DDoS , DDoS , and DDoS , provider recommendation with good anti ddos protection for ports 80 and 443

Hello, in the last week, someone targets us with a ddos attack, generally, in the iHostART.Com website and some virtualization nodes, we want to move our website to a provider with anti-ddos protection, some recommendations? I want someone who has own servers and is quite old in the hosting market, not a simple reseller of Webhosting

Specifications:

1 core
25-30 GB SSD NVME
1 dedicated IPv4 & 1 Dedicated IPv6
2 GB RAM
good anti DDoS protection for 80 and 443 port

Budget approx 5-6 euros/month

Regards,
Calin

Comments

  • putting cloudflare/ddos-guard aside, what about using haproxy? although I can't explain it in detail since i never professionally set it up

    Fuck this 24/7 internet spew of trivia and celebrity bullshit.

  • It, we want the same IP as the website to keep webmail, do you think it would work like this? Cloudflare and ddos-guard are useless at the moment

    Regards,
    Calin

  • @Calin said:
    It, we want the same IP as the website to keep webmail, do you think it would work like this? Cloudflare and ddos-guard are useless at the moment

    Regards,
    Calin

    it would work by defining both main website and the webmail in haproxy ACL, but i'm not sure how effective the rate limiting is when you only use one site resource. let's just wait for the expert in haproxy chime in cmiiw

    Fuck this 24/7 internet spew of trivia and celebrity bullshit.

  • nullroutenullroute Hosting Provider

    Amazon Cloudfront?

    https://purplehost.com.br - Reliable, secure and affordable game hosting.

  • nullroutenullroute Hosting Provider

    It only covers L3/L4 and the attack Calin suffers from is Layer 7 and probably involves the application level.

    Unfortunately, in this price range, it won't do much.

    Cloudfront is the only decent thing about a big provider - which can handle the attack on their data centers, forget about the small ones. Or just continue on CloudFlare trying to partially mitigate.

    https://purplehost.com.br - Reliable, secure and affordable game hosting.

  • Do a reverse proxy with buyvm + path ddos protection.

    Thanked by (1)Ympker
  • cccccc
    edited January 2023

    For your billing portal, you should change NS to Cloudflare first, then change the origin IP.
    If you are suffering from attack then it means your IP already exposed to the attacker, even use CDN it's useless.
    Otherwise, attacker already knows your own IP range, if you put portal on the same IP block with clients, the same result.
    What about client IPs, have you considered IP transfer to Voxility?

    Thanked by (1)AuroraZero
  • edited January 2023

    @Calin
    I wanted to check out your services and i've been wondering why your website is down, this explains it.

    Firewall your server, so http and https can only be accessed via cloudflare IPs:
    https://www.cloudflare.com/ips/
    https://www.cloudflare.com/ips-v4
    Someone probably knows your server IP and targets it directly, thus bypassing Cloudflare.
    Then within Cloudflare, add more strict user browser validation, like javascript or even captcha (probably captcha won't be necessary) or similar.

    PS: Best way to firewall it would be on the provider level. So no unsolicited traffic comes to your server, at all. This would stop volumetric attacks, and the previous step stops layer 7 attacks.

    PPS: Via the firewall, allow your own ip for the whole server, so you can connect to ssh etc.

  • AuroraZeroAuroraZero ModeratorHosting Provider

    @Janevski said:
    @Calin
    I wanted to check out your services and i've been wondering why your website is down, this explains it.

    Firewall your server, so http and https can only be accessed via cloudflare IPs:
    https://www.cloudflare.com/ips/
    https://www.cloudflare.com/ips-v4
    Someone probably knows your server IP and targets it directly, thus bypassing Cloudflare.
    Then within Cloudflare, add more strict user browser validation, like javascript or even captcha (probably captcha won't be necessary) or similar.

    PS: Best way to firewall it would be on the provider level. So no unsolicited traffic comes to your server, at all. This would stop volumetric attacks, and the previous step stops layer 7 attacks.

    PPS: Via the firewall, allow your own ip for the whole server, so you can connect to ssh etc.

    They will just flood his upstream

    Thanked by (1)Calin

    Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?

  • edited January 2023

    @AuroraZero said:

    @Janevski said:
    @Calin
    I wanted to check out your services and i've been wondering why your website is down, this explains it.

