Question

DDoS protection and Web hosting

Asked by: subfictional

Last week my company’s website was the target of a DDoS attack. At the time, we were on an inexpensive ($20/month) shared hosting plan. Our provider turned off our domain off in order to keep the other 150 customers on our same server up and running while the attack was underway. When the traffic subsided, the provider turned our domain back on. 24 hours later the attack was underway again and the provider again shut off our domain. In order to get back up and running, we moved to a dedicated server with the same ISP. The dedicated server was able to take the increased load and we have not gone down since.

My question is where to go from here. The DDoS attack has not resumed, but I believe it could in the future and would like to plan for it because our business depends completely on our website and surround services (email, ftp, etc.). The current hosting provider is pleasant and responsive, and I think they did all they could to help us out during the attack. But, they are a small outfit with (I think) co-located servers and fewer resources than a larger datacenter like Rackspace (for example). They have no specific hardware DDoS protection.

The options as I see them:

1.      Stay with current host on dedicated server. Dedicated server should take excess load during most DDoS attacks.
2.      Move to a dedicated server at a larger hosting provider (ie., Rackspace, the Planet, etc.) with hardware DDoS protection.
3.      Move to a shared hosting plan at a larger hosting provider (ie., Rackspace, the Planet, etc.) with hardware DDoS protection.

Right now, a dedicated server is overkill for our requirements, but I think that ANY shared hosting plan is going to be inadequate against DDoS.

Thoughts and comments, please…

-Christie

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2005-02-04 at 10:14:24ID21302280
Tags

ddos

,

protection

Topics

ISPs & Web Hosting

,

Web Hosting

Participating Experts
4
Points
250
Comments
18

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. DoS attack ?
    Hi, i found there are 500 process for my server when i >top Normally , its only 200+ .. i suspect someone is attacking me.. the IP is from a proxy server, and its attacking my ads system ... help me out Thanx bsh
  2. UDP Flooding attack using wireless zombies
    I'm doing some research on UDP Flooding attack and I'm having a problem: We all know that UDP Flooding attack is that we use zombie computers to send as many UDP packets to the victim as posible, so that the victim has to reply with many ICMP packets, and have their network ...
  3. DOS attack
    What techniques are used to secure against DOS attacks, i.e. someone killing the signal over WI-FI?
  4. bruteforce attack protection of FreeBSD
    Hi X-perts, I need some advices how to protect my dedicated server against regular bruteforce attacks. The details: 1) we run freeBSD with IPFW standard firewall and QMAIL as a mail server 2) yesterday we had a package storm attack on smtp and the server was down as t...
  5. DDOS Attack Question
    Yesterday our dedicated Windows 2003 server was the target of a DDOS attack. It runs one main web site and a few other minor sites. The attack has mostly subsided now. Our ISP put the server under "Cisco Guard" protection. We were in the process of building ano...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: humeniukPosted on 2005-02-04 at 12:20:47ID: 13229448

IMO, you shouldn't deal with DDoS simply by paying for excessive bandwidth to withstand the attack.  Likewise, you shouldn't pay for a dedicated server if you can get the storage, bandwidth & services you need from a shared account.

So, my first choice in this case would be option 3 - move to a shared hosting plan at a company with good DDoS protection (example - www.datapipe.com/sure_armour.aspx - off the top of my head, I'm not sure who else offers this).  (FYI - Rackspace only offers servers, not shared hosting).

 

by: humeniukPosted on 2005-02-04 at 12:58:11ID: 13229801

A couple more meandering thoughts on this:

Most hosting companies take steps to deal with DDoS, but unfortunately in some cases that just involves shutting down the target site (as in your case).  Clearly this is more to protect their other customers rather than the target client.  Some hosts will even fine you ore charge you for extra bandwidth if you are attacked.  A curious choice given that it is their weakness that is being exploited, not yours.  One host I have used is Hostony (www.hostony.com), which has anti-DDoS firewalls, etc., but I know they have been victimized at times - no method is 100% successful.  Also, it's hard to recommend a suitable host, because most of the info about who is good/bad at dealing with DDoS is anecdotal (as is my example).

