DDoS , DDoS , and DDoS , provider recommendation with good anti ddos protection for ports 80 and 443
Hello, in the last week, someone targets us with a ddos attack, generally, in the iHostART.Com website and some virtualization nodes, we want to move our website to a provider with anti-ddos protection, some recommendations? I want someone who has own servers and is quite old in the hosting market, not a simple reseller of Webhosting
Specifications:
1 core
25-30 GB SSD NVME
1 dedicated IPv4 & 1 Dedicated IPv6
2 GB RAM
good anti DDoS protection for 80 and 443 port
Budget approx 5-6 euros/month
Regards,
Calin
Comments
putting cloudflare/ddos-guard aside, what about using haproxy? although I can't explain it in detail since i never professionally set it up
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
It, we want the same IP as the website to keep webmail, do you think it would work like this? Cloudflare and ddos-guard are useless at the moment
Regards,
Calin
it would work by defining both main website and the webmail in haproxy ACL, but i'm not sure how effective the rate limiting is when you only use one site resource. let's just wait for the expert in haproxy chime in cmiiw
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
Amazon Cloudfront?
https://purplehost.com.br - Reliable, secure and affordable game hosting.
https://php-friends.de/ddos-protection
It only covers L3/L4 and the attack Calin suffers from is Layer 7 and probably involves the application level.
Unfortunately, in this price range, it won't do much.
Cloudfront is the only decent thing about a big provider - which can handle the attack on their data centers, forget about the small ones. Or just continue on CloudFlare trying to partially mitigate.
https://purplehost.com.br - Reliable, secure and affordable game hosting.
Do a reverse proxy with buyvm + path ddos protection.
For your billing portal, you should change NS to Cloudflare first, then change the origin IP.
If you are suffering from attack then it means your IP already exposed to the attacker, even use CDN it's useless.
Otherwise, attacker already knows your own IP range, if you put portal on the same IP block with clients, the same result.
What about client IPs, have you considered IP transfer to Voxility?
@Calin
I wanted to check out your services and i've been wondering why your website is down, this explains it.
Firewall your server, so http and https can only be accessed via cloudflare IPs:
https://www.cloudflare.com/ips/
https://www.cloudflare.com/ips-v4
Someone probably knows your server IP and targets it directly, thus bypassing Cloudflare.
Then within Cloudflare, add more strict user browser validation, like javascript or even captcha (probably captcha won't be necessary) or similar.
PS: Best way to firewall it would be on the provider level. So no unsolicited traffic comes to your server, at all. This would stop volumetric attacks, and the previous step stops layer 7 attacks.
PPS: Via the firewall, allow your own ip for the whole server, so you can connect to ssh etc.
They will just flood his upstream
Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
Upstream providers can handle a lot more traffic.
PS: Plus i suspect this is just a layer 7 attack and he is running some potatoe web server configured as a watermelon, on a half cpu budget.
You are more then likely correct on the potatoe but his upstream can't handle what they are capable of doing. His real problem is the leaked IPS they need a changing and put behind behind some mitigation services. X4B used to be really good I have no clue about them now.
Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
fastpipe.io
Amadex • Hosting Forums • Wie ist meine IP-Adresse? • AS215325
Forum for System Administrators: sysadminforum.com
It, yes it's true quite a lot of people know the IP of the website, besides that the attack is on several IPs from our virtualization node, I try to move the website to another VPS hosted elsewhere just to mitigate the attack, from what I notice most of his resources are redirected to our site,so clearly someone who wants to keep our website offline and after that change all IPs from panels It's a pretty weird attack, it's more about blocking all ports
you must also use mail relay otherwise your new IP will be leaked
https://blazingfast.io/ddos
Want a bet that if he does what i told him he'll get the problem fixed?
His speed test server was running fine, his upstream is not saturated.
Not saying it was or wasn't I don't have the info but if someone wants to get him they will. You can count on that fact. If he has pissed someone off enough, or they are just psycho, they will find a way.
Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
he is low hanging fruit, his life will be better once he covers the basics
But he is looking for one button magic solution.
Looks like the ihostart node with my VPS started getting targeted on the 19th and was hammered on the 20th but has steadily been taking hits off and on. I agree with the recommendation to at least start with Cloudflare for web and you could use free mail routing to manage inbound messages for your domain to gmail or get something else for mail relay. Cloudflare has a mail relay solution since they bought Area 1 but I hear it's expensive.
Any "hidden" VPS + reverse proxy(like qbine, gcore, ddos-guard - should work with no configuration required or cloudflare where quite a bit of configuration is required to make the site resilient) and some server for mailing(also make sure it anonymizes email headers, the sending address can be there - mxroute anonymizes it by default).
Make sure to configure your Firewall(or webserver) properly so the site is not exposed on clearnet(only to reverse proxy nodes) and scraped by Shodan/Censys - that's how people "deanonymize" services.
Handy script for UFW and Cloudflare - https://github.com/Paul-Reed/cloudflare-ufw/ (pretty much all reverse-proxy providers give you a list of their IP's, so if you want to use this script for some other provider- just replace the IP's in it).
cloudflare + mxroute(reseller) for outbound/incoming(POP3).
Will be about $1 per month(yes, u can get mxroute that cheaply).
https://onepoundemail.co.uk/
And as long as you host a hidden outgoing mail server on the same node, people are going to find out your hidden IP by the outgoing mail headers.
This belongs in Requests category. @FrankZ
Accepting submissions for IPv6 less than /64 Hall of Incompetence.
I hear Timantticolo has strong protection.
They are in Finland, so it's also DMCA ignored.
Accepting submissions for IPv6 less than /64 Hall of Incompetence.
Good point - if bad actors subscribe, they'll have the headers they need.
Hello , @pointgod yes that it s cause why I m search a VPS with good anti ddos , and no simple CDN / proxy
Regards,
Calin