    Firewall your server, so http and https can only be accessed via cloudflare IPs:
    https://www.cloudflare.com/ips/
    https://www.cloudflare.com/ips-v4
    Someone probably knows your server IP and targets it directly, thus bypassing Cloudflare.
    Then within Cloudflare, add more strict user browser validation, like javascript or even captcha (probably captcha won't be necessary) or similar.

    PS: Best way to firewall it would be on the provider level. So no unsolicited traffic comes to your server, at all. This would stop volumetric attacks, and the previous step stops layer 7 attacks.

    PPS: Via the firewall, allow your own ip for the whole server, so you can connect to ssh etc.

    They will just flood his upstream

    Upstream providers can handle a lot more traffic.

    PS: Plus i suspect this is just a layer 7 attack and he is running some potatoe web server configured as a watermelon, on a half cpu budget.

  • AuroraZeroAuroraZero ModeratorHosting Provider

    @Janevski said:

    @AuroraZero said:

    @Janevski said:
    @Calin
    I wanted to check out your services and i've been wondering why your website is down, this explains it.

    Firewall your server, so http and https can only be accessed via cloudflare IPs:
    https://www.cloudflare.com/ips/
    https://www.cloudflare.com/ips-v4
    Someone probably knows your server IP and targets it directly, thus bypassing Cloudflare.
    Then within Cloudflare, add more strict user browser validation, like javascript or even captcha (probably captcha won't be necessary) or similar.

    PS: Best way to firewall it would be on the provider level. So no unsolicited traffic comes to your server, at all. This would stop volumetric attacks, and the previous step stops layer 7 attacks.

    PPS: Via the firewall, allow your own ip for the whole server, so you can connect to ssh etc.

    They will just flood his upstream

    Upstream providers can handle a lot more traffic.

    PS: Plus i suspect this is just a layer 7 attack and he is running some potatoe web server configured as a watermelon, on a half cpu budget.

    You are more then likely correct on the potatoe but his upstream can't handle what they are capable of doing. His real problem is the leaked IPS they need a changing and put behind behind some mitigation services. X4B used to be really good I have no clue about them now.

    Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?

  • AmadexAmadex Hosting Provider

    fastpipe.io

    AmadexHosting ForumsWie ist meine IP-Adresse?AS215325
    Forum for System Administrators: sysadminforum.com

  • edited January 2023

    It, yes it's true quite a lot of people know the IP of the website, besides that the attack is on several IPs from our virtualization node, I try to move the website to another VPS hosted elsewhere just to mitigate the attack, from what I notice most of his resources are redirected to our site,so clearly someone who wants to keep our website offline and after that change all IPs from panels It's a pretty weird attack, it's more about blocking all ports

  • @Calin said: It, yes it's true quite a lot of people know the IP of the website, besides that the attack is on several IPs from our virtualization node, I try to move the website to another VPS hosted elsewhere just to mitigate the attack

    you must also use mail relay otherwise your new IP will be leaked

  • @AuroraZero said:

    @Janevski said:

    @AuroraZero said:

    @Janevski said:
    @Calin
    I wanted to check out your services and i've been wondering why your website is down, this explains it.

    Firewall your server, so http and https can only be accessed via cloudflare IPs:
    https://www.cloudflare.com/ips/
    https://www.cloudflare.com/ips-v4
    Someone probably knows your server IP and targets it directly, thus bypassing Cloudflare.
    Then within Cloudflare, add more strict user browser validation, like javascript or even captcha (probably captcha won't be necessary) or similar.

    PS: Best way to firewall it would be on the provider level. So no unsolicited traffic comes to your server, at all. This would stop volumetric attacks, and the previous step stops layer 7 attacks.

    PPS: Via the firewall, allow your own ip for the whole server, so you can connect to ssh etc.

    They will just flood his upstream

    Upstream providers can handle a lot more traffic.

    PS: Plus i suspect this is just a layer 7 attack and he is running some potatoe web server configured as a watermelon, on a half cpu budget.

    You are more then likely correct on the potatoe but his upstream can't handle what they are capable of doing. His real problem is the leaked IPS they need a changing and put behind behind some mitigation services. X4B used to be really good I have no clue about them now.

    Want a bet that if he does what i told him he'll get the problem fixed?
    His speed test server was running fine, his upstream is not saturated.

