DDOS protection

I found a hosting company who's cheap and offers ddos protection look at: vpsflare.com..

i dont know if they r good, but i guess it's worth a try.

Quote:

---

Originally Posted by Not MentaL

1. General is right, you are able to see IP's by typing in the netstat command. Anyhow that's not always going to work to find the person his real IP because he could also be covering himself by attacking via spoofed IP's. So that basically means that you're stuck untill you get the problem fixed or unless he stops the attack.

2. IIS Isn't going to work either, I've seen many people think that their stronger when they have IIS installed, because IIS does stop most of the attacks but not the big attacks, I've seen people throw strong attacks at hotels that run IIS and even that they where able to take down. So you can try it but when there's someone around that has a bigger attack then you're stuck again.

3. Listen to vLuke, I'm pretty sure that that's the solving to your problem, get a new server or request a different IP and start using other services other than only Cloudflare, because Cloudflare does his job well but not when you have your IP in your client, then they won't simply just help you because then their powerless against strong DDoS attacks.

---

I've had many of IP'S off my server host and they still find the new one, maybe I should try with a new host you're right. And I know CF are shit against attacks like im receiving but at the moment it's the only thing I can use to hide my IP address, as I'm short on money.

Quote:

---

Originally Posted by MrSpooks

As stated after a little bit of research on XML-RPC

XML-RPC is a simple, portable way to make remote procedure calls over HTTP. It can be used with Perl, Java, Python, C, C++, PHP and many other programming languages. Implementations are available for Unix, Windows and the Macintosh.


I will not add the Example of the code, but

When run, this program will connect to the remote server, get the state name, and print it.

So he's obv modified his code to grab a connecting i.p in some way.

---

And is there any way to stop this from happening?

Quote:

---

Originally Posted by vLukeH

Well all I can suggest to you since the guy has your real IP is to get an IP change from your host if possible if not move to another one so you have a whole new IP as there's not a lot you can do if he has your server IP address. If you have CloudFlare Business the $200 one, then you should be alright against Layer 7 attacks although I'd probably advise http://hyperfilter.com/ myself.

And as the others have stated, having both HTTP and TCP proxies will benefit your hotel a lot.

---

I have both HTTP and TCP Proxies and it's not a Layer 7 attack I'm receiving it's a genuine ddos attack.

Quote:

---

Originally Posted by GrateZ4

Patch XML RPC from wordpress useragent on ur IIS Manager.

---

And how do I do this? nub question.

1. So basically you can have the best Cloudflare subscription but it won't work anyway, because even that won't stop the attackers from taking your website down. They are way stronger than that and that's why you really need to advance your server security: Buy TCP Reverse proxies, maybe have a look at Incapsula and Hyperfilter. They have pretty advanced security for your hotel or for your website.

Don't go try and install IIS thinking that you're hotel is going to be stronger because you're wrong. It's not changing the fact that people will find your server IP and abuse it again but than with stronger attack methods, I've made that mistake and I advice you on not making that same mistake that I made.

I'm not in to retro's or Habbo by the way, they suck. So I don't put any support for installing etc.

Quote:

---

Originally Posted by EliteCrewZ

I found a hosting company who's cheap and offers ddos protection look at: vpsflare.com..

i dont know if they r good, but i guess it's worth a try.

---

They are absolutely horrible, just OVH resellers and a big joke.

I have been with pretty much every hosting provider offering DDoS Protection and so far DDoS-Guard.net is the best service for protection, they have true 150 Gbps protection and they are online 24/7. They are very expensive so go through x4b.net, they resell their service at a a lower price. https://www.x4b.net/protection/ddos-prices#eu keep in mind that x4b has shitty support, they are very rude but the protection is good.

HyperFilter also seems like a decent provider but I'm not convinced that they offer true protection. Also heard their servers are slow and seen customers using their website protection moving to DDoS-Guard because it was too slow. They don't offer trials and no customizing of servers.

Stay away from OVH and Voxility. If you have $200/month to spend on protection go with DDoS-Guard, they have the best support(live chat 24/7) and very nice people.

If you have a lower budget you should try x4b and choose Netherlands, you can host both http and tcp proxy on the same package and you get a very unique and advanced control panel.

Quote:

---

Originally Posted by Exonize

They are absolutely horrible, just OVH resellers and a big joke.

I have been with pretty much every hosting provider offering DDoS Protection and so far DDoS-Guard.net is the best service for protection, they have true 150 Gbps protection and they are online 24/7. They are very expensive so go through x4b.net, they resell their service at a a lower price. https://www.x4b.net/protection/ddos-prices#eu keep in mind that x4b has shitty support, they are very rude but the protection is good.

