Acceptable DDoS Time
Mar 15, 2008
I periodically experience DDoS Attacks. I wanted to get some input on what you consider an acceptable amount of time before they stop?
I am hosted with The Planet which has some kind of DoS protection, and I've got APF / BFD installed which also prevents some. Usually it'll last 10/20 minutes and be ok again. Is this within the "acceptable" time frame, or would a Hardware Firewall do much better?
The Planet has: Check Point VPN-1 UTM Edge OR Cisco ASA 5510 SP / 5520 / 5550
Basically I don't want to get a Hardware Firewall if it's not going to do any better. But I don't not want to get one if I could be providing better services to my website users.
View 14 Replies
ADVERTISEMENT
Jun 3, 2008
So we have a single Layered Tech box hitting our server with around 90 MBit/s for almost 12 hours straight now, resulting in over 400 GB excess traffic so far. An abuse report was sent about 4 hours ago (Ticket-ID: XZP-97559-339) with evidence included, but so far there was 0 reaction besides the auto-reply.
A phone call to the number listed on their website resulted only in a message that there is no one available at extension XYZ. I didn't try repeat calls since playing international phone tag is not quite my idea of fun.
I realise that it was/still is early in the morning at their location, but nonetheless, I'd expect a company their size to respond a lot faster to reports such as this.
View 14 Replies
View Related
Oct 15, 2007
For a Web Host What Do you consider an acceptable uptime level?
View 23 Replies
View Related
Feb 24, 2007
It is probably acceptable for a site on shared hosting to have some downtime. However, how much is acceptable?
According to Pingdom one of my sites had a total downtime of 14 hrs for Feb. One time it was reportedly down for 4 hrs.
I had set it up to ping every 15 mts. Are these results trustworthy? And if it is should I move my host? Or at least tell them to move my site to another server?
The reason I ask is because I was wondering if this was the norm for shared hosting.
View 24 Replies
View Related
Oct 2, 2009
My wife has grown tired of my concerns about the content on her site so she wants to move off of my MediaTemple Grid Service. She has also expressed concern over the speed (or lack there of) in my MediaTemple account. I myself plan to move over to A Small Orange either when I am finished with the year I paid for on MediaTemple or if the lack of speed becomes unbearable. But I digress.
She found a free web host with no ads (yeah, I know what you are thinking but hear me out) and she asked me to move her site. In all my 11 years of doing website stuff, I have never had a host that behaved nearly as bad as this one. This web host kept kicking me off of FTP so I had to upload each plugin manually instead of uploading the whole package.
Shaun Inman's Mint is also acting up on her webhost. My theory is that it does not play well with multiple database connections and that all Mint is doing is just showing that half of the attempted MySQL connections are being dropped by this host due to internal settings.
Now, my question to you is if you know of any good webhosts that allow adult content to be hosted? I remember only one but it closed down (Unrestricted.net) I do not know whether or not the parent company (BurstNet) allows adult content anymore. Your help would be greatly appreciated.
View 10 Replies
View Related
Feb 6, 2007
When we do traceroute between 100 -130 ms delay between hop is acceptable? What is the maximum value can be acceptable?
View 2 Replies
View Related
Oct 23, 2007
We run our company website on a VPS.
Now we do notice, that quite frequently, the connection times out or the server responds slowly. A friend of mine said the VPS could be the issue of this.
I ran a ping test today for several hours, sending one ping with 16 bytes with a timeout set to 3 seconds.
From 18000 pings sent (5 hours), 120 failed. Which comes to one failure in 150 pings, or one failure every 2.5 minutes.
Is this still an acceptable failure rate or do I have reason to contact our VPS provider? According to our own usage statictics, we are not using much of the server's capacities.
View 2 Replies
View Related
Nov 11, 2008
This is a rare issue i have on a RHEL 5.2 + cPanel server.
Server time is:
Tue Nov 11 17:02:51 CST 2008
Squirrelmail time show:
Code:
Last Refresh:
Tue, 5:02 pm
So, that is correct too..
But email arrives with -4 hours time, example:
webmaster@xxx.com 1:03 pm testing email
I already rebooted httpd, exim, and imap server, and the server itself too.. and problem stills.
View 11 Replies
View Related
Nov 7, 2008
it's come under my attention that dragonara.net has been ddosing me today since morning from the ip:
194.8.75.229
What's so ironic about it is that the ip is from a UK DDOS protection site so i'm expecting some email with their services in the next hour or so. Stay clear of them they are fakes and e-terrorists.
View 14 Replies
View Related
Jan 6, 2008
I got report from webceo that I have some issues. May someone help me fix this?
DNS Lookup: 0.22 sec
Connect time: 0.33 sec
Host ping: 0.10 sec
That mean too slow with the other sites!