  • AuroraZeroAuroraZero ModeratorHosting Provider

    @Janevski said:

    @AuroraZero said:

    @Janevski said:

    @AuroraZero said:

    @Janevski said:
    @Calin
    I wanted to check out your services and i've been wondering why your website is down, this explains it.

    Firewall your server, so http and https can only be accessed via cloudflare IPs:
    https://www.cloudflare.com/ips/
    https://www.cloudflare.com/ips-v4
    Someone probably knows your server IP and targets it directly, thus bypassing Cloudflare.
    Then within Cloudflare, add more strict user browser validation, like javascript or even captcha (probably captcha won't be necessary) or similar.

    PS: Best way to firewall it would be on the provider level. So no unsolicited traffic comes to your server, at all. This would stop volumetric attacks, and the previous step stops layer 7 attacks.

    PPS: Via the firewall, allow your own ip for the whole server, so you can connect to ssh etc.

    They will just flood his upstream

    Upstream providers can handle a lot more traffic.

    PS: Plus i suspect this is just a layer 7 attack and he is running some potatoe web server configured as a watermelon, on a half cpu budget.

    You are more then likely correct on the potatoe but his upstream can't handle what they are capable of doing. His real problem is the leaked IPS they need a changing and put behind behind some mitigation services. X4B used to be really good I have no clue about them now.

    Want a bet that if he does what i told him he'll get the problem fixed?
    His speed test server was running fine, his upstream is not saturated.

    Not saying it was or wasn't I don't have the info but if someone wants to get him they will. You can count on that fact. If he has pissed someone off enough, or they are just psycho, they will find a way.

    Thanked by (1)Janevski

    Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?

  • he is low hanging fruit, his life will be better once he covers the basics

    Thanked by (1)Janevski
  • @jugganuts said:
    he is low hanging fruit, his life will be better once he covers the basics

    But he is looking for one button magic solution.

  • Looks like the ihostart node with my VPS started getting targeted on the 19th and was hammered on the 20th but has steadily been taking hits off and on. I agree with the recommendation to at least start with Cloudflare for web and you could use free mail routing to manage inbound messages for your domain to gmail or get something else for mail relay. Cloudflare has a mail relay solution since they bought Area 1 but I hear it's expensive.

  • edited January 2023

    Any "hidden" VPS + reverse proxy(like qbine, gcore, ddos-guard - should work with no configuration required or cloudflare where quite a bit of configuration is required to make the site resilient) and some server for mailing(also make sure it anonymizes email headers, the sending address can be there - mxroute anonymizes it by default).
    Make sure to configure your Firewall(or webserver) properly so the site is not exposed on clearnet(only to reverse proxy nodes) and scraped by Shodan/Censys - that's how people "deanonymize" services.
    Handy script for UFW and Cloudflare - https://github.com/Paul-Reed/cloudflare-ufw/ (pretty much all reverse-proxy providers give you a list of their IP's, so if you want to use this script for some other provider- just replace the IP's in it).

    @pointgod said:
    Looks like the ihostart node with my VPS started getting targeted on the 19th and was hammered on the 20th but has steadily been taking hits off and on. I agree with the recommendation to at least start with Cloudflare for web and you could use free mail routing to manage inbound messages for your domain to gmail or get something else for mail relay. Cloudflare has a mail relay solution since they bought Area 1 but I hear it's expensive.

    cloudflare + mxroute(reseller) for outbound/incoming(POP3).
    Will be about $1 per month(yes, u can get mxroute that cheaply).
    https://onepoundemail.co.uk/

  • And as long as you host a hidden outgoing mail server on the same node, people are going to find out your hidden IP by the outgoing mail headers.

  • This belongs in Requests category. @FrankZ

    Thanked by (1)Janevski
  • I hear Timantticolo has strong protection.
    They are in Finland, so it's also DMCA ignored.

    Thanked by (1)Janevski
  • @Janevski said:
    And as long as you host a hidden outgoing mail server on the same node, people are going to find out your hidden IP by the outgoing mail headers.

    Good point - if bad actors subscribe, they'll have the headers they need.

  • Hello , @pointgod yes that it s cause why I m search a VPS with good anti ddos , and no simple CDN / proxy

    Regards,
    Calin

    Thanked by (1)pointgod
Sign In or Register to comment.