HyperFilter also seems like a decent provider but I'm not convinced that they offer true protection. Also heard their servers are slow and seen customers using their website protection moving to DDoS-Guard because it was too slow. They don't offer trials and no customizing of servers.

Stay away from OVH and Voxility. If you have $200/month to spend on protection go with DDoS-Guard, they have the best support(live chat 24/7) and very nice people.

If you have a lower budget you should try x4b and choose Netherlands, you can host both http and tcp proxy on the same package and you get a very unique and advanced control panel.

---

I heard many people from ddos-guard.net are going to HyperFilter exactly because they can't provide a proper Layer 7 protection. And probably what you heard, might be not from the newest HyperFilter Services regarding that matter (Anyways, these things are very relative, because it depends on how the user configure its things, as it is very common the user do a mistake which results in poor performance of the service, anyways the support exists for that, the customer must use the support in order to get the maximum expected of its service), also HyperFilter can provide much more than 150 Gbps of protection (actually they don't even impose any limit in their network).

The best thing is that HyperFilter offers a 7 day money-back policy and if your service doesn't work as expected and they can't solve the problem, you get your money back. So no issues with that either.

Regarding server customization, well, that is not so bad at all, because they use latest generation HP Servers, which are really fast as is, it reduces the flexibility of course, but it is not an overkill factor at all, they also provide Hardware RAID 1 w/ Caching by default, which is a big pro, since this type of RAID is secure and also not slow, due to the caching present in the Raid Controller :)

Quote:

---

Originally Posted by MaxZeus

I heard many people from ddos-guard.net are going to HyperFilter exactly because they can't provide a properly Layer 7 protection. And probably what you heard, might be not from the newest HyperFilter Services regarding that matter (Anyways, these things are very relative, because it depends on how the user configure its things, as it is very common the user do a mistake which results in poor performance of the service, anyways the support exists for that, the customer must use the support in order to get the maximum expected of its service), also HyperFilter can provide much more than 150 Gbps of protection (actually they don't even impose any limit in their network).

The best thing is that HyperFilter offers a 7 day money-back policy and if your service doesn't work as expected and they can't solve the problem, you get your money back. So no issues with that either.

Regarding server customization, well, that is not so bad at all, because they use latest generation HP Servers, which are really fast as is, it reduces the flexibility of course, but it is not an overkill factor at all, they also provide Hardware RAID 1 w/ Caching by default, which is a big pro, since this type of RAID is secure and also not slow, due to the caching present in the Raid Controller :)

---

Can you please explain how your protection works? is it routed through another provider e.g Voxility or do you host everything yourself? and it was just 2-3 weeks since one of your clients was attacked by a small layer 7 attack and it really affected the website, it became very slow/unstable. Do you have to mitigate attacks like these yourself?

Quote:

---

Originally Posted by Exonize

Can you please explain how your protection works? is it routed through another provider e.g Voxility or do you host everything yourself? and it was just 2-3 weeks since one of your clients was attacked by a small layer 7 attack and it really affected the website, it became very slow/unstable. Do you have to mitigate attacks like these yourself?

---

"Not mine" :D

But well, they have their whole infrastructure, it is not related with voxility or anything at all, you can even perform a whois in their IP addresses and you'll see they have their own RIPE allocation (the addresses aren't rented from any secondary place). And yes, they have their own systems to perform any sort of adjustment that is necessary. I am their user, so I have extrapolated many of the possible usages as my other friends too that are using their services.

If you have issues, you need to use the support and work with them to make an adjustment if necessary, saying that things went slow isn't much of a proper answer, indeed you could had an issue, but issues are to be solved, mainly when you have a team that wants to work with you on that.

Hello, guys.

I just wanted to point out, we have our own multi-homed network, we are taking transit directly from :

• AS3257 (TiNET / GTT) / AS2914 (NTT) / AS6461 (Zayo) / AS6762 (Seabone) / AS9031 (EDPnet) / AS174 (Cogent) / AS33926 (Kaia Global)

Also we are connected with the largest Internet Exchangers of Europe :

• AMS-IX / NL-IX / DE-CIX / LINX

We are offering our services to all sorts of customers, such as Datacenters, Internet Service Providers, Hosting Services Providers, or End Users.