Having said that, most of the hosting companies that make a big deal of their DDoS protection seem to be the big server-only types - ie. EV1, thePlanet, and Rackspace whose PrevenTier system is supposed to be one of the best - www.rackspace.com/aboutus/listings.php?hidelistings=1&detail=1154.  Of course, many of their clients are hosting resellers who sell shared hosting on their servers . . .

Any idea why you were attacked?  If it was IRC-related, many hosts may not want your business anyway.  Was this a random attack or do you think you were specifically targetted (ie. by a disgruntled client/employee/competitior)?  If you remain a target, these problems may follow you wherever you go.

 

by: subfictionalPosted on 2005-02-04 at 13:30:21ID: 13230094

Thanks for your responses.

I agree that in some cases shutting down the target site is the only way to deal with a DDoS. And, I think it's completely reasonable that if we're on a hosted environment that the target site is shut down if it's interfering with the operation/availability of many other customers. This is why I'm hesitant to go back to a shared hosting plan. No matter how good the hosting company's DDoS protection is, there is always a chance they will have to shut us down. If we stay on a dedicated server, we lessen that risk (because a server only hosting our domain can take a much higher load).

My understanding is that software anti-DDoS methods are only marginally effective. Hardware anti-DDoS, rather, is much more effective, but that the efficacy is lessened if the hardware is not in front of individual servers (becuase to be effective it has to tailor itself to a site's speciffc traffic). What are your thoughts on this?

No idea why we are attacked. We are a small business-to-business publisher of catalogs. We did not receive any specific threats, so we don't know if it was random or targeted. It was quite a suprise actually.

-Christie

 

by: humeniukPosted on 2005-02-04 at 18:47:28ID: 13231725

"And, I think it's completely reasonable that if we're on a hosted environment that the target site is shut down if it's interfering with the operation/availability of many other customers."

Agreed.  Once the situation gets to that point, the host has no option but to shut down the target site.  Otherwise, every site on that server will be effectively shut down anyway.  Also, I understand your preference for having a dedicated server.  There are a number of benefits that are well worth the additional cost if you are willing to pay it.

At the same time, there are always compromises.  In an ideal world, all of my sites would be located on their own dedicated server at Rackspace, but I can't afford it for my own sites and with regards to my clients, well . . . let's just say it would be a hard sell.  So, if money grew on trees, my advice to you would be to relocate to Rackspace where they have the best of many things including, it seems, DDoS protection.  But if you have only the one modest-sized site (as your question implies), I doubt that is a practical solution for you.  Take a look at what EV1 and thePlanet offer.  Don't forget ServerMatrix either, "a satellite of the planet" as they say, that offers 'entry level' servers.  Any choice you make, though, should factor in the results of a frank discussion with the host's customer service reps about DDoS protection, especially since you may remain a target.


"My understanding is that software anti-DDoS methods are only marginally effective. Hardware anti-DDoS, rather, is much more effective, but that the efficacy is lessened if the hardware is not in front of individual servers (becuase to be effective it has to tailor itself to a site's speciffc traffic). What are your thoughts on this?"

'Software' vs. 'Hardware' anti-DDoS is kind of a grey area, because as with firewalls, those terms are a bit fluid.  For example, what is a hardware firewall but a dedicated device running firewall software?  But you are absolutely correct that anti-DDoS software running on the server is much less effective as the deluge of traffic reaches the server before it is dealt with.  So, yes, absolutely, the protection must be placed in front of the server.


"No idea why we are attacked. We are a small business-to-business publisher of catalogs. We did not receive any specific threats, so we don't know if it was random or targeted. It was quite a suprise actually."

This is encouraging to some degree.  Let's hope it was a random event that won't be repeated.

 

by: coreybryantPosted on 2005-02-05 at 07:26:16ID: 13233663

I am just curious - do you have your own IP address?  I mean this is the only way they could really be able to see it was targeting your website.  We use Sygate Firewalls on our servers to help protect our clients from attacks.  The hosting company should actually have some type of a firewall in place to protect themselves and their clients.  

