| Author |
Message |
justme
Master Baiter
Joined: 22 May 2009
Posts: 112
|
 Posted:
Thu May 28, 2009 9:27 pm |
  |
My site (also the honeypot) was hosted with WebsiteSource, since they could guarantee that DDoS attacks would be handled, and there wouldn't be any problems. Today we had a single HTTP flood (that's the near-lowest level of attack you can do on a site), the used bandwidth went up to 62.5 gigabyte, and WebsiteSource tells us to buy a dedicated server, because we are giving other customers trouble.
DDoS attack-proof? Not really 
So I'm asking them for a refund now... This is serious nonsense. |
_________________
Little mosquito you are annoy me
The music you singing
I don’t want to hear
You can go to many places
- John Johnson, poetic lad |
|
|
|
|
kallepromp
Not quite a Newb
Joined: 24 May 2009
Posts: 60
|
| Posted:
Thu May 28, 2009 9:33 pm |
|
Try to get a log over connections from host.. |
|
|
|
|
|
justme
Master Baiter
Joined: 22 May 2009
Posts: 112
|
| Posted:
Thu May 28, 2009 9:36 pm |
|
| kallepromp wrote: |
| Try to get a log over connections from host.. |
No use really. I know it's a botnet, and I kinda suspect whose botnet it is. |
_________________
Little mosquito you are annoy me
The music you singing
I don’t want to hear
You can go to many places
- John Johnson, poetic lad |
|
|
|
|
kallepromp
Not quite a Newb
Joined: 24 May 2009
Posts: 60
|
| Posted:
Thu May 28, 2009 10:02 pm |
|
Well, then throw in the towels and move to another host..  |
|
|
|
|
|
Pastor Frank
Baiting Guru
Joined: 31 Jan 2007
Posts: 12237
|
| Posted:
Thu May 28, 2009 10:47 pm |
|
| justme wrote: |
| So I'm asking them for a refund now... |
I would also ask for a quality Spanish hooker, and a case of Guinness. |
_________________
"Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R |
|
|
|
|
lotta
Baiting Guru
Joined: 08 Jun 2005
Posts: 13613
Location: 2 Speckled Cct Springfield Lakes QLD 4300
|
| Posted:
Fri May 29, 2009 5:44 am |
|
I'm so sorry justme  |
_________________
<a href="/forum/donate.php">[Click here to donate to 419Eater.com]</a> Lead Support Contact for Missing Posts - (pm me)
 bank kills      
 
   
Alan James Watson (AKA Bi Gal, AKA Big Al, AKA De Master Yoda) -2007, 2008, 2009, 2010 "Doos of the year" award winner
Frederick Fokker:
"I am giving you about a month to get your act together, i am cutting you and the eater a bit of slack"
Dec 11, 2007
     |
|
|
|
|
justme
Master Baiter
Joined: 22 May 2009
Posts: 112
|
| Posted:
Fri May 29, 2009 6:01 am |
|
| kallepromp wrote: |
| Well, then throw in the towels and move to another host.. |
I have already asked for a refund, and they will refund it fully. The point is, it's very hard to find a DDoS-proof (and HTTP-flood-proof) host that's actually affordable. I know HR-Developments does a very good job on mitigating attacks, but they are $20/month
They recommended me SquareSpace though, which is clouded hosting. |
_________________
Little mosquito you are annoy me
The music you singing
I don’t want to hear
You can go to many places
- John Johnson, poetic lad |
|
|
|
|
wokabo
Master of Master Baiters
Joined: 23 Sep 2004
Posts: 825
Location: best beer country in onomatopoeia world
|
| Posted:
Fri May 29, 2009 8:48 am |
|
If you know the IP address(es) where the attack is coming from, and you have full FTP access to the place where you dump your web files, add or edit a files called .htaccess and add those IP's to the DENY FROM statement
(example: Deny From 12.226.242.136 24.82.164.148 24.233.221.185 etc...
