the fight against abuse of our network is always a "cat and mouse"-game.
We also bought a proxy service at XZnetworks with the thought: when skids don't have the server's IP address, they can't attack it. And the proxy filters out the attacks.
The current traffic goes like this: cloudflare > proxy server > webserver. You should think the proxy server would filter the traffic....
Nothing could be further from the truth. These skids say they don't need the server's IP, but just fill in the domain.
Asked XZnetworks for explanation. Answer:
Are you receiving any error message or anything? Our proxy will filter out any attacks aimed at the proxy, but if it's reaching your server directly there is nothing we can do.
I'm not seeing any issues with your domain at this time.
I'm not too sure what else I can suggest. The proxy works on a best effort basis. I would suggest chatting to your hosting provider when it goes down and see what they can detect.Changing the IP address wouldn't be a solution for this problem, because the kids who DDoS us don't need the IP.Perhaps they are lying to you? Can you try change your server IP?
SOOOO....
What would you recommend us to do?
1 option may be: changing to a windows server where we can monitor the traffic data, block ip's, etc....
Or Cloudflare? Which plan is the cheapest way to block DDoS attacks?



Reply With Quote