View 4 Replies
View Related
Sep 25, 2008
I can't get access to a certain site. I always get the page with:
network time out - server at *** takes to long to respons. More people have noticed this and apparently it only happens to people with certain specific providers. And not all the time. Some times they DO get access eventy to they belong to the same ISP. So I guess an ISP isn't blocking access to it otherwise it would be permenantly/The site administrator insists that certain ISP's are blocking his site. He's hosting it on his own server. The domain belongs is registered at namecheap.com.
If an ISP is blocking this site (if that's possible?), that would lead to that 'network timeout' page wouldn't it?
What is the most likely reason for getting a timeout page anyway?
View 7 Replies
View Related
Aug 9, 2007
I have a dedicated server specs: AMD 3500+ 64 Bit CPU, 1 GB Ram, 160 GB Sata Drive. For 1 month, CPU load average reaches 40-50 value. This happens about 5-6 times in a day. When I stop httpd service for 30 seconds everything goes normal. I think this is not a DoS attack because it comes systematic, I dont believe no one makes this regularly except bots.
Maybe its a system service or a cronjob but it stops when I turn off httpd service?
How can I be sure about what's making this regularly load?
I also did set up a script which mail me when load average of system goes crazy and restart httpd service. But instant restart is not working to stop load increase.
View 12 Replies
View Related
Feb 6, 2013
The server is going down from time to time, every 12 days or so the site hosted there is no longer accesible, everything starts with the site slowing don and down and then is not longer reachable, what we do is to request a power cycle, and with this we start all over again till next power cycle, so on so on, of course, here are my server details and more info on this:
- MySQL - 5.1.41-3ubuntu12.10
- Apache - 2.2.14-5ubuntu8.4
- PHP - 5.3.2-1ubuntu4.9
- operating system: Ubuntu Server 10.04 LTS
After some time emailing the support guys to barely check about what's going on, we received an email with a few things:
1.- found a few errors that likely would cause issues with Apache. The first error is:
[Mon Feb 04 05:03:10 2013] [error] mod_fcgid: fcgid process manager died, restarting the server and the next error is:
[Mon Feb 04 14:32:34 2013] [error] server reached MaxClients setting, consider raising the MaxClients setting ...
Both these errors seem to indicate that you have a process that is running out of control on your server. We were unable to determine what script on your site is running caused your connections to be maxed out however it does appear that before these errors were generated there was a WordPress plugin referenced in your access logs...
2.- Additionally during our review we did find that your error log for mercadodedinerousa.com is 45 GB's which is excessively large and can cause problems when Apache is trying to write a such a large file.
3.- The majority of the errors being logged are:
[Wed Feb 06 12:12:31 2013] [error] [client 200.76.90.5] Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /var/www/vhosts/mercadodedinerousa.com/httpdocs/index.pl, referer: [URL]
View 6 Replies
View Related
Oct 8, 2009
I am looking for some good ddos protection providers, via protected dns. I've searched on internet, but most of them are really expensive.
Please tell me some ddos protection providers what could help me.(gige is too expensive btw).
And I found some ddos protection scripts. How can a script protected a server from ddos? A sript like CSF or DDoS deflate?
View 12 Replies
View Related
Apr 9, 2009
I've been getting VERY high packet loss to my VPS for around 10-15 minute periods over the past month or so (No patterns or specific times, totally random when it occurs) with my provider's Parallels Business Automation control panel reporting "Server is down" along with the VZCP on the node being inaccessible. I opened a ticket with my provider and they told me that they experienced a DDoS attack on the node my VPS was hosted on.
However, I get the feeling that they are giving me some crap to stop my pestering them about the packet loss all the time (I mainly use my VPS for providing VoIP services which use UDP so the packet loss is devastating).
Anyone got any views on this?
Also they keep offering to move me to a diffrent node but they say they can only do that by giving me a new IP address and I would have to backup all the data and restore it manually, myself. Any views on this as well?
View 5 Replies
View Related
Jun 6, 2009
I'm experiencing a significant UDP DDoS at the moment which is aimed at port 80 on my server, it's currently crippling Apache, but only on port 80, https (443) is fine. I've told iptables it drop UDP packets sent to port 80 and have also completely blocked most of the attacking IPs, this has helped, but the webserver is still periodically unresponsive.
View 11 Replies
View Related
Jun 9, 2008
We are getting ddosed badly.. Last night httpd reached max clients and httpd wasnt able to start up.
View 3 Replies
View Related
Feb 4, 2008
we had a bad ddos to on of the sites we were hosting, the ip of the ddos was blocked in apf and iptables, but for some reason it still got through we had to have it blocked in the router, we installed CSF into our server hoping for a better firewall does anybody know why apf could not hold back the ip im open to suggestions,
View 2 Replies
View Related
Dec 9, 2008
I have got pretty big problems with my VPS, some of my sites getting DDoS'd a log. I have no idea why and who DDoSing them
I have csf, apf and DDoS Delfate installed but it seems they can't take those attacks down. I know for mod_evasive but it works only on small attacks, I getting pretty strong attacks
I need some way to configure csf better, what I need to edit in /etc/csf.conf to block IPs if the same IP trying to connect to server more that 10 times. I need everything what I could edit for csf to block IPs faster
About DDoS Deflate, he is configured to works with apf, can I configure it to works with csf and how? How to configure DDoS Deflate better, to block IPs faster
Also, another problem with csf is that when I restart csf(service csf restart) he unblock all blocked IPs and I have to block them again
How to see blocked IPs by iptables?