Our main purpose is to keep every customer satisfied with our service, and of course, issues can happen, but what matters here is whether the service provider will work to have them resolved or not, and in fact, we care to every customer we have. So if there are issues, please don't hesitate contacting us and we'll be looking and working to have everything working as expected. We don't have issues often reported with our services, so we believe that everything is working as expected. Anyways, in case there are problems, I'll just reinforce, that we are here to work and provide you with solutions.

Regarding @Exonize question, yes we have all the necessary infrastructure to deal with the DoS/DDoS Threats, such as our own routers, switches, mitigation, caching and load balancer devices, in contrary to the resellers which takes a small server and try to setup a small software solution, we are providing dedicated resources of expensive devices to our customers. Also we have our own Threat Notification System, that will alert the customer in case there is an on-going attack as we are also able to provide reports regarding the attacks (Ask that to the resellers, and 99% of them won't be able to show you anything).

Quote:

---

Originally Posted by HyperFilter

Hello, guys.

I just wanted to point out, we have our own multi-homed network, we are taking transit directly from :

• AS3257 (TiNET / GTT) / AS2914 (NTT) / AS6461 (Zayo) / AS6762 (Seabone) / AS9031 (EDPnet) / AS174 (Cogent) / AS33926 (Kaia Global)

Also we are connected with the largest Internet Exchangers of Europe :

• AMS-IX / NL-IX / DE-CIX / LINX

We are offering our services to all sorts of customers, such as Datacenters, Internet Service Providers, Hosting Services Providers, or End Users.

Our main purpose is to keep every customer satisfied with our service, and of course, issues can happen, but what matters here is whether the service provider will work to have them resolved or not, and in fact, we care to every customer we have. So if there are issues, please don't hesitate contacting us and we'll be looking and working to have everything working as expected. We don't have issues often reported with our services, so we believe that everything is working as expected. Anyways, in case there are problems, I'll just reinforce, that we are here to work and provide you with solutions.

Regarding @Exonize question, yes we have all the necessary infrastructure to deal with the DoS/DDoS Threats, such as our own routers, switches, mitigation, caching and load balancer devices, in contrary to the resellers which takes a small server and try to setup a small software solution, we are providing dedicated resources of expensive devices to our customers. Also we have our own Threat Notification System, that will alert the customer in case there is an on-going attack as we are also able to provide reports regarding the attacks (Ask that to the resellers, and 99% of them won't be able to show you anything).

---

But you are not cheap for small hotels? :/

Quote:

---

Originally Posted by UartigZone

But you are not cheap for small hotels? :/

---

In fact considering how expensive, the solutions we have are (I'm speaking about our infrastructure, it costs really a lot, we are speaking around 25MUSD+), we can't offer services, as cheap as the resellers, taking small servers in the companies and setting up a software proxy are doing. We really wanted to do that if it was possible, but the costs simple doesn't allow us to do so, however, you can be sure, that the service we offer, justify every cent paid to us.

The services we offer, are all hardware based, using branded gear, such as Cisco / Juniper & HP also we have our own engineering team to work in the development of our mitigation solutions which are all ASIC Programmable Devices (If you research the costs of that you will be impressed).

And we also offer you a quality support, that will care about your issue and work with you to find solutions when an issue appears.

It would be fair, if you compared our service, with business players in the same service level as us, but really, we can't compete with resellers in terms of pricing.

Tbh i also have this prob. i have http,tcp &cloudflare and still i'm getting attacks on my domain that takes down my server, makes it busy, even thought lewis from hostsavor updated his api for http proxy to block head attacks.

Quote:

---

Originally Posted by GrateZ4

Tbh i also have this prob. i have http,tcp &cloudflare and still i'm getting attacks on my domain that takes down my server, makes it busy, even thought lewis from hostsavor updated his api for http proxy to block head attacks.

---

Hostsavor only guarantee 10 Gbps protection which is nothing, they are also using OVH protection which is horrible.

Quote:

---

Originally Posted by Exonize

Hostsavor only guarantee 10 Gbps protection which is nothing, they are also using OVH protection which is horrible.

---

Any tips this attack is more then 10gbps rly..

Quote:

---

Originally Posted by GrateZ4

Any tips this attack is more then 10gbps rly..

---

Get a better HTTP Proxy, I'd suggest XZNetworks they withstand up-to 160Gbps.

Quote:

---

Originally Posted by Bozzie

Get a better HTTP Proxy, I'd suggest XZNetworks they withstand up-to 160Gbps.

---

You must learn that a $10~20 proxy, never will guarantee you such attack protection level. Except for marketing purposes :)

Also, why is xznetworks using CloudFlare to protect their website ? Isn't their protection so great ? Where is it now ? lol...