Personally - I would move. We get a few attacks daily but the firewall blocks it.  Dependind on the originating IP address, I will send them the report and sometimes even call them.  it sounds like it was random & this happens all the time.  

Be thankful you are not in the merchant account processing where they actually get phone calls from the hackers stating they will do a DDOS attack if they do not pay $10,000.  This money is paid & then next week, another call comes in.  This is where you definitely want hardware & a great piece is about $40,000 - but it really does the job.

-Corey

 

by: DavidBirch2dotComPosted on 2005-02-07 at 08:33:32ID: 13245954

>This is where you definitely want hardware & a great piece is about $40,000 - but it really does the job.

$40,000 for hardware ? phew! big boys toys ! must be fun working in such an environment :)

 

by: pbguyPosted on 2005-02-09 at 22:54:40ID: 13272874

My 2 cents

I'm using Visnetic Firewall software on my server

http://www.visnetic.com

It's only about $200 and it has some "neat" advanced features. It has rules-based protection so you have more control.   Of course you can ban IPs, it also has a "tarpit" tarpit that accepts connections but never replies and ignores disconnect requests thus slowing down attacks.  Also has port scan detection.

Really been happy with it, but to be honest I've never been up against a DDoS (and I don't ever want to try my luck either...)

The problem is, if they get to your firewall they're already sucking up your bandwidth.  My understanding is the real way to address it is at the routers .. which makes it your providers problem (and you're likely not a big enough customer for them to bother without paying big bucks...) and then the problem just gets passed up the line.

I will say the guys over at Visnetic seem very knowledgable and may have some additional ideas for ya (I'm not afiliated, just a happy customer.)  Heck, $200 is much more palitable than $40K to start at least...

Honestly don't feel worthy posting on this topic under hum and the other real experts on the topic but ya never know when you might hit on something helpful.  Good luck and I'll be interested in your resolution!

 

by: DavidBirch2dotComPosted on 2005-03-06 at 12:18:06ID: 13471683

humeniuk > why does your Registration date show up as 01/12/2004, u have  been on here longer surely

 

by: humeniukPosted on 2005-03-06 at 12:33:06ID: 13471770

mmm, nope - joined in Jan 2004 to ask a few question, started answering around June 2004.

 

by: DavidBirch2dotComPosted on 2005-03-06 at 12:34:56ID: 13471784

doh! mm/dd/yyyy- why on earth is the date that way round :()

 

by: humeniukPosted on 2005-03-06 at 12:43:02ID: 13471809

I prefer dd/mm/yy, too, but the different formats are used in the US & UK (I'm in Canada).

 

by: humeniukPosted on 2005-03-09 at 15:45:57ID: 13501682

pbguy,

Just noticed this - "Honestly don't feel worthy posting on this topic under hum and the other real experts on the topic but ya never know when you might hit on something helpful."  Kind words, thank you - I feel the same way when coreybryant & periwinkle & others post :)  All any of us has to offer is our experience and our opinions.  Don't hesitate to post if you feel you have something to offer.

 

by: humeniukPosted on 2005-03-10 at 11:44:27ID: 13509808

Sorry folks.  I made a mistake above, the recommendation has been updated as follows:

  Split: humeniuk {13229801} & coreybryant {13233663} & pbguy {13272874}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Humeniuk
EE Cleanup Volunteer

 

by: pbguyPosted on 2005-03-10 at 14:11:52ID: 13511508

Hey humen, was just about to post that you forgot yerself in the split!  

p.s. thanks for the kind words, nice to know I'm not the only one who feels that way sometimes.  EE has always been a very welcoming place to share (and obtain) knowledge, it's why I contribute and try to help as much as I can when I have time to play.   Great job moderators and experts!  

 See ya around humen!

 

by: humeniukPosted on 2005-03-10 at 14:12:49ID: 13511523

You too, pbguy.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...