That should make the server drop all communication with those IP's, no longer eating up your bandwidth (been there, done that).
The IP's I'm quoting here in my example are real spam addresses so I'm leaving them there for the world to see... |
_________________
Fight My Brute |
|
|
|
|
Dutch
Baiting Guru
Joined: 22 Nov 2007
Posts: 4204
Location: Dislocated
|
| Posted:
Fri May 29, 2009 9:54 am |
|
^^ If it is a botnet causing the flood it would mean adding maybe tens of thousands of IP addresses, not really workable I guess. |
_________________
                      deadified fake websites) x 374
x11  x a couple     
Yes we can! (with a bit of help) |
|
|
|
|
justme
Master Baiter
Joined: 22 May 2009
Posts: 112
|
| Posted:
Fri May 29, 2009 10:02 am |
|
| wokabo wrote: |
If you know the IP address(es) where the attack is coming from, and you have full FTP access to the place where you dump your web files, add or edit a files called .htaccess and add those IP's to the DENY FROM statement
(example: Deny From 12.226.242.136 24.82.164.148 24.233.221.185 etc...
That should make the server drop all communication with those IP's, no longer eating up your bandwidth (been there, done that).
The IP's I'm quoting here in my example are real spam addresses so I'm leaving them there for the world to see... |
They would still connect and cause server load... that won't help a lot. They would have to be blocked at hardware level.
Also, I''m currently looking into cloud hosting (recommended by WebsiteSource customer support) and HR-Dev... but HR-Dev is too expensive and I doubt cloud hosting can take/mitigate a HTTP flood. |
_________________
Little mosquito you are annoy me
The music you singing
I don’t want to hear
You can go to many places
- John Johnson, poetic lad |
|
|
|
|
Badgerbait
Baiting Guru
Joined: 07 Jan 2009
Posts: 4507
Location: Winter spites...
|
| Posted:
Fri May 29, 2009 8:41 pm |
|
@ Pastor Frank - Why a Spannish hooker? I can understand the Guiness (though I prefer Shiner Bock). |
_________________
I have arrived in Moscow. Has gone to bank and to me have told that there is no such transfer for me!!!!
What does it mean? You played with me? If it so that you very much the cruel man and I am assured of that that the god will see your cruelty.
Explain to me!!!!!!!!!!!!!!!! - Alena Byk0va
-----------
x13 x3  x4 
We are Karma's soldiers.
<a href="/forum/donate.php">Mugu Gold</a>
I must be cruel, only to be kind:
Thus bad begins and worse remains behind. -Hamlet, scene iv
|
|
|
|
|
manbiteslion
Baiting Guru
Joined: 12 Dec 2007
Posts: 4816
Location: Connecting my chair and keyboard
|
| Posted:
Fri May 29, 2009 9:21 pm |
|
Cloud hosting could help you - try the Amazon Web Services offering - it'll take you a bit of work to get set up, but $0.11 per gigabyte means even 65 gigs will be $7-odd - but they may give up earlier once they realise your site is un DDOS-able thanks to the monsterous level of redundancy. You could even cloudfront it ($0.17/GB) which will mean every connection will get directed to a local, speed optimised server, so your site will never go down, so the DDoS becomes a hollow and useless threat.
The AWS stuff is all pay as you go, it's an easy and very cheap win. I even resell AWS Cloudfront privately for video streaming as it's so blinking fast and priced very attractively. |
_________________
Premium Wimp Convincer - Click Me! |
|
|
|
|
justme
Master Baiter
Joined: 22 May 2009
Posts: 112
|
| Posted:
Fri May 29, 2009 9:39 pm |
|
But if you pay per gigabyte that would mean that people could easily drive up your cost by just hitting it 24/7?
Also, I don't think the co-admin and funding guy is really ready to have a variable fee. He is jobless after all. |
_________________
Little mosquito you are annoy me
The music you singing
I don’t want to hear
You can go to many places
- John Johnson, poetic lad |
|
|
|
|
|
|
SmartFeed