I running lighttpd at the moment but I thinking to change it with Litespeed(free edition), what do you think about it?
I hope I will get some help here. Aslo,would be interesting to hear how do you guys protecting your servers from DDoS(if you getting DDoSed
View 10 Replies
View Related
May 27, 2007
we have a 100mbut connection and with a normal traffic we use about 40-50mbit but from friday seem that we are under attack this is the stats from the fastethernet
inbound 20427 ucast pkts/s
outbound 5547.5 ucast pkts/s
inbound 85793.9 Kbit/s
outbound 8211.98 Kbit/s
we have reach also for 4 hours 100mbit and all the server was offline, we have contact the datacenter and they say that not is a ddos attack because the traffic come fom our server and not from outside the net, so look as we have a hacked server that is making all this traffic, how can w found the problem? we have about 130 server on this connection
View 2 Replies
View Related
Aug 18, 2007
If you were under a DDos attack, what commands would you execute to confirm this?
Is it normal for high traffic sites with 3,000 concurrent apache connections from running this command?
netstat -n | grep :80 |wc -l
View 13 Replies
View Related
Dec 28, 2007
what would happen if you changed the server IP to 127.0.0.1?
View 4 Replies
View Related
May 29, 2009
My server is using too many httpd process..I think iam under DDOs attack..I executed the following command..
netstat -an | grep :80 | sort
and the result is this
tcp 0 1491 ::ffff:95.211.10.169:80 ::ffff:213.215.100.110:2263 LAST_ACK
tcp 0 1493 ::ffff:95.211.10.169:80 ::ffff:85.207.126.231:52694 LAST_ACK
tcp ....
View 14 Replies
View Related
May 29, 2008
The DC installed Squid. It manages the load fine but the php code on my page is cached and doesn't work.
Is there a way to get squid to not cache php? in that httpd can directly call php while squid does everything else?
View 1 Replies
View Related
Apr 16, 2009
Hey guys If there was a way to have the ips of the dedi change constantly would this help prevent ddos attacks or would there be no difference if the domain was being attacked.
View 2 Replies
View Related
Nov 6, 2007
OK well today I found out my server was being DDOS'ed
And I know which domain is being attacked with hundreds of IP's. I am running Cpanel / WHM but I have no idea how I can stop this?
Any ideas or suggestions? Maybe redirect the DNS? to a invalid ip? But I'm not sure how i can go about doing that?
View 9 Replies
View Related
Sep 16, 2007
I have a problem with a customer. For the last 48 hours he has been receiving a massive DDoS at his server. I tried blocking the darn IPs but they keep coming and with several hundreds of connections each:
104 78.157.168.98
125 83.226.157.91
126 89.103.109.65
131 89.12.150.23
135 84.251.196.78
135 86.122.0.135
135 91.127.235.86
154 84.24.14.41
160 193.216.140.101
331 89.151.8.78
419 78.0.103.64
Apache has over 14000 connections. I tried using mod_evasive but didn't do anything and the server has been out without httpd for hours now. Any advices? This is a Hsphere server (I hate it personally) with 4GB RAM and a dual optero 246. I have the mexclients setting at 550.
View 14 Replies
View Related
Aug 4, 2009
I have a windows server, and today it has a large inbound traffic, so I tried to disable all web service, and after that, the result of netstat -an shows no connection at all, but the server still has large inbound traffic,
Do you have any idea about this?
What should I do now?
View 8 Replies
View Related
Mar 19, 2008
Our server is in attack since 4 days. Http port busy all the time.
When I type :
netstat -na | grep ":80" | awk '{print $5}' | cut -d. -f1-4 | cut -d: -f1 | sort -n| uniq -c | sort -n | tail -5
It shows :
[root@ ~]# netstat -na | grep ":80" | awk '{print $5}' | cut -d. -f1-4 | cut
-d: -f1 | sort -n| uniq -c | sort -n | tail -5
2 65.19.130.24
2 83.149.120.9
4 204.15.73.243
35 222.254.103.142
5128
[root@ ~]#
I wonder the hidden IP of 5128 ??? How to know it?
View 8 Replies
View Related
Jul 28, 2009
A user joined our live chat and said if we didn't cancel a domain on our server, he will send us a DDOS attack, and he did so and also did this morning.
Is there anything I can do to prevent this or possibly punish him?
View 12 Replies
View Related
